On TV.com: Why Is Everyone in TV High School SO OLD
BNET Business Network:
BNET
TechRepublic
ZDNet

June 24th, 2008

How does Apple get away with this badware behavior?

Posted by Ryan Naraine @ 11:17 am

Categories: Apple, Arbitrary Code Execution, Browsers, Microsoft, Open source, Passwords, Patch Watch, Pen testing, Privacy, Punditocracy, Spyware and Adware, Vulnerability research

Tags: Apple Inc., StopBadware.org Guideline, Microsoft Windows, Tools & Techniques, Productivity, Operating Systems, Software, Management, Ryan Naraine

As part of my work testing exploits for the recent Safari “carpet-bombing” issue — and the combo-threat to Windows users — I installed Apple’s flagship browser on a brand-new Windows XP machine.

The installation came with Apple’s automatic software updater, a very valuable tool to automate patch management for end users.  I knew Apple was using the tool to ship Safari as a new product download if iTunes/QuickTime (and the updater) was already on the system but it still came as a big surprise to me when I fired up the updater this morning and ran into this:

How does Apple get away with this stuff?

That’s 95 MBs, pre-checked by default, bundled into a security patch and ready to hose my machine.

This is clearly badware behavior and it’s shocking to me that Apple gets away with it.  I understand the economics of Apple being aggressive to establish a presence on the Windows ecosystem but this is really unacceptable.

The StopBadware.org guidelines are very clear on what constitutes badware and, to my mind, it’s a no-brainer that Apple is being deceptive and irresponsible, even if the bundling is separated under the “new software” tab.

We’ve spent the last few years recommending — even demanding — that software vendors ship Internet-facing products with automatic software updaters because of the importance of keeping products patched but, when those updaters become a business tool, there’s a big problem.

Where are the StopBadware guys when you need them?

Is this badware behavior?

View Results

Loading ... Loading ...

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 303 Talkback(s)
RE: How did you earn your 'Journalism' Degrees? At MS degrees night schoo
you two guys are true jokes as examples of 'reporters'
at MSNZD
The REAL question is how a quickly becoming irrelevant,
obsolete OS like WINDOWS gets away with it?
Your zeal in pointing o... (Read the rest)
Posted by: gennx30 Posted on: 08/12/09  (Edited: 08/12/09 @ 10:57) You are currently: a Guest | | Terms of Use
Because Apple users don't demand better  NonZealot | 06/24/08
Sadly, you're right...  Ryan NaraineZDNet Moderator | 06/24/08
Badware  Harry Bardal | 06/24/08
Apple users  Ryan NaraineZDNet Moderator | 06/24/08
And apparently  frgough | 06/24/08
re: non-issue  Badgered | 06/24/08
Correct  Ryan NaraineZDNet Moderator | 06/24/08
Apple Customers  Harry Bardal | 06/24/08
you're not the only one  Ed Lin | 06/25/08
I agree  BlazingEagle | 06/25/08
Depends  notsofast | 06/25/08
Demanding Better...  Jaips | 06/24/08
iPod support  Norcross | 06/25/08
Where's the iPod support  rlarsen@... | 06/25/08
You said it yourself  spookyone1 | 07/15/08
I block ALL Apple apps from my systems, at work too  Joop deBruin | 06/25/08
not pure evil...  djchandler | 06/25/08
Pure Evil  jmadlena@... | 06/25/08
I wouldn't call it pure evil  alaniane@... | 06/26/08
Compared to this same subject 3 month ago...  vulpine@... | 07/08/08
RE: "I block all Apple apps..."  orthocross | 06/27/08
Re: Apps  Badgered | 06/27/08
Three  spookyone1 | 07/15/08
Me too!  jerry@... | 07/11/08
RE: "Apple users..."  orthocross | 06/27/08
Badware  slowe@... | 06/25/08
I know.. Scary isn't it? (NT)  ju1ce | 06/25/08
Re: Sadly you're right...  orthocross | 06/27/08
No, Donald...  vulpine@... | 07/08/08
yup it's the consumers/users/zombies  willyu | 06/24/08
Zombies?  Misha35 | 06/25/08
Uh huh... and just what are you using?  vulpine@... | 07/08/08
Yes about Apple and they  gkrwc | 07/10/08
Translation  frgough | 06/24/08
HA! ROFL  /A\V/ | 06/25/08
Re: "Translation..."  orthocross | 06/27/08
H.264...  SquishyParts | 06/27/08
Huh?  Kid Icarus-21097050858087920245213802267493 | 06/25/08
"MS does the exact same thing"  rzrwire@... | 06/25/08
Yes, Microsoft DOES do the exact same thing.  knot44 | 06/25/08
Re: Yes, Microsoft DOES do the exact same thing  chrisfalter | 06/25/08
What a bunch of crock dude,,,  AdventTech67 | 07/23/08
No, it doesn't  Badgered | 06/25/08
Mindless Apple Zombie Question...  ladyirol | 06/25/08
ahh  Badgered | 06/26/08
Windows - AutoUpdate  jjarman | 06/26/08
depends on the software  Ceridan | 06/27/08
Re: What kind of idiot would ever "Auto Update"?  orthocross | 06/27/08
Stop using automatic anything.  djchandler | 06/25/08
Naive Article: Perspective, MS does this regularly!...Media Player, etc...  jjarman | 06/26/08
WGA  spookyone1 | 07/15/08
OK  balaknair | 06/25/08
The problem is there is no mention of that in this article  Kid Icarus-21097050858087920245213802267493 | 06/25/08
Missing the point  laura.b | 06/25/08
Oh really?  Kid Icarus-21097050858087920245213802267493 | 06/25/08
Are you joking?  laura.b | 06/25/08
And how exactly are they "getting away with it" anymore than MS?  Kid Icarus-21097050858087920245213802267493 | 06/25/08
PAY ATTENTION  laura.b | 06/25/08
No difference at all...  vulpine@... | 07/08/08
Apple has never hosed anyone's machine.  AdventTech67 | 07/23/08
Not so fast  wolf_z | 02/13/09
i agree! needs to be put in perspective to MS's own practices!  jjarman | 06/26/08
Glad to hear you would approve of MS doing the same thing!!  NonZealot | 06/26/08
Asking for a Balanced Perspective, please don't make irrational conclusions  jjarman | 06/26/08
Are you outta your freaking mind.  AdventTech67 | 07/23/08
Alright  Badgered | 06/26/08
hmmmm....not quite accurate...Media Player, WGA, Silverlight, etc. etc. etc  jjarman | 06/26/08
hmm... maybe, maybe not.  Badgered | 06/26/08
some of both perhaps?  jjarman | 06/26/08
a good point you made...windows autoupdate log file, apple equivilant?  jjarman | 06/26/08
... up to users to decide ...  vulpine@... | 07/08/08
Well I for one say don't use APPLE products, ever!  AdventTech67 | 07/23/08
Say rather MS has tried the same trick in the past.  brendan@... | 06/26/08
As an Apple user...  vulpine@... | 07/08/08
My recent experience!  cyberdad@... | 06/25/08
Very curious...  ladyirol | 06/25/08
Actually, it's the other way around  tech_ed@... | 06/25/08
Zombies  jmadlena@... | 06/25/08
So sickeningly sweet I'm going to hurl!  vulpine@... | 07/08/08
Because Apple users don't KNOW any better...  Narg | 06/25/08
No possibility that it is the fault of the platform...?  ladyirol | 06/25/08
Actually, it's more of a matter  alaniane@... | 06/26/08
this apple customer disagrees  Ed Lin | 06/25/08
Not quite the same thing  laura.b | 06/25/08
I'm with Ryan too  Ed Lin | 06/25/08
I agree  laura.b | 06/26/08
You mean like Microsoft  rhabkirk@... | 06/26/08
On the mark but not quite right  Wayne Reid | 06/26/08
In all that gobbledygook, did you really say something?  vulpine@... | 07/08/08
??????????  Userama | 02/13/09
RE: How does Apple get away with this badware behavior?  Bozzer | 06/24/08
lock-in?  Ed Lin | 06/25/08
The obvious one  rtk | 06/28/08
Not obvious when...  vulpine@... | 07/08/08
A distinction without a difference.  wolf_z | 02/13/09
RE: How does Apple get away with this badware behavior?  jfp | 06/24/08
Bravo!  ladyirol | 06/25/08
Hey, at least you got Quicktime!  TripleII | 06/24/08
Wrong  frgough | 06/24/08
Umm 1000's would be better  socialism=nowhere | 06/25/08
Here's a question for you...  vulpine@... | 07/08/08
re: Wrong  M.R. Kennedy | 06/25/08
Quicktime is no longer like that  Ed Lin | 06/25/08
The truth will hurt if you know.  AdventTech67 | 07/23/08
How does ZDNet get away with linkbait like this?  Lun_Esex | 06/24/08
RE: How does Apple get away with this badware behavior?  incidentist | 06/24/08
RE: How does Apple get away with this badware behavior?  ZenMasta | 06/24/08
re: iTunes Services  Badgered | 06/24/08
Simple asnwer...  vulpine@... | 07/08/08
RE: How does Apple get away with this badware behavior?  jake_11 | 06/24/08
hmm  Badgered | 06/24/08
Correction  celeriun@... | 06/24/08
And yet..  msalzberg | 06/24/08
Correction  celeriun@... | 06/24/08
I wouldn't call...  msalzberg | 06/24/08
WGA is new sotftware  rpmyers1 | 06/24/08
WGA not new software  celeriun@... | 06/24/08
No, it was not part..  msalzberg | 06/24/08
Know your software  celeriun@... | 06/24/08
I could be wrong...  msalzberg | 06/24/08
No, YOU "know your software"  /A\V/ | 06/25/08
re: No, YOU "know your software"  Badgered | 06/25/08
determine whether a... copy of Windows is legal or not  vulpine@... | 07/08/08
How many times does WGA have to verify that my Windows installation  AdventTech67 | 07/23/08
I have a question  laura.b | 06/25/08
ipod service running as localsystem  Ryan NaraineZDNet Moderator | 06/24/08
apple needs to fix that, true  Ed Lin | 06/25/08
This is just plain rude  vulpine@... | 07/08/08
A response from StopBadware.org  Ryan NaraineZDNet Moderator | 06/24/08
Still Not Enough  Harry Bardal | 06/24/08
It shouldn't be there at all  Ryan NaraineZDNet Moderator | 06/24/08
What the hell are you on about  Kaiwai | 06/24/08
Pay attention please  Ryan NaraineZDNet Moderator | 06/24/08
NO ONE IS FORCING YOU TO INSTALL IT!  Kaiwai | 06/24/08
Not security updates, agree with Ryan  AySz88 | 06/24/08
yea but  dave@... | 06/25/08
Ryan is right, period. nt  socialism=nowhere | 06/25/08
So, the next time someone  alaniane@... | 06/26/08
i suppose  richvball44 | 06/24/08
RE: No they are not  JakAttak | 06/25/08
Not The Issue  Harry Bardal | 06/24/08
It's nothing personal  balaknair | 06/25/08
Contradictory  Harry Bardal | 06/25/08
It is not the platform  Real World | 06/25/08
Not My Argument  Harry Bardal | 06/26/08
you're not getting it  Real World | 06/27/08
With all due respect...  wolf_z | 02/13/09
So Ryan you uncheck what you don't want.  AdventTech67 | 07/23/08
What if people don't know what's involved?  Li1t | 08/28/08
You started with a false premise.  xuniL_z | 06/24/08
Laundry List  Harry Bardal | 06/25/08
I agree, but...  ladyirol | 06/25/08
Reading their response i find 2 things interesting...  jjarman | 06/26/08
Yup... and I see...  vulpine@... | 07/08/08
RE: How does Apple get away with this badware behavior?  jake_11 | 06/24/08
RE: How does Apple get away with this badware behavior?  celeriun@... | 06/24/08
What is wrong?  Kaiwai | 06/24/08
I will tell you what is wrong  Confused by religion | 06/24/08
ARE THY FORCING YOU TO INSTALL IT?  Kaiwai | 06/24/08
I shouldn't have to DESELECT anything, and this function is for UPDATES  Roque Mocan | 06/24/08
Tard...  rzrwire@... | 06/25/08
So you like unwanted software?  ZDarryl | 06/25/08
So riddle me this..  msalzberg | 06/24/08
answer  Badgered | 06/25/08
re: So riddle me this..  M.R. Kennedy | 06/25/08
Good question....  i8thecat | 06/26/08
Did you know that...  vulpine@... | 07/08/08
Don't you want Safari to beat out Internet Explorer???  GiveMeGizmos | 06/24/08
You have it backwards  ZDarryl | 06/25/08
Wrong. It was not "automatically installing"...  vulpine@... | 07/08/08
No  wolf_z | 02/13/09
RE: How does Apple get away with this badware behavior?  celeriun@... | 06/24/08
OS X Office patch with IE5 install selected by default  NonZealot | 06/24/08
And where was the outrage...  msalzberg | 06/24/08
If I downloaded a media player  Michael Kelly | 06/24/08
I see no difference..  msalzberg | 06/25/08
So then I take it  Michael Kelly | 06/25/08
Very bad simile.  vulpine@... | 07/08/08
So you like unwanted software  ZDarryl | 06/25/08
re: I see no difference...  M.R. Kennedy | 06/25/08
No, what he's saying is that it's "precisely the same"  vulpine@... | 07/08/08
Oh, please  laura.b | 06/25/08
I see no difference...  rtk | 06/28/08
Two points  balaknair | 06/25/08
OMG - if that were the case you would think they asked for a limb..nt  socialism=nowhere | 06/25/08
automatic software updaters -- PLEASE NOOOOO!  cornpie | 06/24/08
RE: How does Apple get away with this badware behavior?  SquishyParts | 06/24/08
Why nobody points a finger towards Microsoft  tnsenthil | 06/24/08
RE: How does Apple get away with this badware behavior?  mister-moon | 06/25/08
For heavens sake man, just uncheck the damned things....  BitTwiddler | 06/25/08
You are missing the point!  ZDarryl | 06/25/08
"When in Rome..."  Kid Icarus-21097050858087920245213802267493 | 06/25/08
re: Silverlight anyone?  Badgered | 06/25/08
Negative  rzrwire@... | 06/25/08
re: "When in Rome..."  M.R. Kennedy | 06/25/08
They get "away" with it?  JakAttak | 06/25/08
RE: How does Apple get away with this badware behavior?  MichaelWells | 06/25/08
Badware behavior  M.R. Kennedy | 06/25/08
RE: How does Apple get away with this badware behavior?  ZDarryl | 06/25/08
RE: How does Apple get away with this badware behavior?  peripo | 06/25/08
RE: correction  JakAttak | 06/25/08
RE: How does Apple get away with this badware behavior?  aodonnell | 06/25/08
?  peripo | 06/25/08
Come on, even a Troll knows...  wolf_z | 02/13/09
RE: How does Apple get away with this badware behavior?  ZDarryl | 06/25/08
RE: How does Apple get away with this badware behavior?  cwallen19803@... | 06/25/08
Yeah, it sucks, but ditto on Windows sad  SteveMak | 06/25/08
Ahhh, the voice of reason  peripo | 06/25/08
Misguided...  rzrwire@... | 06/25/08
You are incorrect  SteveMak | 06/26/08
No, that's misleading  laura.b | 06/26/08
I refute this with one application...  vulpine@... | 07/08/08
I monitor the updates coming from windows  socialism=nowhere | 06/25/08
You are missing the point!  ZDarryl | 06/25/08
I see your point  SteveMak | 06/26/08
RE: How does Apple get away with this badware behavior?  mydigitaltrashcan@... | 06/25/08
RE: How does Apple get away with this badware behavior?  1337pc.net | 06/25/08
Explain something  laura.b | 06/25/08
......  Badgered | 06/25/08
The question remains, why should we have to...?  vulpine@... | 07/08/08
Quicktime screwing Vista  nj_lockwood@... | 06/25/08
RE: How does Apple get away with this badware behavior?  MgrCompCentre | 06/25/08
RE: How does Apple get away with this badware behavior?  Chiatzu | 06/25/08
happy Don't be surprised...  ladyirol | 06/25/08
Microsoft has been doing this for years!  iWASaPC | 06/25/08
Reading for comprehension  M.R. Kennedy | 06/25/08
RE: How does Apple get away with this badware behavior?  mpitone | 06/25/08
RE: How does Apple get away with this badware behavior?  iWASaPC | 06/25/08
Sheeple (Apple/sheep/people)  koolbass@... | 06/25/08
Tacky...  ladyirol | 06/25/08
re: Sheeple  Badgered | 06/26/08
RE: How does Apple get away with this badware behavior?  spikedstrider | 06/25/08
Working together...  M.R. Kennedy | 06/25/08
'Splain to me ...  vulpine@... | 07/08/08
Well, I guess that's the price one must pay for "free" software  JohnMcGrew@... | 06/25/08
Apple is the 21st Century Microsoft  Joop deBruin | 06/25/08
Naughty, naughtly Apple, not playing fair!!!  Raid6 | 06/25/08
Good post  balaknair | 06/25/08
Yay!  ju1ce | 06/25/08
your post has some truth, most false, like most propaganda  Ed Lin | 06/25/08
So much time spent for no value  Raid6 | 06/25/08
it would be nice if you actually point out where I'm wrong  Ed Lin | 06/26/08
Yet another refutation...  vulpine@... | 07/08/08
Shame on that person who invested all that money in Apple!  ladyirol | 06/25/08
Are you....?  Raid6 | 06/26/08
woosh!  Ed Lin | 06/26/08
Ooooh! An itemized complaint!  vulpine@... | 07/08/08
What frightens me is...  vulpine@... | 07/08/08
RE: How does Microsoft get away with this badware behavior?  knot44 | 06/25/08
How is MS pushing Silverlight?  Raid6 | 06/25/08
Wrong answer  Michael Kelly | 02/13/09
It's not  rapson | 06/25/08
Come on...  info@... | 06/25/08
It's their Business Model, Stupid  kfestus@... | 06/25/08
Full-Court Press  justwait | 06/25/08
Why? Because MS set this standard long ago.  Kid Icarus-21097050858087920245213802267493 | 06/25/08
uMM..barring WGA... you make no point.  JT82 | 06/25/08
The above should have been a reply to Kid Icarus..NT  JT82 | 06/25/08
So, don't install good products on POS systems  Professor8 | 06/25/08
This is a typical Apple zealot  Raid6 | 06/25/08
there, I fixed it for you  Ed Lin | 06/26/08
Not synonymous  laura.b | 06/26/08
RE: How does Apple get away with this badware behavior?  1031982 | 06/25/08
RE: How does Apple get away with this badware behavior?  z33511@... | 06/25/08
RE: How does Apple get away with this badware behavior?  john_gillespie@... | 06/25/08
Obviously you dont use windows..  JT82 | 06/25/08
Right  john_gillespie@... | 06/25/08
same thing  jjarman | 06/26/08
Apple gets off clean all the time  NameRedacted | 06/25/08
Exactly  john_gillespie@... | 06/25/08
Funny...  ladyirol | 06/25/08
re: Funny...  Badgered | 06/26/08
Slow news day?  mlindl | 06/25/08
re: Slow news day?  Badgered | 06/25/08
RE: How does Apple get away with this badware behavior?  john_gillespie@... | 06/25/08
RE: How does Apple get away with this badware behavior?  pjones | 06/25/08
because Apple poos gold or so their customers think. happy  Brissietex | 06/25/08
RE: How does Apple get away with this badware behavior?  mcs74177@... | 06/25/08
RE: How does Apple get away with this badware behavior?  donaldcarroll | 06/25/08
An issue with Quick Time  Raid6 | 06/26/08
RE: How does Apple get away with this badware behavior?  lostinspace | 06/26/08
RE: How does Apple get away with this badware behavior?  james@... | 06/26/08
RE: How does Apple get away with this badware behavior?  1031982 | 06/26/08
RE: How does Apple get away with this badware behavior?  shanedr | 06/26/08
RE: How does Apple get away with this badware behavior?  navinsamuel | 06/26/08
re: Thinking  Badgered | 06/26/08
Wrong!  Raid6 | 06/26/08
Computer illiteracy is not an excuse for stupidity.  Mercat | 06/27/08
re: Computer illiteracy is not an excuse  Badgered | 06/27/08
I remember...  Mercat | 06/27/08
re: I remember...  Badgered | 06/27/08
Lets try this:  Mercat | 06/27/08
A *lot* of PC enthusiasts seem to have time on their hands...  bill_abbott_iv | 06/27/08
RE: How does Apple get away with this badware behavior?  terminalman | 06/28/08
Master Joe Says...  MasterJoe | 06/28/08
you're so right Master Joe  Digitalcomet | 06/30/08
RE: How does Apple get away with this badware behavior?  creep144 | 06/30/08
RE: How does Apple get away with this badware behavior?  vulpine@... | 07/08/08
Ryan, Ryan, Ryan, you've done it again.  AdventTech67 | 07/23/08
This Behavior Is Unacceptable  Cardhu | 09/23/08
Same reason Microsoft does!  jacarter3 | 02/13/09
Not "badware"  Metronome49 | 02/13/09
RE: How did you earn your 'Journalism' Degrees? At MS degrees night schoo  gennx30 | 08/12/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads