Apple in sneaky Safari "update" shocker!

cornbb

The iTunes automatic update window popped up on my Windows machine recently. I clicked OK and imagine my surprise when the "updater" tried to sneak in an installation of Safari for Windows too:

(image borrowed from wired.com)

I hadn't installed Safari before, so this is obviously an attempt to sneak Safari onto the Windows market through a back door. Bundling iTunes and Quicktime together was bad enough but this is extremely poor form IMO, the sort of behaviour that would be expected from manufacturers of spyware rather than from a brand like Apple.

Rollo Tamasi

That's bad form alright.

WizZard

It's no more than MS do to be honest. Bit of a storm in a teacup IMHO.
It's old news anyway

dubmick

I noticed this myself. Sure they have been doing this with Quicktime for years. I'm sure they could implement the necessary Quicktime functions into iTunes.

I had actually installed the Safari beta before. The new version is very quick, seems to be a lot quicker than firefox on my PC.

folan

majority of complaints I heard were that its ticked by default. its a kinda ms thing to do i agree. Pity, its a nice browser.

dubmick

one thing I don't like about Safari on the PC (and Mac) is the way text is displayed on a web site.

WizZard

dubmick wrote: »

one thing I don't like about Safari on the PC (and Mac) is the way text is displayed on a web site.

How so?

ec18

its not really sneaky...that program shows new software available from apple...and you don't have to download it...it gives you the option....which is more that microsoft do with IE

dubmick

WizZard wrote: »

How so?

text is displayed like cleartype. It looks blurry or too bold imo.

cornbb

Its very sneaky indeed. Its not an "update", its a new product, one which people won't necessarily want. A lot of people don't bother checking exactly whats going to be updated/installed when an automatic update kicks in, this seems to be what Apple are counting on.

Microsoft have been known to try to sneak in new products masquerading as updates too, such as the Windows Genuine Advantage tool (although it could be argued that this is an OS enhancement, not a distinctively new product like a web browser). Nevertheless, the fact that MS have been known to do this doesn't make it OK for Apple to do it too.

flywheel

well i dunno... you would have chosen to install the software update tool (it is not a mandatory install)...

i'd be surprised the agreement accepted at install didn't state this may happen in the future... if it didn't mention then sure people have a right to call foul... if not then i don't see their argument...

anyone know what the situation with that is?

ethernet

cornbb wrote: »

Its very sneaky indeed. Its not an "update", its a new product, one which people won't necessarily want. A lot of people don't bother checking exactly whats going to be updated/installed when an automatic update kicks in, this seems to be what Apple are counting on.

Microsoft have been known to try to sneak in new products masquerading as updates too, such as the Windows Genuine Advantage tool (although it could be argued that this is an OS enhancement, not a distinctively new product like a web browser). Nevertheless, the fact that MS have been known to do this doesn't make it OK for Apple to do it too.

Finally, someone who agrees! See this thread in the Windows forum as well.

babypink

Breezer

DubWireless wrote: »

well i dunno... you would have chosen to install the software update tool (it is not a mandatory install)...

Not the point, it's an updater, not a package manager, and it certainly should not be ticked by default. Let's say you had Office installed on your Mac, and during an update using an optionally installed updater there was an option to install Internet Explorer, with the box ticked. Would you still be saying the same thing?

Savvy users will read everything and untick the box. Most users will click 'Next, next, next' without reading a thing, and Apple are well aware of this. The fact that Safari is, in some people's opinion (mine included), an improvement over the existing default isn't important. It's bad form on Apple's part.

faceman

Storm in a teacup ftw. Untick the box. Anyone clicks yes to install without checking what they are installing is being a bit silly.

dubmick

faceman wrote: »

Storm in a teacup ftw

does that even make sense?

Red Alert

Updater should be for installing updates, nothing more or nothing less.

ethernet

People now have a super good reason to untick. Funny to see installing Safari on Windows violates Apple's own EULA.

papu

another good reason to untick it.

And just think -- last year you were singing Dino Dai Zovi's praises for taking control of a MacBook Pro in nine whole hours. This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code, which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here. Nevertheless, he was forced to sign a nondisclosure agreement that'll keep him quiet until "TippingPoint can notify the vendor," but at least he'll have $10,000 and a new laptop to cuddle with during his silent spell.

Link

ZENER

papu wrote: »

another good reason to untick it.




Link

. . . eh . . . the link is to http . . . .

ZEN

papu

ZENER wrote: »

. . . eh . . . the link is to http . . . .

ZEN

sry fixed.

flywheel

Breezer wrote: »

Not the point, it's an updater, not a package manage...

read what you agree to, that's the point

cornbb

DubWireless wrote: »

read what you agree to, that's the point

True, people with any sort of tech savy will usually examine what's being installed during an update or an installation, but your average Windows iTunes user (i.e. Joe Soap who needed to install it to run his iPod) won't know what Safari is (it could be an iTunes component for all they know). They'll just click Ok -> Ok and will get duped into unknowingly installing a new web browser with pretty serious security holes onto their machine. Apple know this and are taking advantage of it. Its unethical.

Hugh_C

papu wrote: »

sry fixed.

Is there some way I can put this person on ignore? She has issues with Macs that I don't necessarily want to read.

[edit] found it, thanks...

papu

Hugh_C wrote: »

Is there some way I can put this person on ignore? She has issues with Macs that I don't necessarily want to read.

[edit] found it, thanks...

she ??
you bloody wish.
just hit the back button and move on..:D

( btw my names hugh aswell) lolololl

Breezer

DubWireless wrote: »

read what you agree to, that's the point

I know, but we both know EULAs go on forever, and as a result most people develop a habit of clicking 'Next next next' on anything with a 'Next' button. Not to mention the amount of kids that use iTunes and definitely won't be bothered reading stuff like this. I'm not denying that the user is at fault too, but an updater should be used for updates.

Sad Professor

There was a small article in the Irish Times' tech section about this today.

ZENER

cornbb wrote: »

. . . They'll just click Ok -> Ok and will get duped into unknowingly installing a new web browser with pretty serious security holes onto their machine. Apple know this and are taking advantage of it. Its unethical.

When iTunes is installed on the PC it installs a helper app and a software monitoring tool in the startup batch. Start>Run>MSCONFIG>Startup> untick the quicktime helper and iTunes something (not at a Windows machine right now but you'll see it). This should stop it from downloading unwanted software.

In fairness though Microsoft have been duping people into installing a bug ridden sieve er browser for years too !!

ZEN

papu

ZENER wrote: »

When iTunes is installed on the PC it installs a helper app and a software monitoring tool in the startup batch. Start>Run>MSCONFIG>Startup> untick the quicktime helper and iTunes something (not at a Windows machine right now but you'll see it). This should stop it from downloading unwanted software.

In fairness though Microsoft have been duping people into installing a bug ridden sieve er browser for years too !!

ZEN

ie7 withstood a whole day of Xero day attacks
as did mozilla
so your sieve er safari.
Pwn 2 own

aidan_walsh

ZENER wrote: »

When iTunes is installed on the PC it installs a helper app and a software monitoring tool in the startup batch. Start>Run>MSCONFIG>Startup> untick the quicktime helper and iTunes something (not at a Windows machine right now but you'll see it). This should stop it from downloading unwanted software.

In fairness though Microsoft have been duping people into installing a bug ridden sieve er browser for years too !!

ZEN

Except qttask and ituneshelper have nothing to do with the Apple Software Update.

Breezer

ZENER wrote: »

When iTunes is installed on the PC it installs a helper app and a software monitoring tool in the startup batch. Start>Run>MSCONFIG>Startup> untick the quicktime helper and iTunes something (not at a Windows machine right now but you'll see it). This should stop it from downloading unwanted software.

In fairness though Microsoft have been duping people into installing a bug ridden sieve er browser for years too !!

ZEN

The average Windows user is not going to type anything into the Run dialogue box, least of all something called 'msconfig,' for fear of 'breaking the computer' though. And even if they do, the box that pops up afterwards is hardly the pinnacle of user-friendliness - most people who get that far will close it in a panic.

Yes, other companies do it. Does that make it right for Apple to do it? I don't think so. Especially when they're billing their own machines as being unbloated.

ZENER

papu wrote: »

ie7 withstood a whole day of Xero day attacks
as did mozilla
so your sieve er safari.
Pwn 2 own

The guy forced Safari to visit HIS site where HE had already set up the exploit in the previous 3 weeks - hardly swift in fairness now. Maybe you should read the full text of the links you posted. My favorite comment related to the fact nearly all the hackers (sic) were using Macs and naturally they wanted the MBA so concentrated on it - who in their right mind would go to all that hassle to win a Dell ?! Priceless. Anyway IE is around for a lot longer than Safari, I'd expect it to be more secure at this stage - it's had enough training !!

Also this is brilliant !

"I Think many people was expecting that already. I think difficult will be to hack the vista machine recently new and IE 7 looks that is more secure then ever... I will probably put a bet that for every contest like this the Mac will be always the first to beat."


Yeah I agree with the above - Vista + IE 7 will be much harder to hack. However, the reason will be due to hacker frustration when Vista's UAC relentlessly keeps asking:

"You are about to exploit a critical Vista security flaw ... Cancel or Allow?"

:pac::pac::pac:

ZEN

papu

ZENER wrote: »

The guy forced Safari to visit HIS site where HE had already set up the exploit in the previous 3 weeks - hardly swift in fairness now. Maybe you should read the full text of the links you posted. My favorite comment related to the fact nearly all the hackers (sic) were using Macs and naturally they wanted the MBA so concentrated on it - who in their right mind would go to all that hassle to win a Dell ?! Priceless. Anyway IE is around for a lot longer than Safari, I'd expect it to be more secure at this stage - it's had enough training !!

Also this is brilliant !


"I Think many people was expecting that already. I think difficult will be to hack the vista machine recently new and IE 7 looks that is more secure then ever... I will probably put a bet that for every contest like this the Mac will be always the first to beat."


Yeah I agree with the above - Vista + IE 7 will be much harder to hack. However, the reason will be due to hacker frustration when Vista's UAC relentlessly keeps asking:

"You are about to exploit a critical Vista security flaw ... Cancel or Allow?"

:pac::pac::pac:

ZEN

maybe you should read it it wasn't a dell is was a Fujitsu U810 laptop
and it doesnt matter if he forced anything the fact was it was hacked.
:pac::pac::pac:

ZENER

The Dell bit was my own addition - anyway Dell, Fujitsu - who cares - they're windows machines to normal people.

Agreed he did hack the MBA - for the reasons mentioned. He knew it would be there so he spent the previous 3 weeks working on the exploit and setting it up. i.e. he'd set the whole thing up in advance specifically to win the MBA.

What's your beef with BSD or *nix by the way ? You seem to go out of your way to dis' it !?

ZEN

papu

ZENER wrote: »

The Dell bit was my own addition - anyway Dell, Fujitsu - who cares - they're windows machines to normal people.

Agreed he did hack the MBA - for the reasons mentioned. He knew it would be there so he spent the previous 3 weeks working on the exploit and setting it up. i.e. he'd set the whole thing up in advance specifically to win the MBA.

What's your beef with BSD or *nix by the way ? You seem to go out of your way to dis' it !?

ZEN

a hack is a hack , it doesnt matter how long he spent setting it up,

beef? bsd?

Breezer

papu wrote: »

beef? bsd?

ZEN wins :rolleyes:

ZENER

papu wrote: »

a hack is a hack , it doesnt matter how long he spent setting it up,

The fact that it was hacked if correct but to claim it was done in 2 minutes is not because it wasn't, it took 3 weeks and 2 minutes. There's a difference.

beef? bsd?

I wondered had this hack taken place in Safari on Windows would you be as quick to hail it ?

. . . oh wait - gottit, heh heh very good . . . beef - bsd, yeah very good.

ZEN

Tar.Aldarion

ZENER wrote: »

When iTunes is installed on the PC it installs a helper app and a software monitoring tool in the startup batch. Start>Run>MSCONFIG>Startup> untick the quicktime helper and iTunes something (not at a Windows machine right now but you'll see it). This should stop it from downloading unwanted software.

In fairness though Microsoft have been duping people into installing a bug ridden sieve er browser for years too !!

ZEN

That's not duping, it comes as part of the OS like a browser should.

cornbb

Tar.Aldarion wrote: »

That's not duping, it comes as part of the OS like a browser should.

Excellent point. If OS X users were updating say, MS Office for Mac, and the updater prompted them to install IE for Mac (if it existed) then they would be up in arms, and rightly so.

I think its awesome that OS X has so few vulnerabilities and all but getting smug about it (and this thread does reek of smug) is probably not a good idea, this leads to complacency. As OS X increases in popularity it is inevitable that the platform will draw more attention from hackers and malware producers, and the Mac community is very poorly equipped to deal with such threats if/when they arise.

As much as I dislike IE, its a bit unfair to be dissing it as a "bug-ridden sieve" when Safari for Windows is brand new and has gotten off to a pretty mixed start already.

papu

cornbb wrote: »

Excellent point. If OS X users were updating say, MS Office for Mac, and the updater prompted them to install IE for Mac (if it existed) then they would be up in arms, and rightly so.

I think its awesome that OS X has so few vulnerabilities and all but getting smug about it (and this thread does reek of smug) is probably not a good idea, this leads to complacency. As OS X increases in popularity it is inevitable that the platform will draw more attention from hackers and malware producers, and the Mac community is very poorly equipped to deal with such threats if/when they arise.

As much as I dislike IE, its a bit unfair to be dissing it as a "bug-ridden sieve" when Safari for Windows is brand new and has gotten off to a pretty mixed start already.

yes safari for windows , but safari has been the default browser for apple machines for a good while now.
the exploit was a universal exploit in safari , just as the vista machine got hacked with a crossplatform Abode Flash hack , Tbh the contest is about findng ways to make the things we use safer.

hands up who doesn't have flash installed?