Sunday, April 20

Software Update -- Did Apple Do Enough?

As I posted on the ISC --

I've been reading alot of articles recently about Apple's Software Updates. A couple of weeks ago, we talked about this in the ISC podcast, about Safari being automatically checked for installation if you have Apple Software Update installed. Apple Software Update is Apple Inc.'s piece of software that keeps Quicktime, iTunes, and Safari updated on your Windows Machine. It obviously does a lot more on our Apple's.

Now, I am an Apple user, an AVID Apple user. I own no less then 15-20 of their products, and an avid Apple defender. But even I said that Safari being automatically checked and enabled for download and installation on Windows machines was going a step too far. I don't mind if it was there for download, but automatically checked? Meh.

Now, I don't have a Windows machine, so I haven't been able to experience this myself, but apparently Apple issued an update to Software Update last week that moved Safari down to a block called "Optional Downloads", instead of being labeled as an update. Well, it's a great step, but I still am of the opinion that Apple didn't go far enough. Safari is still checked by default!?

What's the big deal? It's just an update, or even an optional download. Well, that's fine except that Safari was checked even on machines that didn't have Safari installed on it. Apple wasn't the forcing the download on people, but it sure wasn't making it obvious that it was an optional download.

So my question is, did Apple go far enough? I don't think they did, I would like to see it unchecked by default as an optional download. I don't mind if Apple offers the Windows users a better browsing experience. ;) But I do mind if they make the browser seem like it's a part of an already existing installation.

The problem wouldn't be so bad, but I know at some point in the near future someone, whether it's Apple or some other agency , will report that Safari as "x" amount of market share, which me, as an Apple guy will say "Yeah! We have "X"!". But will it really be a real metric?

Joel Esler

http://www.joelesler.net


 Subscribe in a reader

3 comments:

Raffi said...

I'm curioius if there are already safari bits (i.e. webkit) already in iTunes/QT for windows that if that was the motivation.

The security folks (me included) would say that the additional software adds to the attack surface area and provides another piece of code that could be vulnerable. But what if the code is already there as part of other applications? My developer-foo wouldn't allow me to research this properly.

But, then again, you're probably right that it was a marketing move.

Raffi said...

I'm curioius if there are already safari bits (i.e. webkit) already in iTunes/QT for windows that if that was the motivation.The security folks (me included) would say that the additional software adds to the attack surface area and provides another piece of code that could be vulnerable. But what if the code is already there as part of other applications? My developer-foo wouldn't allow me to research this properly.But, then again, you're probably right that it was a marketing move.

Raffi said...

I'm curioius if there are already safari bits (i.e. webkit) already in iTunes/QT for windows that if that was the motivation.The security folks (me included) would say that the additional software adds to the attack surface area and provides another piece of code that could be vulnerable. But what if the code is already there as part of other applications? My developer-foo wouldn't allow me to research this properly.But, then again, you're probably right that it was a marketing move.