Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Usurps Oracle As the Biggest Threat To PC Security

Posted by samzenpus on from the update-your-software dept.

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?

14 of 320 comments (clear)

  1. Annoying update process by fintux · · Score: 3, Insightful

    The reason why I'm stalling sometimes with the updates is that the whole process is interfering with my computer usage. There are annoying popups requiring attention at about 30 s - 1 min intervals, activating a random time after computer boot and trying to install 3rd party software, so I need to be in a mood for installing those updates. Not even to mention that every software has its own update software with its quirks. And Windows also now notifies you to disable "unnecessary" start up software, which often includes these update checkers. These should all come from a single source and be handled much more like they are handled in Linux distributions or mobile app stores.

  2. Not fatigue by Anonymous Coward · · Score: 4, Insightful

    I was so excited when I got my iPhone 4. It's old, I know. Everything worked so well.

    Now... itunes has changed so much I can barely use it. It's always losing playlists, stopping play because it sees a cloud icon when the downloaded version is right underneath it, etc. Don't get me started about the hidden File Edit menus. My iphone barely works anymore. Browsers slow, maps is a joke, switching tasks takes a while.

    The last thing in the world I want to do is update itunes and IOS. Each time it gets more and more unusable, each time the experience stops 'just working'. I won't upgrade either again. Too scared. Too much time to remake all those playlists. Too worried about the lag from the new OS or insanely strange UI of itunes.

    It's too bad we can't just stick with a version that works, but this 'one size fits all' approach isn't working great.

  3. Re:It's a business opportunity! by Anonymous Coward · · Score: 2, Insightful

    Why would Apple NOT update it's insecure Windows software ? Anyone ?

    A more poignant question would be why do users not update their insecure third party Windows software regularly? There is an amazing array of PCs out there that are running pretty antiquated software of third party software. It does not matter how diligently pushes updates, there isn't a damn thing they can do to motivate their user base to update any more often than the user can be bothered which is usually close to never. If the vendor changes the settings of their software update services to apply patches automatically on user's PCs people just start pissing and moaning about having to install updates all the time and a whole bunch of them will disable the auto-update service. Then you get chewed out on Slashdot for not pushing updates. Lather, rinse repeat...

  4. Re:Bullshit by Anonymous Coward · · Score: 2, Insightful

    The Java holes that won the award for least secure software ever were in the Java plugin sandbox. Enterprise Java is not using the sandbox.

    The credit card stealing holes in big enterprise systems are more likely to be holes in the software handling the credit cards, rather than Java itself.

  5. Re: It's a business opportunity! by John+Allsup · · Score: 4, Insightful

    If the vendor has not managed to produce a properly written, secure, bug free piece of software by the 10th attempt, what faith should one have in the 11th. Software updates have lead to bloat, bug tolerance and laziness. If vendors were required to ship working software, rather than anything they liked, we would have less software, but far less low quality software. Oracle, Apple and Adobe have some amazingly well written code lurking in their products, but it is buried under tons of bloated rubbish that should never have been considered fit to release.

    --
    John_Chalisque
  6. Re:It's a business opportunity! by Bert64 · · Score: 4, Insightful

    The problem is the "updaters", and these only exist because windows doesn't provide a centralised update system for applications to hook into.

    You end up with a load of background updater processes wasting resources at all times, so they end up getting turned off.
    And because the update process happens in userland, unprivileged users (ie most corporate installs) cannot apply the updates or run the updater.
    Most corporate deployments won't update these applications centrally because doing so is a painful process.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  7. Re: Really? Quicktime? Seriously? by mrbester · · Score: 1, Insightful

    No one uses Safari on Windows. Few used it even when it wasn't abandonware.

    --
    "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  8. Re:It's a business opportunity! by Pentium100 · · Score: 2, Insightful

    Because updates are inconvenient and sometimes they contain something else beside the security patches.

    Updating is a distraction, even if I am not using the program at the moment. Say, I am watching a movie and Java update pops up. Will I pause the movie to install a newer version of Java? Unlikely. After watching the movie, I will have forgotten about the update. It's even worse with updates that require a reboot. I pretty much never reboot my main PC because I "lose my place". Servers are a bit different - rebooting one only results in some downtime.

    I update Firefox more often because Firefox crashes quite frequently, might as well update it.

    Te other problem is that updates are not always just security patches. For example, the spy updates for Windows 7 or 8, the Windows 10 nag update and also the occasional BSOD update for Windows. Firefox is an odd example in that its stability alternates with updates: an update makes it (more) unstable, then another update makes it less unstable, and so on.

    Oracle has overdid Java security. I only use Java for server management (remote KVM) and with new Java versions I have to click trough multiple security warnings (self-signed SSL cert on server, the applet is old and does not have the needesd security tags, Java version too old) and also add the IP to exceptions. Shouldn't "exceptions" mean "yes, I know it;s insecure, I still want to use it anyway"? Older Java versions have fewer such nags.

    A better question wuld be why do software companies produce such buggy software? I do not have to "update" my car (made in 1982), tape deck or radio, unless some component wears out or just fails. Why does software come so unfinished and so full of defects?

  9. Re:Users View Updates from Apple as Risky by upuv · · Score: 4, Insightful

    I have to completely agree.

    Apple software installs effectively trash your carefully configured machine. How many WTF moments have I had just after a simple update and realise that my personal content has now magically moved. To where? Pictures and Videos I take of the family all of a sudden are assimilated into the Apple sphere. My preferences for video audio, homepage, picture, editing etc all trashed.

    And in most case it's damn near impossible to remove. Thus being relegated to un-used software that is slowly dying in a dark corner of the hard-drive.

  10. I'll be that guy by phishybongwaters · · Score: 3, Insightful

    I'm gonna go ahead and call this flamebait. I'm no fan of Apple but that's more about their business practices and less about the quality of their hardware and software... but I'm struggling to blame Apple for people not keeping quicktime updated. Who the F@CK uses quicktime? I know back to the future day has passed, so clearly we aren't travelling back to 1998, so wtf is quicktime even doing on most peoples machines?

  11. Re: It's a business opportunity! by Anonymous Coward · · Score: 3, Insightful

    Which is fucking great until someone takes over your privileged service that's running in the background.

  12. Re: It's a business opportunity! by TheRaven64 · · Score: 3, Insightful

    If the vendor has not managed to produce a properly written, secure, bug free piece of software by the 10th attempt, what faith should one have in the 11th

    Name one piece of software that is over 50,000 lines of code and is bug free after any number of attempts.

    If vendors were required to ship working software, rather than anything they liked, we would have less software, but far less low quality software

    We would have far less software. seL4 is the most complex piece of formally verified code and is around 10,000 lines of code. NICTA estimates that the cost of developing it is around 30 times the cost of developing the equivalent software with best-practice feature and regression testing and code review. The cost of making a nontrivial modification to seL4 is almost as great as the cost of writing it in the first place.

    Oh, and when seL4 was open sourced, it took under 24 hours before someone found an exploitable security hole in it, because their formal verification hadn't verified the property that the attacker was looking for.

    --
    I am TheRaven on Soylent News
  13. Re:It's a business opportunity! by Pentium100 · · Score: 2, Insightful

    My car was built properly the first time, it did not need continuous replacement of parts because the original ones had design/manufacturing defects. Due to being mechanical. some parts did wear out or failed in the years after the car was made though.

    And if I replaced the tape deck with a radio that had internet connection, while the radio could be hacked, the rest of my car would not be. So why in modern cars you can use a hacked radio to hack the rest of the car?

    Software, on the other hand, especially current one, is full of design/manufacturing defects - Microsoft was fixing Windows XP for 13 years and still did not manage to fix all defects. Also, unlike my car, software is not mechanical, it should not wear out or rust.

    Being connected to the internet or not is not the reason why modern software is buggy, lazy programming is. After all, you can prevent all buffer overflow attacks by checking the length before writing to the buffer...

    I understand open source software being buggy (since it is given away for free and usually is work-in-progress), but commercial software like Windows should not be buggy. However, seems that Linux is more secure than Windows...

  14. Re: It's a business opportunity! by harperska · · Score: 2, Insightful

    https://en.wikipedia.org/wiki/...

    True, however that is a very special case as TeX is still actively supported, yet hasn't had a new feature added in over 25 years. I know it's moving goalposts slightly, but name a piece of software over 50,000 lines of code which is bug free and actively being enhanced. Or to look at it another way, TeX only reinforces GP's point, that it takes 25 years of patches without any feature enhancements to make a large codebase bug-free.