Firefox chief fumes over Apple Safari update

Firefox chief fumes over Apple Safari update

Summary: Mozilla's John Lilly has compared Apple's inclusion of Safari as a default add-on installation in the latest iTunes update to the way malware is distributed


Mozilla chief executive John Lilly has hit out at Apple, accusing the company of doing a disservice to Windows users everywhere by including its Safari browser as a default add-on installation in the latest iTunes update, likening the practice to the way malware is distributed.

In a recent blog post, the head of the foundation behind the Firefox browser and Thunderbird email client attacked Apple for including the option to install the browser as a pre-selected default, saying it compromises the security of all users and the entire web.

"Apple has made it incredibly easy — the default, even — for users to install ride-along software that they didn't ask for and maybe didn't want. This is wrong, and borders on malware distribution practices," said Lilly in the post.

"It undermines the trust relationship great companies have with their customers, and that's bad not just for Apple but for the security of the whole web."

"Keeping software up-to-date is hard — hard for consumers to understand what patches are for, how to make sure they're up-to-date. It's also critically, crucially important for the security of end users and for the security of the web at large that people stay current," he said.

While Lilly encouraged Apple's practice of releasing frequent updates, he objected to the option to install Safari coming pre-ticked, saying the "likely behaviour" for users would be to click the option to install both items, thus abusing the implicit trust between software makers and their customers.

"User expectations drive the industry to provide a simpler yet richer computing experience for the customer," said Andrew Walls, security research director at analyst firm Gartner. "This user demand for magical computer experiences has forced vendors to shield the user from technological complexity, which generally forces the vendors to make decisions on the user's behalf."

Read this


Q&A: When more bugs can mean tighter security

Mozilla Europe's president Tristan Nitot explains why having fewer disclosed vulnerabilities doesn't mean Internet Explorer is safer than the open-source web browser

Read more

The Gartner analyst said the move by Apple to provide a semi-automated download of Safari as an add-on to a separate upgrade should be assessed with this in mind, as well as the ongoing context of proprietary-based PC computing.

"To an increasing extent, the PC is viewed as a platform for the delivery of licensed content. The user does not own the operating system, content or applications. As a result of proprietary hardware design, the user is even restricted in the extent that they 'own' the hardware," said Walls.

"It is not reasonable to expect vendors to regard a PC as a private space into which they may not venture," Walls added.

Lilly, however, said he believes Apple is affecting the way users see technology companies. "It's wrong because it undermines the trust that we're all trying to build with users; because it means that an update isn't just an update but is maybe something more; because it ultimately undermines the safety of users on the web by eroding that relationship. It's a bad practice and should stop," he wrote.

Topic: Cloud

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sneeky Apple

    Safari uptake on PC was unlikely to be significant and this move by Apple doesn't surprise me in that I expected it to be bundled in with itunes just as they did with quicktime. I never wanted iTunes but when they started forcing on me with quicktime I had no choice. Now I love iTunes but that is not the point.

    At least with the iTunes bundling it only occured when I went to download/install quicktime a new. Bundling safari with a security update is going too far.

    Even if it was given as an option entirely on it's own so that users could say hey I think I'll give that a go or choose to dismiss. Instead it is smuggled in along with a security update and ticked by default so the average user used to seeing Apple updates will just click ok without realising what they have just agreed to.

    Installing an entirely new app rather than a security fix or even an added feature to an existing app is closer to Malware than a update. Apple are taking advantage of a delivery system that users believe is set up to protect them by ensuring the latest fixes for their known software - not as a delivery system for Apple to push out any software it chooses - especially not one that is barely out of beta and could compromise a users system.
  • Apple Meeting

    Can you imagine the meeting where the decision was made.

    Jobs: Why is the safari browser not doing doing as well as iTunes?
    Appleman: Well users are happy with the browsers they have
    Jobs: But ours is faster look at these benchmarks, and I made all the buttons shiny
    Appleman: Yes but it has less features than the other browsers
    Jobs: Darn it, just get it on their PCs
    Appleman: Well there is one thing we could do...
    Job: what?
    Appleman: We could bundle it with iTunes
    Jobs: But that took ages when we bundled iTunes with Quicktime as the quicktime users didn't update often enough. We need something faster
    Appleman: Well we could... no, we can't... it's going to far
    Jobs: what?
    Appleman: We could send it out as an update to exisiting iTunes and quicktime users
    Jobs: Brilliant, all iTunes users will have safari
    Appleman: But only those that opt-in for it
    Jobs: Opt-in? Make it the default - infact smuggle it in along with a security update
    Appleman [thinks]: I'm going to burn for this...
  • Safari - get lost!

    I was not aware that Safari was going to be forced on me so when I saw the Safari icon on my desktop I panicked! I Googled Safari and discovered it was an Apple feature bundled with iTunes. Thus reassured that was not malware I went into my control panel and deleted it.

    If everybody did this the takeup of Safari would be negligible and Apple may get the message.

  • Why Safari on Windows

    Lol David i like that. What i don't understand is why Apple want windows users to use Safari, hell i don't even use it as my default browser on my Apple. One would assume it would be for Apple to gain financially. With i tunes it was to make i pods massive whilst getting people familiar to an Apple style layout. Is the browser aiming at what the average user does Browses the Internet and Listens to Music in an attempt to poach users. My point however is this they would fail to achieve that goal on a wider scale due simply to the cost of their products. Why not just make it optional, that way anyone interested in moving from Windows to Mac OS could use it if they wished.
  • Safari uninstall

    I already had Safari installed for testing but in protest to this move I will be uninstalling it.
  • Optional is not an option

    Lets face it - the Apple fan boys are all rocking Macs. So where is the target audience on PC? The Apple fans too poor to pay for over priced macs or the Apple users that are forced to use PCs for work.

    The small number of users that would WANT safari on PC beyond web developers that need it for testing would not be wide spread. So forced or unwitting install is the only option.

    I think Apple want widespread safari install base to encourage developers to make Safari web apps. Having iPhones, macs AND PC users would greatly increase the attraction of developing for the browser. At the moment it gets ignored by a lot of developers even when building sites. If the development team/studio work on PC they are not going to shell out for a mac just for testing safari, espcially if they look at their webstats and see that less than 1% of their users have that browser. If, however, there is a larger install base due to PC users and they can test on PC then Safari becomes a more serious browser to develop for.

    I think making the browser better than rivals is what Apple should have done so that people would WANT to install it and actually use it. Having a stripped down browser that runs a bit quicker but has less functionality is not what the average user will install. Users that want simple will stick with what came with their OS - IE. Users that are more tech savvy will install Firefox, Opera or another browser with the features they want rather than a stripped down one.

    Unlike their physical devices they can't make the browser a fashion statement and a marketing buzz and so Apples main selling points are out the window (the packaging and the poser status). Leaving little or no reason to install and therefore forced adoption was the next alternative.
  • What a whining loser baby

    Grow up, Apple is only giving folks a choice of browsers, not saying that it's 'inseparable from the OS' or any such bald-faced lie as Microsoft pulled (and got away totally free).

    Plus, unlike I.E. Safari is completely standards based and FAST.

    Safari is the fastest browser, and the most standards compliant.
  • Software merits

    Firstly, the merits of the software are irrelevant the way in which Apple are sneaking it on to users systems is what is in question.

    Secondly, no one is saying that Microsoft's bundling of IE with Windows is good. In fact as a Firefox user I would in many ways be against it. However, with Windows having a browser ready to go when you install the OS is extremely useful - even if it is just to get to the firefox website to download my browser of choice. It also is listed as a feature on the box. Sneaking in a browser as part of a security update is entirely different and is more like spy/malware distritbutio method. You get unwanted software sneaked in along with software you intended to get or worse still what you thought was simply an update to software you already had.

    It's amazing how Apple fansboys can justify even this clear bad practice.
  • I use ......

    SlimBrowser which is one of those browser applications modifying and sitting on top of the Internet Explorer engine.

    It has a nice look to it, is convenient to use and really does do just what I want from a browser. I would certainly recommend it to novice and intermediate users. I don't have any security issues because I'm well protected.

    As for speed, it's as fast as my ISP will permit these days, which is often not very fast, so I don't expect Safari would be any faster since the performance of my ISP is the controlling factor.
    The Former Moley
  • Sorry, I missed the part where it becomes a dis-service!

    Apple guilty of filling people's harddrives with stuff they might not use. Is software bundling a new sin invented by Apple?

    And yes there is a difference between this and malware; malware tracks your actions and keeps popping up with recommendations. Safari, i assume, will sit iddly on your desktop until you intentionaly open it.

    I also seem to notice that for the last 2 years, everytime I update my iTunes it seems to come automatically bundled with Quicktime and quicktime is something i hardly ever use, why is it that Mr Lilly didn't stand up for me against this violation before.

    Mr Lilly, I detect paranoia, you fear that Apple's reach via it's ubiquitous iTunes threatens to shrink your browser market share.
  • Defenseless

    So your defenses for Apples behaviour are

    1) They've done it before (with quicktime) - Having priors is hardly a good thing. I critise Apple for this too
    2) Other companies have done it - Yes and they got negative feedback for it too so why shouldn't Apple.
    3) Malware means pop-up ads or keystroke logging??? No one said Safari was Malware - we said it is using the same delivery method - offering software you want but sneaking in software you probably don't want. Worse still this does not occur at software installation but bundles in with a security update which I have not seen any company do.

    If Firefox installed Thunderbird or worse still a completely unrelated product in with the next security update wouldn't you complain?
    It seems that Apple have users under some kind of spell where they can do what they like and their users will justify it regardless.
  • Nicely said David

    I would also like to point out to Harpless that i hardly think Safari is going to worry Firefox as a browser. Like i have said before, I dont even use it on my Mac, Guess what i use? thats right platform independant firefox. Which i also use on Windows and Linux.

    I did use Safari at first trying to be purely Mac but there were so many issues with just simply surfing the Net it was making me go insane.
  • MisUnderstood!

    David, i wasn't defending Apple, infact i've never used Safari or any other Apple product apart from the iPod. I was simply pointing out that this objection was somewhat disingenous; It is not based on his concern for you and I, its based on the threat they feel Safari poses to Firefox. I pointed to Quicktime as an example to give an insight to Mr Lilly's true motive.

    I wasn't defending bundling either, it is a tactic that a lot of companies have used over the years to get a leg up. In my opinion, as long as the user can opt out, its fine.
  • Exposure good. Sneakiness bad

    I am all for exposing users to more than just the browser that comes with their system but being sneaky about it whether there is an opt-out option or not is not the way.

    Firefox's efforts have benefited all users whether they use Firefox or not. Its popularity forced Microsoft to improve their browser and users to discover there is more than just IE out there. As a developer I am pleased it has led to closer adherance to web standards.

    Apple's browser being pushed doesn't help anyone but Apple. It doesn't render exactly the same as Apple on Mac so it's just another browser for me to support.

    Apple have every right to promote it's products to it's existing user base but it should be transparent and opt-in not this opt-out with security update approach. How many users opt-out of security updates or even stop to read what they are?

    Fortunately while the sneaky back door install of Safari is likely to catch out a lot of users, most will probably continue to use their browser of choice rather than the one thrust upon them.
  • The crux

    " long as the user can opt out..."

    Therein lies the problem......the user should not have to opt OUT, the user should have to opt IN. Requiring someone who wants product A, to explicitily declare that they do not also want product B, is, in my mind, unethical behavior.