How does Apple get away with this badware behavior?

How does Apple get away with this badware behavior?

Summary: As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users.


As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.

The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users.  I knew Apple was using the tool to ship Safari as a new product download if iTunes/QuickTime (and the updater) was already on the system but it still came as a big surprise to me when I fired up the updater this morning and ran into this:

How does Apple get away with this stuff?

That's 95 MBs, pre-checked by default, bundled into a security patch and ready to hose my machine.

This is clearly badware behavior and it's shocking to me that Apple gets away with it.  I understand the economics of Apple being aggressive to establish a presence on the Windows ecosystem but this is really unacceptable.

The guidelines are very clear on what constitutes badware and, to my mind, it's a no-brainer that Apple is being deceptive and irresponsible, even if the bundling is separated under the "new software" tab.

We've spent the last few years recommending -- even demanding -- that software vendors ship Internet-facing products with automatic software updaters because of the importance of keeping products patched but, when those updaters become a business tool, there's a big problem.

Where are the StopBadware guys when you need them?

[poll id=7]

Topics: IT Employment, Apple, CXO, Operating Systems, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Because Apple users don't demand better

    No company will make [b]any[/b] change unless it benefits their bottom line, ever. I'm not saying that as a bad thing, I'm stating it as fact. I'm also not saying that companies don't have the consumer in mind, in fact, I'm saying that companies [b]absolutely[/b] have the consumer in mind as long as helping the consumer helps their bottom line. [b]If consumers don't threaten to stop buying products from the company, the company will not change.[/b]

    Apple has its consumers in mind with everything it does. Apple would be a better corporate citizen if its consumers demanded it but they don't. So does Apple get away with this because it is different than any other company? Of course not, Apple is just like every other company. It is Apple consumers who are different and it is Apple's fiduciary duty to only react to consumer complaints that could affect its bottom line (and ignore all other complaints).

    So to answer the question: Apple gets away with this badware behavior because Apple consumers simply don't demand better.
    • Sadly, you're right...

      There's nothing wrong with anything you said. Nothing. And that's sad.

      Ryan Naraine
      • Badware

        I believe this is a instance of badware. Opt in should be
        the default behavior for these kinds of installs. Apple did
        the wrong thing in this case and they should be held

        What I'm not clear on, is how this is an indictment of Apple
        users? Isn't this issue specific to the PC? Are Apple's users
        responsible for a platform they don't use?
        Harry Bardal
        • Apple users

          If you're on a PC running Windows and using QuickTime or iTunes or Safari, you're an Apple customer.

          Ryan Naraine
          • And apparently

            to your immense annoyance, most Apple customers think this is a
          • re: non-issue

            [i]most Apple customers think this is a

            I would venture a guess that quite a few had no idea what happened.
          • Correct

            Immense annoyance is putting it mildly. As an Apple customer (on Mac OS X and Windows), their badware behavior is a big issue to me.

            Ryan Naraine
          • Apple Customers

            So let me get this straight. A PC user who is otherwise vigilant around security issues by virtue of having
            purchased a PC, is lax at exactly the point at which they
            are an Apple user/customer?

            Are you presuming to describe the fabled reality distortion
            field, or is this a simple case in which a larger measure of
            trust is afforded Apple based on that user's record with
            Apple products?

            Bear in mind I still disagree with what they did. I just need
            clarification. Do you endorse the characterization of an
            iTunes user as an Apple user for purposes of this thread?
            Harry Bardal
          • you're not the only one

            That makes two of us who are annoyed with their badware practices, so I don't see why you agree that Apple customers are tolerant of badware. Many of us left the Windows platform because of malware, and most of us really don't like seeing that from Apple, and are perfectly capable of recognizing that behavior on its part. Why do you think Firefox has such a big marketshare on OS X? People are well aware that Safari has security problems is the main reason now.

            I have no problem with you criticizing Apple, but to smear Apple customers as naive fanbois is something that isn't deserved. There are fanbois on every platform; mature computer users on any platform recognize that every platform has its drawbacks and strengths, and recognize that in general, public corporations aren't moral entities unless forced to by law.
            Ed Lin
          • I agree

            Quicktime is also often a requirement to view movie trailers & such.

            IIRC, I updated it the other day & it wanted to install stuff unrelated to security updates.

            I concede the fact it was optional, BUT security updates should NOT include ANYTHING unrelated to the updates main purpose, SECURITY.
          • Depends

            If they already had Quicktime/iTunes installed (It's unclear to me whether Ryan had it on or not, but I think he did not have them installed), then it's no biggie...I'd call it a security update to those apps.

            But what if you didn't? I assume that the Mac ships with both of those apps. if the user went to the trouble of uninstalling them, I think it's inappropriate to assume that I want them.

            I'd say the same thing (and so would you), if MS defaulted Silverlight to download (it's optional, but you ahve to select it).

            PS, I only think the d/l of iTunes/Quicktime should default to yes if they contain security updates. If it's a feature upgrade or non security related bug fix, they should default to opt-out, though it'd be fine to have an option to change the default behaviour.
          • Demanding Better...

            My big question is 'HOW?'.

            How would i use my consumer power to demand better behaviour from apple? As far as i'm aware my only option is to "vote with my feet" and boycott apple products.

            I would love to refuse to use apple software on windows but with the current ipod/itunes lock-in i'm stuck unless ipod support is added to wmp.
            I won't give up my ipod (in NZ the alternatives are limited), and i won't use an alternate third party plug-in, application or OS.

            I guess i [i]choose[/i] to be [i]forced[/i] into supporting apple's software push
          • iPod support

            Is available outside of iTunes. Check out foobar2000. Works great for me on a Windows machine. Much less of a memory hog, too
          • Where's the iPod support

            I checked it out and I don't see any iPod support.

            I'm sick of iTunes. Every single day I start it, iTunes reports my iTunes library is damaged, and creates a new one.

            I'll just bet it was that last update of iTunes :)
          • You said it yourself

            If you don't want to be an Apple customer you would have to
            give up your iPod. Are you seriously telling me that NZ isn't
            swimming in different mp3 and other format music players?
            In the US we have literally hundreds of choices from dozens
            of companies. If you're as fond as you appear of Microsoft
            products are you saying they don't ship Zunes to NZ?
          • I block ALL Apple apps from my systems, at work too

            Apple is pure evil and must be stopped.
            Joop deBruin
          • not pure evil...

            But this behavior is clearly unacceptable. I block Apple's software too [i]except[/i] for their Quicktime .mov and H264 codecs. Safari got onto my wife's machine only because she uses iTunes with her iPod--she had no idea it was installed. I view this type of behavior as stealing or trespassing; they're using your hardware resources without your permission. It's nothing more than a con game.

            I have a similar problem with software that wants to pre-load parts of itself at boot-up so it seems to load a bit faster when you need it. It really doesn't do anything but waste your time and ram if you don't use that software fairly soon after boot-up. Microsoft, Adobe, Apple and a few others are all guilty of this. I run msconfig all the time just to stop these routines after updating software packages from the aforementioned. It keeps my boot-up times much shorter and I only need to wait just a few fractions of a second when I actually need Adobe Reader or Quicktime codecs.

            As for pure evil, that's a bit of hyperbole. Let's not get emotional about this.
          • Pure Evil

            Darn Apple and that stable operating system of theirs...

            I'm not excusing Apple's opt-out style of software updates,
            though. They should not check anything other than the
            security update by default, and make it clear that any other
            software is separate, and totally unrelated.

            As an Apple user, I know that this reflects poorly on Apple. I
            hope that they do change their approach to getting into the
            Windows ecosystem; perhaps they could make a product so
            good that people would download it without being 'tricked.'

            Here's to hoping.
          • I wouldn't call it pure evil

            ,but it is a stupid move on Apple's part. Their not the only software company to do this, but when the user is unaware that their security update is installing other apps they open themselves up to potential headaches. One, the user is ticked off when they find out that they've downloaded software that they don't want. Two, if that software should have any security vulnerability that is exploited then the potential for a backlash from users who were affected by that exploit is great (see Sony's rootkit as an example).
          • Compared to this same subject 3 month ago...

            ... this is a total NON-issue. It's right there in your face
            (see screenshot in article) rather than 'hidden two-or-
            three windows back' as claimed in that previous blog.

            Nearly every corporate web page you go to that asks
            you to sign up for software registration or other
            purpose usually has their
            newsletter/advertising/whatever pre-clicked for opt-
            in, and if you don't select "Opt-out" or manually
            uncheck every item, you are suddenly flooded with
            tons of unwanted email and other materials.

            How is Apple's making that option obvious "evil" in any