On The Insider: John Mayer Equates Dating with Shame
BNET Business Network:
BNET
TechRepublic
ZDNet

August 25th, 2008

New StopBadware guidelines take aim at software update bundling

Posted by Ryan Naraine @ 2:45 pm

Categories: Adobe, Anti Virus, Apple, Arbitrary Code Execution, Botnets, Browsers, Firefox, Flash, Malware, Open source, Passwords, Patch Watch, Punditocracy, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Software, Guideline, Automatic Update, Consent, Apple Inc., Software Update, Patches, Tools & Techniques, Security, Management

StopBadware draft guidelines take aim at software update bundling

If the StopBadware coalition has its way, software updaters from Sun Microsystems (see screenshot above) and Apple will carry the embarrassing “badware” label.

According to a draft of revamped guidelines (.pdf) from the Google-backed computer security consortium, the badware label will expand to include products that:

  • Install a new application through unattended automatic updates.
  • Introduce new potentially unwanted behaviors to an application through unattended automatic updates.

Under these new guidelines,  Apple’s WASU (Windows Automatic Sofware Update) utility will be considered badware because it bundles new products like Safari, iTunes and QuickTime alongside security patches without the end user’s explicit consent.

[ SEE: How does Apple get away with this badware behavior ]

The StopBadware alliance is currently seeking feedback on the new guidelines.

The non-profit group said it would not use the badware label for installation of new applications alongside updates if there is separate disclosure and consent.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 5 Talkback(s)
Me too
I haven't used Reader for a couple years, since i found Foxit. (Read the rest)
Posted by: fairportfan Posted on: 08/27/08 You are currently: a Guest | | Terms of Use
Add Acrobat Reader to it  LBiege | 08/26/08
That ain't all, buddy.  seanferd | 08/27/08
Me too  fairportfan | 08/27/08
RE: New StopBadware guidelines take aim at software update bundling  twaynesdomain | 08/26/08
RE: New StopBadware guidelines take aim at software update bundling  PeterRohlfs | 08/27/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here