How does Apple get away with this badware behavior?

As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.

The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users.  I knew Apple was using the tool to ship Safari as a new product download if iTunes/QuickTime (and the updater) was already on the system but it still came as a big surprise to me when I fired up the updater this morning and ran into this:

That's 95 MBs, pre-checked by default, bundled into a security patch and ready to hose my machine.

This is clearly badware behavior and it's shocking to me that Apple gets away with it.  I understand the economics of Apple being aggressive to establish a presence on the Windows ecosystem but this is really unacceptable.

The StopBadware.org guidelines are very clear on what constitutes badware and, to my mind, it's a no-brainer that Apple is being deceptive and irresponsible, even if the bundling is separated under the "new software" tab.

We've spent the last few years recommending -- even demanding -- that software vendors ship Internet-facing products with automatic software updaters because of the importance of keeping products patched but, when those updaters become a business tool, there's a big problem.

Where are the StopBadware guys when you need them?

[poll id=7]