Slashdot Mirror
Mozilla CEO Objects To Safari Auto Install
hairyfeet writes "Do you use iTunes on Windows? If so you may be getting the gift of Safari from Apple whether you want it or not, and Mozilla CEO John Lilly is not happy about it. After his daughter was offered Safari as a 'bonus update' with a recent update to her iTunes software, Mr. Lilly says on his blog, 'What Apple is doing now with their Apple Software Update on Windows is wrong. It undermines the trust relationship great companies have with their customers, and that's bad — not just for Apple, but for the security of the whole Web.' He also pointed out the check box is already clicked when you go to update meaning you have to opt out, not in and that it lists Safari as getting an update even if you don't have it installed." Update: 03/21 21:44 GMT by KD : Corrected the name of the Mozilla CEO; also linked directly to his blog.
If M$ did this there would be a huge uproar and several anti-trust lawsuits. Now that the iPod is working on a monopoly of the mp3 player market, why is what Apple did any different? The quality of the software doesn't matter here.
It offered me Safari when quicktime did its update as well, and by offered, it said it was installing it unless I hit cancel. not so good times.
How Jaded Are You?
I don't care if this is a "mandatory" component of iTunes, or if Apple is "just" trying to sneak it in... WHY do this?
Has any company ever entered better light from including unrelated junk in their installers?
If iTunes doesn't require Safari (and I pray to god it doesn't because that would be horrible design to require a specific web browser -- they'd enter Microsoft territory in that case), then Safari shouldn't be part of the install. If people want Safari, they'll install Safari. If something doesn't need Safari, fuck that shit.
Please don't look at Microsoft as a good role model, Apple. They aren't.
Beware: In C++, your friends can see your privates!
Oh, please. Apple is as evil as Microsoft, and Mozilla is right to complain about them.
Claiming that open source and Apple have some kind of common interests is fiction.
Say what, iTunes?! Who uses that crap in the first place? Might as well kill your computer with Real Player while you're at it!
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
Firefox shouldn't come bundled with any Google software, set home page to Google without giving a choice of other search providers or popup "set me as a default browser dialog?" unless the user explicitly goes to preferences menu and does so. I do hope Safari doesn't automatically hijack the default browser when it is installed in this manner. I don't see a big security downside to installing it if it needs to be explicitly run by the user rather than automatically activated from a web link.
We need a way to classify software that does this. Call it installware for all I care.
installware: software that installs other products that the user would not expect to be installed as a default option. This includes any 3rd pary addons or 1st party products that are unrelated to the current install.
something that would lable products that instal browser bars too. We know some products work hard to not get listed as spyware or adware. Its time to expand it to include this other crap.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
IMO, all Apple has to do to solve this is:
1. Make all not-yet-installed software unchecked by default, so you have to opt into it (keeping actual updates checked by default)
2. Clearly label, probably by putting a separator and header in the middle of that list, which software is an update to what's on your machine and which software is another offering that Apple wants you to install.
That, and make it possible to ignore a product, instead of just a particular install. My Windows box at work has Safari and QuickTime for web development purposes, but it keeps telling me to "update" iTunes. I can tell it to ignore the item, but every time a new iTunes version comes along, it asks again.
> Since when did Apple start taking lessons from M$?
1997.
--I'm so big, my sig has its own sig.
-- See?
Exactly. QuickTime for Windows has been installing iTunes by default for quite some time now. The last time I downloaded QuickTime I had to hunt through Apple's site to find the standalone version.
it's not half as bad as Google's pushing their "toolbar" along with Java updates... where you have to go into "advanced" install of the update to even KNOW that it's pushing Google Crapbar, let alone to drop it.
We've seen more problems with "my IE is crashing" lately, and every time it's that Google Crapbar that slipped in because the users didn't even get the chance to know it was coming in.
"Trusted source"??
I don't trust Apple installing ANY Windows software. I have yet to successfully install iTunes without the stupid mandatory Quicktime installation taking over most of my media file associations, no matter how hard I try to disable them. It even tries to display JPEGs in Quicktime instead of inline in IE. Apple obviously knows about this, because everyone I know who has tried this has had the same experience.
>In any event, Safari is at least a standards-compliant browser,
>so it still fulfills Mozilla's dream of a standards-based web,
>even if actual Mozilla software isn't being used.
It's not about Safari being used. I'm all for a healthy, competetive browser market where users can chose between several great standards compliant browsers. That's a big piece of what Mozilla is all about.
The problem here is not that Safari may get more users. The problem is that they have used "software update" to install a *new* piece of software. Safari is not a software update for QuickTime and it's not a software update for iTunes. It's an entirely new piece of software being pushed by Apple as if it was an update when it's clearly not.
This is a problem because it waters down the meaning of "software update" -- something that vendors depend on to keep users safe and secure and that users should be able to trust. Users shouldn't second guess themselves when clicking "OK" on a software update dialog. If they're afraid of software update services, it'll be impossible for vendors to keep them safe with security and stability updates.
It's this trust relationship being abused by Apple that's the problem, not that more people may end up with Safari.
- A
For that matter, I'm tired of installing QuickTime, then having it pester me with "updates" to install iTunes. If I had wanted to install iTunes, I would have picked the giant "Download Quicktime and iTunes" button instead of hunting for the tiny "Download Quicktime only" button.
Redundancy is good And also good.
>I call bullshit on Mozilla. Microsoft forced IE 8 on me.
>I did not have a choice. Apple offered me Safari and I
>turned them down.
Microsoft didn't Force IE 8 on anyone. It's not even included in their Software Update system. It's a standalone download that you have to seek out on the web.
Perhaps you meant IE 7 which was offered as an update through their SOftware Update system. Well, guess what. IE 7 *is* an update to IE 6 -- a critical one for very legitimate security issues. You can opt out but you'll be doing yourself a security and safety disservice.
Safari 3.1 is *not* an *update* to iTunes or to QuickTime and calling it an update is misleading at best and predatory at worst. Not only that, but it weakens the trust relationship between vendors and users when it comes to software update systems.
Software update systems should be *update* systems and users should feel comfortable clicking "OK, keep me up to date, safe, and secure". When *update* systems are abused like this, people trust them less and it's more difficult for vendors to keep those users safe.
- A
Just the other day I tried to install Konqueror, and it forced me to install some UNIX like operating system. Wiped out my whole hard drive. When is it going to end?
What?
I think a lot more of Apple than I do of MSFT, but then I'd rather catch rabies than AIDS....
"Be light, stinging, insolent and melancholy"
You are absolutely right. Apple is hardly forcing Safari on people since it asks first and they can decline the download. I decline downloads offered from Apple and MS all the time. This is a complete non-issue brought up by someone wanting free press.
The Mozilla folks are whining because there is some chance that a significant portion of Firefox users will switch to Safari. I have used Firefox since beta on Windows machines, but I will switch to Safari if it is faster. Firefox is dog-slow on a Mac, and I don't even consider it on that platform.
Here is a link to John Lilly's actual blog post ...
... can't imagine why neither the /. summary or the original "article" included a link to John Lilly's actual blog post. Who the hell is Dee Chisamera and why did /. link to Chisamera'a page full of ads instead of Lilly's actual blog post?
http://john.jubjubs.net/2008/03/21/apple-software-update/
OS X, Linux, Tivo, Amiga, my fascination with cult-like technologies would intrigue any psychiatrist.
In all honesty, I think that MSFT was right in pushing IE7 as an upgrade for IE6. IE7 is an update to IE6, not a totally separate product. The reality is that the security improvements in IE7 (the phishing filter and the fact that it disabled most ActiveX controls by default) are enough of a reason to justify recommending it to customers (and just like the Safari "update" people are complaining about, you can turn it off).
I'd have more issues if Microsoft decided to force a download of (say) Visual Studio Express as an "upgrade" to Windows (or any other component that's not a part of Windows). Or if they made the Silverlight update enabled by default (as of today, they offer it as an optional download (it's disabled by default)). Heck Microsoft doesn't even include Office products in Windows Update (you have to opt into the Microsoft Update version to get non Windows products offered in Windows update).
Apple's doing one of two things: either they're (a) leveraging their iTunes monopoly to push Safari or (b) using their security holes as opportunities to upsell iTunes and Safari (since you need to use Apple Update to get fixes for the Quicktime security hole of the week)
Neither of these are OK in my opinion. Software update should be for updating existing software to fix bugs in the software you chose to install.
I don't have any problems with the Apple updater offering other products, I do have issues with the updater offering those products by default.
It's not only Safari that is selected by the Apple updater by default but also iTunes too. I only have QuickTime installed and when the updater prompted me to update QuickTime to a newer version, iTunes and Safari were selected too. I decided to uninstall QuickTime and not be bothered by Apples shenanigans.
...as you couldn't possibly be more incorrect. If you install Firefox, you will most likely start at this page. There is no mention of Thunderbird, no mention of add-ons, no mention of any other Mozilla product at all. The default home page for Firefox is here and contains no mention of add-ons, or other programs.
But all that is completely beside the point, because the real issue is other products being pushed out by default through the software update for an unrelated product by the same company. Which is what Apple Software Updater is doing.
Firefox's update by comparison *cannot* download another product that you don't have installed, not only that, but it doesn't suggest any other products, or even mention that they exist.
Your point was that Firefox "offers" their products, where they do not, they simply provide links in their browser to their site where if you wish, you can choose to go and search for their products. Your other point was that Apple is simply "offering" their products, but it isn't doing that either, it is selecting them for you, and choosing to download them to you if you don't specifically deny them every time there is a product updated.
These are two completely different things.
The television will not be revolutionized.
I've just discovered that if you run your iTunes auto-update *again* it re-adds and re-checks the Safari download each time the update is run. This is sort of like how Microsoft keeps offering you the Windows Genuine Advantage update even if you've already turned it down before. So, it seems like Apple is being very hostile with this update. You are eventually going to download it, maybe by accident.
Now, Safari might be nice, I don't know I've never used it. But, I do know it is insecure compared to Opera and Mozilla. It also lacks a lot of privacy features, script blocking, deep cookie management, password wands, etc. The irony is that Opera while being the most innovative browser is only the most secure web browser right now because it is unpopular, they lack managed script blocking. You can turn off scripts but no one in their right mind does that. We need to have whitelists so we only allow what we know we need. Blacklists don't work because you can't keep them up to date fast enough and disabling entirely isn't reasonable because there are many situations where scripting/cookies are absolutely necessary. The same goes for Internet Explorer and Safari, they lack this what should be by now, mandatory functionality. And, really, this should be built directly into Firefox itself, but has not been because a majority of people would simply be confused why their websites aren't working correctly. It has to be informed decision to install and try the plugin and understand what it is doing. I suspect this is the reason that other browsers have just completely ignored this functionality altogether.
In addition, I'd like to point out that Mozilla's AdBlock plugin, although bad for the advertising business, is a benediction for security as well. Too often now banners are being used to inject malicious arbitrary code into end user's computers. Even on Microsoft's own Hotmail email service!
Mozilla actually out innovates Opera in features when you look at the plugins, but the main browser itself does not. Until recently Opera has been the fastest and most compliant browser in the world, though it historically has had trouble rendering some websites. It has greasemonkey-like functionality built in which is a nice plus. With the advent of Firefox 3 coming out though, Opera and Safari lose the speed crown and also cannot compete with the plugins, privacy, or security. You can bet Apple knows this and wanted to pull this stunt before Firefox 3 became mainstream, because after that it is game over.
Mr. Wilcox has every right to be afraid for global security because of this new tactic by Apple.
Sorry, but... no. iTunes is not using WebKit. The iTunes Store is using a custom XML format to describe the pages. Sniff your tcp traffic and see for yourself.
>The *only* issue here (and where the "inappropriate" part
>begins), is the installation of Safari being checked by default.
>
>If they unchecked that box Apple would be golden from the moral
>side of things and there would be no problem at all.
I disagree. By mixing up "new stuff you may or may not want" with "stuff you really, really, really need to install immediately to keep your already installed software safe from exploits" is just a bad, bad idea.
When my software update mechanism comes up with a critical security update and I have to spend time trying to work out whether or not I should check or uncheck or install or not install, it creates confusion and leads to some percentage of people not opting in for the right parts.
If Apple wants to use the same infrastructure to advertise new products, fine by me, but don't mix them in with real updates for software I already have installed. Make it clearly a different interaction.
But they won't do that. They don't want to create an advertising mechanism here, they want to create a situation where users feel like they "need" to install this new software by associating it in every way possible with critical security updates.
It's not enough to simply uncheck the box. There needs to be a clear distinction that most users will understand between "update what I've already got on my system so that I can stay safe and secure" and "offer me new stuff that i may or may not want."
- A