An inside look at Apple's sneaky iTunes 8 upgrade

Update, 12-September, 5:45AM PDT: Apple has issued a revised download for iTunes 8 intended to correct this problem. My analysis is in this follow-up post.

I’m reading lots of complaints about the new iTunes 8 update causing horrific problems on Windows machines, including widespread reports of STOP errors, aka the Blue Screen of Death. My colleague Adrian Kingsley-Hughes has asked readers for reports and Gizmodo has a sketchy post as well. How can this be happening? Assuming that the underlying hardware is working correctly, STOP errors can only be caused by kernel-level drivers or system services. A poorly written program can crash itself but not the entire system. So how can a supposedly simple software update cause a fatal crash?

Maybe because this isn’t a simple software update. Once again, Apple is using its automatic update process to deliver massive amounts of new software to users, including a device driver that has a long and checkered history of causing the Blue Screen Of Death to appear. And it’s delivering this massive payload without even a pretense of proper disclosure and without asking consent from its users.

I was able to reproduce a crash using an iPod and iTunes 8 and fixed it by removing the suspicious driver. I’ve dissected the process and put together a gallery that shows how extensive the infiltration is and where you can find the likely culprit.

To see what software is sneaking along with the upgrade,
see my image gallery: Apple’s sneaky iTunes 8 install

Here’s a blow-by-blow analysis of what happens when you allow Apple Software Update to install iTunes 8:

The first thing you see is a notice from Apple Software Update. It promises an update to iTunes+QuickTime and says nothing about any other software.

Next, you accept a license agreement, which also makes no mention of anything other than iTunes. According to a code at the end of the license agreement, it has not been updated since October 2007.

After you enter your administrator’s credentials in a dialog box, the download and installation proceed automatically. The downloader dialog box notes that the complete install package is nearly 80MB in size, but the size shown in its progress bar changes several times.

Opening the folder where Apple Software Update stores its temporary files reveals what’s really going on. The download consists of five installer packages and a master setup program. In addition to iTunes and QuickTime, the package includes the Bonjour service (which has been a part of iTunes for a long time), plus Apple Mobile Device Support and MobileMe. The latter two packages appeared for the first time, according to Ars Technica and other sources, in the July update to iTunes. And a look inside Control Panel shows that this time around, Apple is giving Windows users an opportunity to uninstall MobileMe, which they didn’t do in the previous update.

When I used an antispyware tool (Sunbelt Software’s VIPRE), it detected that a new Apple program was loading at startup. Although it went by the prosaic name AppleSyncNotifier, its icon reveals that it’s actually MobileMe.

But in addition to all that software, Apple is also sneaking a couple of driver updates onto the system. One is a USB controller update, which is apparently used when connecting an iPod or iPhone to the system. On my system, this driver file was copied to the system but was not installed until I connected an iPod Mini via a USB port. Most of the trouble reports on the Apple forum indicate that this driver is identifying itself in the text that appears on the STOP error page. The only clue that this driver is being installed is in the System Restore dialog box.

In addition to this driver, the system also updates the GEARAspiWDM.sys driver (in Windows\System32\Drivers). I had to dig deep to discover this change, which is not documented anywhere. This driver is typically used with third-party programs that write to CD and DVD drives. The old iTunes versions of this driver is dated January 29, 2008. The new one is from April 17, 2008. This driver has a long and colorful history of causing Windows crashes. [Update 17-Sep: After looking deeper, I can confirm that Apple's driver is the culprit and that Gear's driver is unrelated to these crashes. In fact, Gear's signed driver might even be an innocent bystander in a separate iTunes support issue. See my follow-up post "Apple, not Gear, deserves the blame for iTunes crashes" for details.] I remember dealing with it back in Windows 2000 days. And sure enough, a search for GEARAspiWDM.sys BSOD turns up thousands of hits. I’ve also found anecdotal reports of this driver causing iTunes to crash, including this one from the Gear Software forum last May. The image below shows the Previous Versions dialog box, which I used to determine that the file had been updated.

When I plugged an iPod Nano into my Windows Vista system for the first time, it offered to install a driver and then asked me to reboot. When I restarted, I plugged in the iPod again and the machine locked up solid. No blue screen, just a black screen that didn’t respond to any input. After a restart, I tried again and got the same result when I attempted to open iTunes.

For the third try, I decided to replace the GEARAspiWDM.sys driver file with its earlier version. I used the Previous Versions feature of Windows Vista Ultimate to find the older version, copied it to my desktop, deleted the newer driver, and then copied the January version to the Drivers folder. This time iTunes opened just fine, displaying the contents of the iPod. (When I simply deleted the driver file, I got an error upon starting iTunes warning me that my installation was incomplete and that I might not be able to burn CDs or DVDs until I completed it.)

I can’t say my tests are conclusive, but my long history with this file suggests that it might well be at the root of the problem for others as well.

An even bigger problem is Apple’s attitude toward its Windows customers. These additional software packages and drivers are being installed with no disclosure and no consent. A pile of software, including the troubled MobileMe service, is also being installed and enabled at startup on Windows machines, even where the user has no MobileMe account and, for that matter, no mobile device.

Apple’s Get a Mac ads love to tweak Microsoft for its frequent crashes. Someone from Apple needs to look in the mirror and realize that they’re the problem in this case.