Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Usurps Oracle As the Biggest Threat To PC Security

Posted by samzenpus on from the update-your-software dept.

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?

15 of 320 comments (clear)

  1. Annoying update process by fintux · · Score: 3, Insightful

    The reason why I'm stalling sometimes with the updates is that the whole process is interfering with my computer usage. There are annoying popups requiring attention at about 30 s - 1 min intervals, activating a random time after computer boot and trying to install 3rd party software, so I need to be in a mood for installing those updates. Not even to mention that every software has its own update software with its quirks. And Windows also now notifies you to disable "unnecessary" start up software, which often includes these update checkers. These should all come from a single source and be handled much more like they are handled in Linux distributions or mobile app stores.

    1. Re:Annoying update process by rhazz · · Score: 4, Interesting

      The problem with iTunes is how often they modify the UI or key functions. At my peak iTunes usage I probably only used it once a month. Every single time there was a new update waiting, and every time I allowed the update it would modify the UI in some non-intuitive way, and it would take an onerous amount of time trying to figure out where they moved a particular command. So eventually I only updated when a particular function stopped working entirely. Honestly, if you have to refactor your UI every time you add a feature, start from scratch and design something more scalable.

  2. Not fatigue by Anonymous Coward · · Score: 4, Insightful

    I was so excited when I got my iPhone 4. It's old, I know. Everything worked so well.

    Now... itunes has changed so much I can barely use it. It's always losing playlists, stopping play because it sees a cloud icon when the downloaded version is right underneath it, etc. Don't get me started about the hidden File Edit menus. My iphone barely works anymore. Browsers slow, maps is a joke, switching tasks takes a while.

    The last thing in the world I want to do is update itunes and IOS. Each time it gets more and more unusable, each time the experience stops 'just working'. I won't upgrade either again. Too scared. Too much time to remake all those playlists. Too worried about the lag from the new OS or insanely strange UI of itunes.

    It's too bad we can't just stick with a version that works, but this 'one size fits all' approach isn't working great.

  3. Re:Really? Quicktime? Seriously? by Yaztromo · · Score: 4, Informative

    Valid question. I used to install Quicktime... 4? On my Pentium 2 MMX 200mhz computer back in the mid 1990's so I could watch movie trailers on Apple's website in middle school. That's the last time I installed Quicktime that I can remember. I'm honestly curious what purpose it serves today? Is it a web browser plugin or what? I haven't even thought of Quicktime in YEARS.... let alone had a reason to use it...

    My understanding is that versions of iTunes prior to 10.5 required Quicktime. Quicktime has always been more than a video player -- it's an entire multimedia framework, with APIs for doing a whole host of multimedia playback, editing, and conversion capabilities. It was the main multimedia framework for Mac OS X up until 10.7 (Lion).

    iTunes would have used it for both media playback, as well as for transcoding video from various formats/sizes for various Apple devices (iPhone, AppleTV, etc.). Newer versions no longer require Quicktime so far as I'm aware -- however, this article is about people who aren't keeping their software up-to-date, so it wouldn't be surprising to learn that they're still running older OS's and older versions of iTunes.

    Yaz

  4. Yes, update fatigue by johannesg · · Score: 4, Informative

    Plus we're tired of being tricked into accidentally downloading unwanted virusscanners (flash), toolbars (java), and whatever other crap they want to bundle. We are tired of running two dozen automatic update tools at all times, all fighting for internet access and all using memory and CPU time. Sure, it's very little and it mostly ends up in swap anyways - but it adds up. And we are certainly tired of having to deal with that crap every time we boot the machine.

    It's a great mystery to me why Windows does not have a unified update service (like Windows Update, but also including tools from 3rd parties). It doesn't even have to go through Microsofts servers - just let programs register their own server with the update service, and then let the update service do updates at times when it is convenient to me.

    I've solved at least part of this problem by simply not having QuickTime or Java installed. Flash is installed, but only runs on demand (which is actually far less often than you'd imagine). Windows Update I've shut down after Microsoft started pushing spyware and adware as "important updates". So now I run a risk of "hackers". So far they've proven less of a nuisance than actual vendors...

  5. Re:Quicktime upgrade pushes other shit by Z00L00K · · Score: 3, Interesting

    The same goes for a lot of software - clog your computer with bloatware like Chrome and whatever that I never use.

    And at every upgrade the software package asks me to confirm that I agree to the current license version instead of just installing the update in the background silently to ensure that I get the latest security updates.

    In addition to that Windows also enforces the UAC to make you confirm that the update installation is permitted. But in many cases this is problematic since it won't help many users that are out there, especially those with limited computer knowledge who either clicks "No" on everything or "Yes" on everything. In both cases it leads to bad results.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  6. Re: It's a business opportunity! by John+Allsup · · Score: 4, Insightful

    If the vendor has not managed to produce a properly written, secure, bug free piece of software by the 10th attempt, what faith should one have in the 11th. Software updates have lead to bloat, bug tolerance and laziness. If vendors were required to ship working software, rather than anything they liked, we would have less software, but far less low quality software. Oracle, Apple and Adobe have some amazingly well written code lurking in their products, but it is buried under tons of bloated rubbish that should never have been considered fit to release.

    --
    John_Chalisque
  7. Re:It's a business opportunity! by Bert64 · · Score: 4, Insightful

    The problem is the "updaters", and these only exist because windows doesn't provide a centralised update system for applications to hook into.

    You end up with a load of background updater processes wasting resources at all times, so they end up getting turned off.
    And because the update process happens in userland, unprivileged users (ie most corporate installs) cannot apply the updates or run the updater.
    Most corporate deployments won't update these applications centrally because doing so is a painful process.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  8. Re:It's a business opportunity! by AmiMoJo · · Score: 3, Interesting

    Mozilla and Google have solved the update problem in a nice way. They install services that do the updating, but don't run most of the time. When the app detects an update it wakes up the service, which does the installation.

    That means that the updater uses zero resources when not actively updating, and because it was installed as a service doesn't need further UAC prompts or admin level elevation to work. In other words, limited users can update.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  9. Users View Updates from Apple as Risky by jafiwam · · Score: 3, Interesting

    Users view updates from Apple as risky.

    Here is what one can expect with an update to iTunes:

    -four or five "yes I agree" click-throughs, one for each service the user hasn't signed up for or ever used
    -longer load time and general bloat
    -random UI changes that make it an exercise in "what will they think of next" to do basic stuff like sync a phone
    -an army of snotty "senior" "helpers" explaining the problem is not a problem, most of whom just don't bother to read
    -a SECOND set of random UI changes and feature removals for media organizing, moving or removing stuff like menus and ability to manage play lists, some of which represents hours and hours of tinkering with it.
    -"Careful, don't do that" advice from people who lost their whole library, or had to reinstall and couldn't find the library on the hard drive again.

    For Quicktime, it's about the same, only the user doesn't use the program much beyond obscure or old porn

    Apple has a BIG PROBLEM trying to push their UI bullshit into an environment where their UI bullshit stands out as particularly retarded. There's NO FUCKING REASON to remove the standard word based drop down across the top of the program. More space? People already have more screen space (or second, or third screens) than they know what to deal with. Doesn't look good to emo-fags? How about a toggle to turn it off? (which leaves it on by default)

    The actual risks for a slight chance for a security exploit are meaningless compared to the guaranteed fist-smashing-keyboard frustration of a simple update. I have actually helped users disable updates from Apple because they were so afraid of said bullshit or their old iPod or iPhone suddenly not working with it.

    If Apple wants to get people to update on Windows, they need to stay within the expected design parameters of Windows better and just let the program look different on different platforms.

    1. Re:Users View Updates from Apple as Risky by upuv · · Score: 4, Insightful

      I have to completely agree.

      Apple software installs effectively trash your carefully configured machine. How many WTF moments have I had just after a simple update and realise that my personal content has now magically moved. To where? Pictures and Videos I take of the family all of a sudden are assimilated into the Apple sphere. My preferences for video audio, homepage, picture, editing etc all trashed.

      And in most case it's damn near impossible to remove. Thus being relegated to un-used software that is slowly dying in a dark corner of the hard-drive.

  10. I'll be that guy by phishybongwaters · · Score: 3, Insightful

    I'm gonna go ahead and call this flamebait. I'm no fan of Apple but that's more about their business practices and less about the quality of their hardware and software... but I'm struggling to blame Apple for people not keeping quicktime updated. Who the F@CK uses quicktime? I know back to the future day has passed, so clearly we aren't travelling back to 1998, so wtf is quicktime even doing on most peoples machines?

  11. Re: It's a business opportunity! by Anonymous Coward · · Score: 3, Insightful

    Which is fucking great until someone takes over your privileged service that's running in the background.

  12. Re: It's a business opportunity! by TheRaven64 · · Score: 3, Insightful

    If the vendor has not managed to produce a properly written, secure, bug free piece of software by the 10th attempt, what faith should one have in the 11th

    Name one piece of software that is over 50,000 lines of code and is bug free after any number of attempts.

    If vendors were required to ship working software, rather than anything they liked, we would have less software, but far less low quality software

    We would have far less software. seL4 is the most complex piece of formally verified code and is around 10,000 lines of code. NICTA estimates that the cost of developing it is around 30 times the cost of developing the equivalent software with best-practice feature and regression testing and code review. The cost of making a nontrivial modification to seL4 is almost as great as the cost of writing it in the first place.

    Oh, and when seL4 was open sourced, it took under 24 hours before someone found an exploitable security hole in it, because their formal verification hadn't verified the property that the attacker was looking for.

    --
    I am TheRaven on Soylent News
  13. Re: first by fyngyrz · · Score: 3, Informative

    From TFS, the biggest infection vector isn't "Apple", it is simply users who have failed to update.

    Clickbait nonsense. Dice. But I repeat myself.

    --
    I've fallen off your lawn, and I can't get up.