How does Apple get away with this badware behavior?
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
As part of my work testing exploits for the recent Safari "carpet-bombing" issue -- and the combo-threat to Windows users -- I installed Apple's flagship browser on a brand-new Windows XP machine.
The installation came with Apple's automatic software updater, a very valuable tool to automate patch management for end users. I knew Apple was using the tool to ship Safari as a new product download if iTunes/QuickTime (and the updater) was already on the system but it still came as a big surprise to me when I fired up the updater this morning and ran into this:
![How does Apple get away with this stuff?](https://www.zdnet.com/a/img/2014/10/04/3873016d-4b65-11e4-b6a0-d4ae52e95e57/applewasu.png)
That's 95 MBs, pre-checked by default, bundled into a security patch and ready to hose my machine.
This is clearly badware behavior and it's shocking to me that Apple gets away with it. I understand the economics of Apple being aggressive to establish a presence on the Windows ecosystem but this is really unacceptable.
The StopBadware.org guidelines are very clear on what constitutes badware and, to my mind, it's a no-brainer that Apple is being deceptive and irresponsible, even if the bundling is separated under the "new software" tab.
We've spent the last few years recommending -- even demanding -- that software vendors ship Internet-facing products with automatic software updaters because of the importance of keeping products patched but, when those updaters become a business tool, there's a big problem.
Where are the StopBadware guys when you need them?
[poll id=7]