Slipping another web browser onto a PC along with an iTunes update strikes John Lilly as a risky security move.
Apple as the great security threat to Windows? One might think that after checking out Lilly’s post on his blog.
He noted how the Apple Software Update suggests the Safari web browser as something to update, even if the PC in question never had Safari on the system previously.
Since people tend to blithely install whatever the computer tells them to do, they are likely to install Safari along with the iTunes update. If you’ve just installed iTunes on a clean Windows machine, Apple Software Update only lists Safari.
Lilly goes as far as suggesting Apple’s listing of Safari as available software “borders on malware distribution practices.” Apple’s always-jovial legal department may find that characterization a little more interesting than Lilly intended.
The whole kerfuffle comes down to something that is Apple’s fault, in a way. When running Apple Software Update and something is available, the window reads, “New software is available from Apple” followed by “Select the items you want to update, then click Install.”
See the semantic problem? New software, items you want to update? If Apple had programmed Software Update to recognize a new install and call it that explicitly, maybe Lilly wouldn’t be so upset.
A prudent computer user probably has no problem recognizing when Apple drops something new into the Software Update screen. It’s easy to avoid installing Safari if you don’t want it on Windows.
Real malware exhibitors exist, and deserve criticism. Apple’s just not in that category. Check out Ben Edelman’s site to learn what malware distributors do.
