How does Apple get away with this badware behavior?

Summary:As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users.

As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.

The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users.  I knew Apple was using the tool to ship Safari as a new product download if iTunes/QuickTime (and the updater) was already on the system but it still came as a big surprise to me when I fired up the updater this morning and ran into this:

How does Apple get away with this stuff?

That's 95 MBs, pre-checked by default, bundled into a security patch and ready to hose my machine.

This is clearly badware behavior and it's shocking to me that Apple gets away with it.  I understand the economics of Apple being aggressive to establish a presence on the Windows ecosystem but this is really unacceptable.

The StopBadware.org guidelines are very clear on what constitutes badware and, to my mind, it's a no-brainer that Apple is being deceptive and irresponsible, even if the bundling is separated under the "new software" tab.

We've spent the last few years recommending -- even demanding -- that software vendors ship Internet-facing products with automatic software updaters because of the importance of keeping products patched but, when those updaters become a business tool, there's a big problem.

Where are the StopBadware guys when you need them?

[poll id=7]

Topics: IT Employment, Apple, CXO, Operating Systems, Software, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.