Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Pushes Unwanted Software To PCs, Again

Posted by kdawson on from the just-updates-please dept.

itwbennett writes "Blogger Steven J. Vaughan-Nichols wags his finger at Apple for indiscriminately pushing the iPhone Configuration Utility 2.1 update out to Windows users, since it is a tool for business system administrators to set up and administer corporate iPhones — the blogger himself (and practically every other iPhone user) not being of the corporate iPhone user persuasion. But more than just unnecessary, the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing 'not just a configuration program, but the Apache Web server as well,' says Vaughan-Nichols. 'A Web server like the one Apple [is] adding to your PC... [is] a gateway just asking to be hammered on by an attacker. Managed properly Apache is as safe a Web server as you'll ever find, but ordinary PC users shouldn't try to manage it, and even an expert can't do anything with it if they don't know it's there.'" Reader CWMike notes that Apple pulled the iPhone Configuration Utility from the update list after a few hours.

23 of 267 comments (clear)

  1. Not really... by Darkness404 · · Score: 3, Informative

    the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing

    Millions? Lets see here, the update was only recommended for a few hours and was quickly pulled. How many people do you think update constantly? If Windows updates are any indication (and most just install in the background with almost no user interaction) chances are very few. We aren't talking about "millions" but a few thousand in the worst case.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:Not really... by Anonymous Coward · · Score: 5, Informative

      I'm sorry, but this is NOT even close to true. It has been offered for at least a week, and came up again on my machine last night. I've had it "offered" several times now on both machines. I don't know who first said it was only a few hours but that is just dead wrong.

    2. Re:Not really... by Colonel+Korn · · Score: 4, Informative

      the update actually puts him and millions of other iPhone owners/Windows PC users at increased risk by installing

      Millions? Lets see here, the update was only recommended for a few hours and was quickly pulled. How many people do you think update constantly? If Windows updates are any indication (and most just install in the background with almost no user interaction) chances are very few. We aren't talking about "millions" but a few thousand in the worst case.

      Well iTunes has been installing the Apple Updater Thingy by default for a long time, so the question is how often that checks for updates. And according to Ars Technica (http://arstechnica.com/apple/news/2009/09/apple-pushes-unwanted-enterprise-tool-to-windows-users.ars) the update was actually pushed "earlier this month" and only came to the attention of the online media today. It sounds like it was pulled a few hours after it hit half the computer-related news sites, not a few hours after it was pushed out to users.

      --
      "I zero-index my hamsters" - Willtor (147206)
    3. Re:Not really... by MichaelSmith · · Score: 4, Informative

      My sister in law runs itunes on her windows laptop. When she bought it I installed firefox for her to use then she called me to report some strange behavior. She had somehow started running Safari. Firefox had disappeared. So either it happened automatically or she was tricked into installing it.

      --
      http://michaelsmith.id.au
    4. Re:Not really... by dreamt · · Score: 2, Informative

      Thank you. And in addition, it was listed in a check-box list of items. True, it was enabled by default, but the user still had to hit the button to install it.

    5. Re:Not really... by Brian+Gordon · · Score: 5, Informative

      Defending Apple? In my slashdot?

      This was a stupid move and Apple's not as innocent as you claim. Defaulting the box to checked is almost equivalent to installing it without consent and Apple knows it. In both cases you end up with users loaded down with crap they don't need and distrusting updates, which has real dollar costs. The only difference is that in the former case the tech crowd squeals a little less, so that's the route they choose.

      Honestly, even if they were really stupid enough to not see any problem when they did it the first time, they have no excuse for doing it a second time. Why would they put it out and then withdraw it a few hours later? Did they forget the user backlash from the first time?

    6. Re:Not really... by NibbleG · · Score: 3, Informative

      I don't have an iPhone either, I do have a iPod Touch, but both the iPhone Config are checked when iTunes has an update. Safari is ALWAYS checked, even though I have never installed it.

    7. Re:Not really... by node+3 · · Score: 2, Informative

      Hahaha. Patently false.

      "Patently false" and "here's a minor detail you left out" are *not* synonymous.

      What's more, your "minor detail" is, itself (ironically) patently false. It wasn't in the "update" section, because there wasn't an update section at that time. The "Updates" and "New Software" sections were put in in response to people complaining (rightly so, but a bit hyperbolically in tone) about it.

    8. Re:Not really... by Achromatic1978 · · Score: 3, Informative

      And you want to compare this to Microsoft? The company that hands you Windows Media Player like it was a security patch, and hogties your system with so much DRM that you need a cabal of starving Russian crackers just to restore your fair use rights?

      Yes, I do. Because Apple installs Quicktime when you install iTunes. iTunes when you install Quicktime. Safari when it thought it could get away with it when you installed iTunes.

      And when you tell Quicktime to not be the default audio / video player, good luck. It'll still be there. As will iPodService.exe as a kernel-level service, even when you've never used an iPod.

  2. pushes? by Anonymous Coward · · Score: 3, Informative

    I'm not so sure if asking me if I'd like to update/install something is the same as having it "pushed" to me. I had the Apple Software Update thing pop up on me the other day, I unchecked the items I didn't want (the iPhone Config Util being one of them), and I went ahead and updated the software that I did want. So how exactly are they "forcing" this one me?

  3. Re:Any verification on the Apache web server? by zn0k · · Score: 5, Informative

    I have the iPhone Configuration Utility installed on a work machine as we support a few dozen iPhones at work. Just checked, and there's no Apache process (just an iPCU.exe) when running the app. One of the links in the summary also mentioned using a browser against localhost:3000 for configuration, netstat shows no process listening on that port.

  4. Re:Apple haters ahoy! by Intron · · Score: 2, Informative

    They push Yahoo! toolbar unless you uncheck the box.

    --
    Intron: the portion of DNA which expresses nothing useful.
  5. Try again... by spywhere · · Score: 3, Informative

    Sun was pushing the Bing toolbar with a pre-checked box until last week... now they're pushing Carbonite 30-day trialware the same way.

  6. Re:Any verification on the Apache web server? by sbeckstead · · Score: 2, Informative

    No I can't find the Apache server other than the one I installed on purpose.

    --
    Why bother
  7. Re:Any verification on the Apache web server? by fluffy99 · · Score: 1, Informative

    Bvllshit. http://httpd.apache.org/security/vulnerabilities_22.html

  8. Quicktime Alternative by Derwood5555 · · Score: 3, Informative

    Quicktime Alternative, FTW.. No iTunes, no iPhone, no iToilet...

    1. Re:Quicktime Alternative by __aaqvdr516 · · Score: 2, Informative

      Even better, VLC media player. Hardly a need to install anything! http://www.videolan.org/vlc/

  9. Re:Any verification on the Apache web server? by fermion · · Score: 2, Informative

    Except that we are not talking about OS X. We are talking about MS Windows, which does not come with Apache, so that is why it might be installed.I see not documentation on it being installed. I see a number of items that must be installed to support the utility.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  10. Re:Likely Accidental by iMouse · · Score: 2, Informative

    Maybe you just failed to notice that Bonjour, QuickTime, and MobileMe are all tied to iTunes for functionality.

    MobileMe is tied in to iTunes for iPhones, Bonjour is for iTunes Sharing, and QuickTime is required for iTunes functionality.

    Safari has been known (recently) to prompt for optional installation, but is not checked for installation by default. Your wife would have to check the box and click the install button to "accidentally" install Safari. Also, she is prompted to install these items because the Apple Software Updater process is running on startup. Whoever installed iTunes failed to read and uncheck the box for it to not be installed.

  11. Re:Any verification on the Apache web server? by Kalriath · · Score: 3, Informative

    Since when has "virtually no" meant "no"? IIS6.x has had eight vulnerabilities in its seven years of existence (only seven if you search CERT). Less than one a year. IIS7.x has had two in two years (three if you search CERT, plus one "unreliable"). One a year. Apache 2.0.x has had TWENTY-FIVE, and Apache 2.2.x has had TWENTY SEVEN.

    --
    For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  12. Re:Risking karma here but shovelware? You can opt by KGIII · · Score: 3, Informative

    By the same token you can click on Microsoft's updates and, you know, actually read what they are for and what they do. They even have a link to tell you.

    Err... Most of the time.

    Fairness in our bashing would go a long ways.

    --
    "So long and thanks for all the fish."
  13. Re:Likely Accidental by TheThiefMaster · · Score: 2, Informative

    Safari used to be checked by default.

    I remember being quite annoyed at it.

  14. Re:Risking karma here but shovelware? You can opt by ground.zero.612 · · Score: 2, Informative

    I think it's a sekrit ploy by Steve Jobs to focus the negative virus/malware based attention away from Apple and toward Microsoft.

    What better way to add fuel to the "Apple doesn't get viruses" lie than to have Apple install not just an exploitable software, but a fucking web server, which can be used to proliferate more worms/malware/viruses on the Windows machines.

    I would say that's exactly what is happening, especially when a different post here mentions that this "update" was "intended" for corporate IT administrators... I'm a systems administrator; do you have any fucking clue how pissed off I would be to find out that Apple just turned my network of workstations into a network of web servers? Thankfully we don't have any automatic updates turned on, and every time I update our images I intentionally neglect iTunes and Quicktime.

    --
    "Be prepared, son. That's my motto. Be prepared." --Joe Hallenbeck