tag itunes

Apple Responds to Community Concerns

Posted by Maxim Weinstein Thu, 17 Apr 2008 15:11:00 GMT

A few weeks ago, the blogosphere raised concerns about the Windows version of Apple Software Update for offering new software installations (e.g., Safari) disguised as product updates. At the time, we blogged about it and said we were looking into it. It turns out that we were prepared to release an alert today identifying the product as badware. I’m glad to report, however, that we don’t have to, as Apple yesterday released an updated version that addresses the concerns that bloggers and StopBadware.org raised with them.

Here’s some additional information about our recent activity on this issue:

On Monday, I called Apple’s PR department to notify them that we were preparing to release a badware alert about Apple Software Update on Thursday (i.e., today). (It is our standard policy to give advance notice and send a copy of the draft to the software producer before we release a badware alert.) When I hadn’t received a call by Tuesday, I e-mailed the draft to several PR people at Apple whose job titles seemed most likely to be relevant to the issue. I never did receive a response.

The alert draft made one clear recommendation to Apple:

Clearly differentiate, in a manner understandable to a typical computer user, between software updates and installations of new applications.

Our detailed report draft, which accompanied the alert, also included the following observation:

Apple does not appear to have a software license agreement (SLA) or privacy policy for Apple Software Update. None is included during installation, none can be found in the application itself, and none is listed on Apple’s SLA web page. We have not been made aware of any behaviors in Apple Software Update that affect user privacy.

Late on Wednesday, one of our staff noticed that Apple Software Update was notifying him of a new version of itself. This morning, I ran Apple Software Update myself and, sure enough, I saw a new version of Apple Software Update available (listed as version 2.1, reported in the app as 2.1.0.110). I chose to install it and was immediately presented with an SLA for Apple Software Update. After accepting, the update installed and prompted me to reboot. After the reboot, I ran the new version of Apple Software Update, and I saw this:

Notice the difference in how the new applications (in this case, Safari and iTunes + QuickTime) are presented compared to the old version:

Note also the difference in language in the line under “New software is available from Apple.” We had noted the old language, which explicitly referred to updates, in our report draft.

Apple clearly responded to the concerns of the community in making these changes, and consumers will benefit. The previous version of Apple Software Update was confusing to users and had the potential to lead users to stop trusting in the update process, a process that is critical to security efforts. With this change, and hopefully additional changes as the community provides additional feedback to this latest iteration, users can feel more comfortable with what they’re agreeing to when installing updates and new software via Apple’s tool.

Posted in all | Tags apple, itunes, stopbadware

Apple updates raise eyebrows

Posted by Maxim Weinstein Mon, 24 Mar 2008 20:32:00 GMT

Bloggers have recently reported that the current version of the Apple Software Update tool for Windows, which is bundled with some of Apple’s current products, such as QuickTime and iTunes, offers the user “updates” for applications (e.g., the Safari web browser) that are not currently installed on the machine. Choosing to install the offered updates, all of which are selected by default, reportedly results in the additional applications being downloaded and installed. This differs from many automatic update applications, which offer only to update software that is already installed on the user’s machine.

Gizmodo reported the practice on Friday:

If you pop open Apple software Update in Windows, you’ll see a fresh item in there today: Safari 3.1. Even if you don’t already have it installed. This is the first time they’ve used Software Update to push Safari on Windows users that didn’t already have it. What’s up with the new, more aggressive thrust?

John Lilly, CEO of the Mozilla Foundation, which oversees the development of open source web browser Firefox, also reported and commented on the behavior:

What Apple is doing now with their Apple Software Update on Windows is wrong. It undermines the trust relationship great companies have with their customers, and that’s bad — not just for Apple, but for the security of the whole Web. What they did yesterday was to use their updater for iTunes to also install their Safari Web browser…

StopBadware.org has not at this time evaluated the products in question. As we are committed to consistently and fairly applying our badware guidelines, we have added the current Windows versions of Apple Software Update tool, QuickTime player, and iTunes to our testing queue. When we have completed our evaluation, we will post our findings.

Posted in all | Tags apple, itunes, stopbadware

Apple Responds to Community Concerns

Apple updates raise eyebrows

Archives

del.icio.us/stopbadware/badware

Syndicate

Apple Responds to Community Concerns Posted by Maxim Weinstein Thu, 17 Apr 2008 15:11:00 GMT A few weeks ago, the blogosphere raised concerns about the Windows version of Apple Software Update for offering new software installations (e.g., Safari) disguised as product updates. At the time, we blogged about it and said we were looking into it. It turns out that we were prepared to release an alert today identifying the product as badware. I’m glad to report, however, that we don’t have to, as Apple yesterday released an updated version that addresses the concerns that bloggers and StopBadware.org raised with them. Here’s some additional information about our recent activity on this issue: On Monday, I called Apple’s PR department to notify them that we were preparing to release a badware alert about Apple Software Update on Thursday (i.e., today). (It is our standard policy to give advance notice and send a copy of the draft to the software producer before we release a badware alert.) When I hadn’t received a call by Tuesday, I e-mailed the draft to several PR people at Apple whose job titles seemed most likely to be relevant to the issue. I never did receive a response. The alert draft made one clear recommendation to Apple: Clearly differentiate, in a manner understandable to a typical computer user, between software updates and installations of new applications. Our detailed report draft, which accompanied the alert, also included the following observation: Apple does not appear to have a software license agreement (SLA) or privacy policy for Apple Software Update. None is included during installation, none can be found in the application itself, and none is listed on Apple’s SLA web page. We have not been made aware of any behaviors in Apple Software Update that affect user privacy. Late on Wednesday, one of our staff noticed that Apple Software Update was notifying him of a new version of itself. This morning, I ran Apple Software Update myself and, sure enough, I saw a new version of Apple Software Update available (listed as version 2.1, reported in the app as 2.1.0.110). I chose to install it and was immediately presented with an SLA for Apple Software Update. After accepting, the update installed and prompted me to reboot. After the reboot, I ran the new version of Apple Software Update, and I saw this: Notice the difference in how the new applications (in this case, Safari and iTunes + QuickTime) are presented compared to the old version: Note also the difference in language in the line under “New software is available from Apple.” We had noted the old language, which explicitly referred to updates, in our report draft. Apple clearly responded to the concerns of the community in making these changes, and consumers will benefit. The previous version of Apple Software Update was confusing to users and had the potential to lead users to stop trusting in the update process, a process that is critical to security efforts. With this change, and hopefully additional changes as the community provides additional feedback to this latest iteration, users can feel more comfortable with what they’re agreeing to when installing updates and new software via Apple’s tool. Posted in all \| Tags apple, itunes, stopbadware Apple updates raise eyebrows Posted by Maxim Weinstein Mon, 24 Mar 2008 20:32:00 GMT Bloggers have recently reported that the current version of the Apple Software Update tool for Windows, which is bundled with some of Apple’s current products, such as QuickTime and iTunes, offers the user “updates” for applications (e.g., the Safari web browser) that are not currently installed on the machine. Choosing to install the offered updates, all of which are selected by default, reportedly results in the additional applications being downloaded and installed. This differs from many automatic update applications, which offer only to update software that is already installed on the user’s machine. Gizmodo reported the practice on Friday: If you pop open Apple software Update in Windows, you’ll see a fresh item in there today: Safari 3.1. Even if you don’t already have it installed. This is the first time they’ve used Software Update to push Safari on Windows users that didn’t already have it. What’s up with the new, more aggressive thrust? John Lilly, CEO of the Mozilla Foundation, which oversees the development of open source web browser Firefox, also reported and commented on the behavior: What Apple is doing now with their Apple Software Update on Windows is wrong. It undermines the trust relationship great companies have with their customers, and that’s bad — not just for Apple, but for the security of the whole Web. What they did yesterday was to use their updater for iTunes to also install their Safari Web browser… StopBadware.org has not at this time evaluated the products in question. As we are committed to consistently and fairly applying our badware guidelines, we have added the current Windows versions of Apple Software Update tool, QuickTime player, and iTunes to our testing queue. When we have completed our evaluation, we will post our findings. Posted in all \| Tags apple, itunes, stopbadware		Archives July 2008 (10) June 2008 (19) May 2008 (17) April 2008 (24) March 2008 (18) February 2008 (13) January 2008 (9) December 2007 (11) November 2007 (14) October 2007 (9) del.icio.us/stopbadware/badware Drive-by download attacks menace UK.gov \| The Register Convicted spammer escapes from prison - Security - iTnews Australia Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Impersonating StopBadware.org to Serve Fake Security Warnings Apple "sneaks" MobileMe prefs into Windows via iTunes update Google Online Security Blog: Are you using the latest web browser? Syndicate Articles
Contact Us \| Privacy Policy Consumer Reports WebWatch is not receiving any corporate support for its participation in this program. Copyright © 2006 - All content for this site is under a Creative Commons license


Regaining Control of Our Computers