Paul Thurrott's SuperSite for Windows
Home > Type > News > Mozilla responds to Apple's dubious use of Software Update to push Safari

Mozilla responds to Apple's dubious use of Software Update to push Safari

Mar. 21, 2008 Paul Thurrott | Paul Thurrott's Supersite for Windows

There's been a bit of a ruckus this week over Apple's decision to use its Software Update tool to push other Apple software on users. More specifically, those who have installed iTunes will discover that Software Update is now offering you Safari, despite the fact that most iTunes users don't want such a thing. Anyway, Mozilla CEO John Lilly describes why Mozilla feels Apple's decision to do this is wrong -- and how moves like it can endanger the security of the Web:

What Apple is doing now with their Apple Software Update on Windows is wrong. It undermines the trust relationship great companies have with their customers, and that’s bad — not just for Apple, but for the security of the whole Web.

Keeping software up to date is hard — hard for consumers to understand what patches are for, how to make sure they’re up to date.

It’s also critically, crucially important for the security of end users and for the security of the Web at large that people stay current. If people don’t update software regularly, it is impossible for them to remain safe; good software developers are creating improvements constantly. That’s why Mozilla spends so much time making sure our own Automatic Update Service works, and why we spend so much time agonizing over the user interface for the updates. We look at the data every time we do an update; we obsess about what we call “uptake rates” — the percentage of Firefox users who are on the most current version of the browser a day or a week or a month after release. As a result, Firefox users are incredibly up to date, and adopt very quickly.

There’s an implicit trust relationship between software makers and customers in this regard: as a software maker we promise to do our very best to keep users safe and will provide the quickest updates possible, with absolutely no other agenda. And when the user trusts the software maker, they’ll generally go ahead and install the patch, keeping themselves and everyone else safe.

Anyone who uses iTunes on Windows has Apple Software Update installed on their machines, which does just what I’ve described above: it checks for new patches available for Apple-produced software on your Windows machine, alerts the user to the availability, and allows updates to be installed. That’s great — wonderful, in fact. Makes everyone more likely to have current, patched versions of Apple’s software, and makes everyone safer.

The problem here is that it lists Safari for getting an update — and has the “Install” box checked by default — even if you haven’t ever installed Safari on your PC.

That’s a problem because of the dynamic I described above — by and large, all software makers are trying to get users to trust us on updates, and so the likely behavior here is for users to just click “Install 2 items,” which means that they’ve now installed a completely new piece of software, quite possibly completely unintentionally. Apple has made it incredibly easy — the default, even — for users to install ride along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices.

So I agree totally with this. I'd also like you to silently imagine, for a moment, the outrage that would break out if Microsoft were to try something like this. Why Apple can keep abusing its customer relationships and not just get away with, but flourish, is confusing to me. This is a company that is widely loved. But that love is absolutely a one way street.

Discuss this Article 41

pmcgrath
on Mar 21, 2008
Please correct me if I wrong here, but didn't MS use windows update to push out IE7 as a critical update? Not that I think either company is correctly using thier update channel.
Rasken
on Mar 21, 2008
Well since IE6 is on every Windows PC, IE 7 is technically an update to IE6. It's also worth mentionning that IE7 is inherently more secure than IE6 as well. I thought this was scummy when they pushed out iTune this way when I only installed Quicktime and it's scummy now that they want to do it with Safari.
daProject
on Mar 21, 2008
Didn't Microsoft just last year update stuff via Windows Update silently without users consent? That said, two wrongs don't make a right. And Apple is definitely wrong to be doing this.
DRWAM
on Mar 21, 2008
Rasken, IE & brought my laptop to a crawl. I had to reinstall XP. Anyone remember WGA? Although I think that MS had every right to use it, I think sneaking it into Express install was not appropriate. How about Google toolbar with Adobe reader? If you blink on the download, you own it. Also, I think that Apple should not have done this. Is there a warning or do you get a choice to install Safari from iTunes? If so, shut up! If not, never mind:) Either way, I guess that I agree with Paul.
db
on Mar 21, 2008
Paul, Microsoft did try this - ever notice how the WIndows Live Messenger installer offers to install the rest of the Windows Live suite for you? You don't hear about it because no one uses Windows Live because no one LIKES Windows Live. You could make the argument that Live is a suite and iTunes/Safari isn't, but that's bogus because "suite" is a completely subjective word that doesn't really mean anything. Why does no one complain about that? That said, is Apple right in doing this? I don't know. It's no more wrong than what MS does. I move we call for the abolition of this practice instead of bashing Apple. It doesn't get you page views, but at least it's constructive.
BrightrevCarl
on Mar 21, 2008
I noticed the Safari update a few days ago and dismissed it, but you're totally right. I'm not really interested in the "Apple did it" versus "Microsoft did it" argument. It's wrong to push new software via an update tool, no matter who does it.
Rasken
on Mar 21, 2008
The difference with the Windows Live installer is that nothing is actually selected and you can select what you want on a whim. If you were to eequate MS to Apple in this case, then the proper comparison would be MS offering the whole live suite as a critical security fix. Anything new software that MS deems worth distributing through Windows Update is usually offered through Optional Components on Windows Update, and nothing is automatically selected, as it was in this case.
bielawski
on Mar 21, 2008
@DRWAM: Here's the basic layout of the UI, on install and on update: ________________________________ iTunes setup X {{Explanatory text}} [check] Create desktop icons [check] Keep software up to date ___________________[Next][Cancel]__ ________________________________ Software Update X ___________________________ [check] iTunes v. 7.x [check] Safari v. 3.x ___________________________} ___________________________ ________{{Description}}________ ___________________[Install] [Cancel]_ Also, if you install Safari and enable Software Update, the update list includes installation of iTunes and QuickTime as "updates", and Windows installed using Boot Camp automatically has Apple Software Update which offers all three of these products as updates.
clindhartsen
on Mar 21, 2008
It does seem a little questionable, I mean, IE 7 is legit in that it is an upgrade from IE 6 and a number of other things in Windows Update have been updates to programs you already have. Microsoft hasn't really done this, leaving those in Windows Update on the extras tab or whatever pre-Vista when everything was online vs. on a program on your PC. On db's note, Live can be annoying in toying for you to install all the other software, but it holds a relationship. Live services are all online, all deal with online content, and all have a relationship. Linking Safari to iTunes is like linking IE 7 to WMP 11, something which makes no sense by in large. On some of the other notes, it's annoying how many different pieces of software now try to install toolbars and other crap, much of it legit unwanted stuff, and many don't realize it. While much of it isn't spyware, it's just plain annoying and the simple person out there, like many in my family, don't even think about it if they need to read an Acrobat document and have to install the software. Also, on the IE 7 running badly note, I think it's largely related to people having bad toolbars or extras in their browsers. I had to fix a family friend's PC when IE 7 was installed and found they had a bit of spyware-looking toolbars and it just tore IE 7 down to the ground.
jaw04005
on Mar 21, 2008
Well it should be noted that Apple already installs "Webkit" which is essentially the framework for Safari with every iTunes for Windows installation. This is required in order for the iTunes Store to function. This update is actually just installing the front-end to Webkit. However, that doesn't excuse the fact that it's unwarranted by the end-user. By the way, this is old news. Apple announced at WWDC that this would happen once they felt Safari for Windows was good enough to push out.
weedmonk
on Mar 21, 2008
Are the iBoi's going to go ape chit on Mozilla as well?
peterkirn
on Mar 21, 2008
Right, it seems there are several issues here: 1. Apple is in fact using iTunes for leverage and control in ways that are at least a little unnerving -- I'm personally more scared by making iTunes the only way to develop for iPhone, compared to relative openness (or increasingly even open source) channels on other mobile devices. 2. Push updates: Let's face it, whoever these come from, they're annoying -- or, at best, just not terribly useful. Google "helping" you install Real in Google Pack? Come on. 3. Apple vs. Microsoft vs. everyone else -- to others who say, shouldn't there be outrage when Microsoft does this, well, yeah -- did you read the post? I think the point is we should yell at anyone one they're wrong -- Apple included. Ironically, for all this hoopla over how the Mac community is going more "mainstream" than the dark days of the mid 90s, doesn't anyone remember those days? The Mac community called Apple when they were wrong. Many in Macland still do. But there does seem to be a new "whatever Apple does is right" breed. I think a little suspicion can be healthy, even as a loyalist. ;)
rmansfield
on Mar 21, 2008
I don't see what the problem is. The user doesn't have to download it if he or she doesn't want it.
clindhartsen
on Mar 21, 2008
rmansfield, when the program puts it under updates and we've programmed users to INSTALL all updates for years in the Windows world, they're bound to install it and end up with a program without even an idea of what they've done. Safari isn't horrible, it's not bad actually, but this isn't the way to spread it. It's like selling you shampoo as a suggestion for a car and you knowing no better and buying it, it doesn't necessarily benefit you and it doesn't help the quality of the program which called for the "update"
lotsamystuff
on Mar 21, 2008
All of this assumes, of course, that PC users aren't smart enough to uncheck a box. Actually, this particular tempest in a teapot might have some validity if the loudest complainer were anyone besides Google, whose toolbar is offered on damn near every software update I install for Windows. Hypocrisy, thy name is Google. And thy last name is Thurrott.
DRWAM
on Mar 22, 2008
clindhartsen, thanks for the info. My personal issue with IE7 on XP [it works well on my Vista install], is that it was installed without warning through Express update, or was checked off in critical updates when doing Custom update. It was installed in many of our company computers which were older and slowed them down to a crawl. IT had to uninstall or reinstall XP. Also, IE 6 is used for us docs to view images on call [through GE Centricity], and IE 7 was not compatible. Unfortunately, some guys discovered this on call, preventing them for viewing emergency studies. Eventually the doc drove to the hospital and stayed, fixing the problem later. However, the delay could have cost someones life. IT later rolled out an IE 7 blocker, which helped those that didn't get duped into installing it. Personally I only use IE on all my home PC's, rather than FF. However, I prefer FF to Safari on my Mac. Either way, I think that the check box should NEVER be checked when making noncritical/optional updates or software add-ons from any company. That said, EVERY Apple update in Software update is checked, including stuff that I do not need, such as Airport [which I do not own]. At least MS shows some as optional, and you must check the box to DL and install.
johnpapola
on Mar 22, 2008
I agree in a theoretical, and certain philosophical sense, that this isn't very good. If you could prove that iTunes has a monopoly (I don't think you can, given that Windows Media Player is on more computers than iTunes), this would amount to questionable tying. Does anyone know if the mere installation of Safari changes the system browser defaults without prompting? THAT would be really wrong. I think far too much is being made of the checkbox, personally. For anyone that consciously doesn't want Safari installed, they are given the clear option to uncheck it. If the user is given a choice that's clear and readable, I don't see much of a problem. Regardless, this is nothing compared to Microsoft, which is a proven monopoly in operating systems, bundling all sorts of software including IE with the system from the moment of installation. Windows users don't get the opportunity to "uncheck" Internet Explorer, Windows Media Player, Photo Gallery or anything else that comes with Windows. You can't even un-install these applications, can you? I find it kind of funny that Microsoft was allowed to achieve dominance through all kinds of horrible tactics, but now anyone else trying to balance things out by leveraging THEIR assets without a monopoly is raked over the coals. Leveraging your assets is called good business. Microsoft's tactics would all be fair game had they not been cutting off the air supply of the industry through monopoly power (while keeping their prices high, of course... just look at the ASP of Windows over time). So, as someone happy to see any success in weakening the grip of IE on the internet, I welcome this aggressive tactic to leverage the iTunes userbase. All that said, I totally understand why hardcore techs like most of the people on this forum would find this a bad tactic. Obviously, Mozilla doesn't like having a competing browser make any gains, so their criticism must be taken with a serious grain of salt. This does have the whiff of hypocrisy, I must admit. But it's by no means clear cut and it's certainly not illegal.
Waethorn
on Mar 22, 2008
"I don't see what the problem is. The user doesn't have to download it if he or she doesn't want it." i don't think anybody gets the really wrong thing that Apple does that i brought up before, and that's the iTunes + QT update package that's forced on users that have the Apple Software Update package installed. i no longer install Apple Software Update because of that reason. likewise, i won't be installing any Apple software on new systems that i sell. posting Safari with an optional checkbox that's checked by default is one thing, but thrusting iTunes on users that don't want it, but want automatic update functionality for Quicktime is just wrong!
clindhartsen
on Mar 22, 2008
DRWAM: Always interesting to see the internal effects of some problematic updates. In the corporate setting, I can definitely see the problem of the IE 7 automatic update in your respects, I mean, not everything is made for newer programs and will need time to be upgraded or just maintained with older hardware. Still, the whole "slowing down" issue does seem a touch odd in many respects, but that's something for your IT department to figure out when they eventually roll out the update or await IE 8's introduction, whenever that happens. Waethron: I think most of us forgot about the QuickTime-only installers out there, partially since I think many get iTunes+QT these days, but that does seem like it'd be kind of annoying. Still, at least it holds a touch of relationship as both being media programs vs. completely non related items.
johnpapola
on Mar 22, 2008
Waethorn, you make a fair point, I guess. Though, when I google "quicktime for windows", the first link that comes up is this: http://www.apple.com/support/downloads/quicktime72forwindows.html Which would appear to install Quicktime standalone. If you're among the minority of users that really don't want iTunes, it appears that it's pretty straight-forward to avoid it... and you're likely to be the kind of user that's smart enough to avoid "confusing checkboxes". It doesn't appear very difficult for a user interested strictly in Quicktime to get precisely what they want. Am I missing something?
Flenser
on Mar 22, 2008
The problem here is that installing Safari is the *default* choice. It doesn't matter that they are given the choice to not install it because a significant number of users just hit install on these dialogs without reading them. It's like pre-ticked "I opt in to receive your newsletter" checkboxes on sign up forms. It's the *wrong default*. These things should require action to opt-in, not action to opt-out.
Waethorn
on Mar 22, 2008
"If you're among the minority of users that really don't want iTunes, it appears that it's pretty straight-forward to avoid it... and you're likely to be the kind of user that's smart enough to avoid "confusing checkboxes....It doesn't appear very difficult for a user interested strictly in Quicktime to get precisely what they want. Am I missing something?" try to read a little more carefully here - I'm talking about Apple Software Update here, not Apple's website. Apple Software Update installation is the default with Quicktime, and yet when you install it, there is no auto-update option for Quicktime standalone. If you want to auto-update Quicktime, YOU HAVE TO ACCEPT ITUNES.
DRWAM
on Mar 22, 2008
Point of clarification. IE 7 caused slow downs on some older, computers with minimal RAM. My laptop was a Dimension 8200 with 1.25GB RAM, but I think that it is 4 or 5 yrs old. I don;t know why it was so slow, but perhaps it was a bad install. I had a bad install of .net framework [XP] update that caused perpetual rebooting last week. Safe Mode startup and system restore fixed the problem, and the next or repeat .net update worked fine [3 yr old computer].
Waethorn
on Mar 22, 2008
@DRWAM (and all) .NET Framework 3.5 includes .NET Framework 2.0, 3.0, and the corresponding Service Pack 1 update for both. You can get it here: http://www.microsoft.com/downloads/details.aspx?FamilyId=333325FD-AE52-4...
halesgarcia
on Mar 22, 2008
Network effects. That's how the PC monopoly was won after all. The only thing new here is that it's Apple doing it and it's obviously bursting some of Microsoft's supporter's bubbles. If only Microsoft could update XP users to Vista as easily. More salt to the injury.
johnpapola
on Mar 22, 2008
Waethorn, if that's the case, than I agree it's pretty aggressive and user-unfriendly to force iTunes on QuickTime users. I can see why it bothers you. The only flipside I can offer is this: clearly the pros outweigh the cons for Apple at this point. I would wager that most users that have quicktime either actively use iTunes or won't mind having it installed. Same goes for Safari. I don't think the average consumer user is going to come away from this with a negative perception of Apple. It's more likely the benefit of gaining new users from their exposure to iTunes will help Apple's business. Now I could be wrong. Maybe Apple is earning a ton of ill-will among important users, but I doubt it. But, still, point well made. These aren't ideal techniques.
DRWAM
on Mar 23, 2008
Waethorn, thanks, I will try it. I was a little afraid to update more, but it bet that my experience was a freaky rare occurrence since it had never happen in the rest of the numerous other computers that I have updated with the same software. It was a clean install to boot [pun intended].
cesjr
on Mar 23, 2008
"Why Apple can keep abusing its customer relationships and not just get away with, but flourish, is confusing to me." Of course it's beyond Paul - Apple is loved because it's business model - make the best products possible and challenge the status quo - is very good for consumers. Sure, it does some things that are bad, but they are very minor when you look at the big picture. Paul can't see the big picture when it comes to Apple because he's just annoyed with the idea that apple's products are superior to microsoft's products. That's the whole reason for his angst with apple.
RunTimeError
on Mar 23, 2008
Safari update: Uncheck it if you don't want it. iTunes being forced on users: I'm sure this annoyed the 12 people that actually use WMP or the 5 that use the Zune software. Windows updates: Don't set it for automatic. Set it to alert you when there are updates. That way, when it's time to update, uncheck all the crap you don't want ... then again even if you do this, MS Update still insists that you download the Malicious Software Removal Tool no matter how many times you uncheck it. Done and done.
Waethorn
on Mar 23, 2008
"It was a clean install to boot" Have a copy of the .NET Framework 3.5 Redist handy for future reformats, cuz it's the only .NET download you really need (for XP). I'm not sure if there are any prerequisites aside from SP2, but I don't believe so, and the installer should let you know if there are anyway. It's also a good idea to have a copy of the downloadable BITS & Windows Installer updates to be performed before taking systems onto Microsoft Update (it reduces the number of reboots from updates), as well as Windows Media Player 11, if for nothing else, at least for the security updates. Of course, your IT staff can easily deploy any updates in a centrally managed and controlled manner using WSUS or the Microsoft Deployment Toolkit 2008. If they're managing several hundred or several thousand systems company-wide, they should be using Microsoft System Center software.
lookmark
on Mar 23, 2008
It's absurd to compare Apple's Software Update to malware, but it's also undeniably obnoxious behavior to make users uncheck that box *every* time the update feature runs to update iTunes. Either the default state for new software should be unchecked, or users should be able to select, "Don't remind me about this piece software again". Or both.
solaranox
on Mar 24, 2008
My goodness... Uncheck the friggin box! I can't tell you how many times I have had to uncheck the Google toolbar box, or delete "Install Link Icons" from my desktop after installing a TOTALLY unrelated peice of software... Or how many time I have had to spend 1 to 2 hours uninstalling crapware from my new Windows system. If you really want to get on someone, get on Dell and HP for loading so much crapware on a new PC that it takes 3 to 4 minutes just to complete the login process.
Dipsh t Admin
on Mar 24, 2008
"MS Update still insists that you download the Malicious Software Removal Tool no matter how many times you uncheck it." That's because it's a new one every month. Hence why it shows the month in the name of the package. And I don't understand why you are advocating to not have Windows automatically install updates. If you are a typical user, just keep the automatic update function set to its default.
dougxd
on Mar 24, 2008
I think *offering* the software is okay. Had they simply removed the default checkmark things wouldn't be so hairy. There have a been a few separate pieces of software that MS has offered via WU over the years, but none as far I can recall have been defaulted to be installed. They've always been available, but not selected by default for installation. Ya know, until, and if, we hear from Apple on this, we're really just stoking an unnecessary fire here. Since I'm feeling especially charitable this morning, maybe Apple didn't actually intend to select it for install on purpose? Is there an 'oops' in the works? Hmmm.
ibarskiy
on Mar 24, 2008
this thread is the problem with Apple fans. Justification after justification of clearly wrong tact by Apple (actuallly, appalingly wrong). Don't liken it to installers. You download installers and then try to run them. And yeah, if they try to push other software it's annoying (like yahoo, google toolbars or other portions of Live suite, etc.) but at least at that point the user is known to pay attention. Don't liken it to IE 7 updates or OS updates - they are updates for the product advertised. This is an Update for a product you have installed trying to push a different product. The biggest difference is that Updates are considered required / good and there is an intrinsic trust there that is clearly broken. It is typical arrogant and irresponsible Apple behavior, and why a lot of people don't like the company.
lookmark
on Mar 24, 2008
re: solaranox Just because other companies engage in obnoxious behavior doesn't give a free pass to Apple. New software in Software Update should either be unchecked, and/or the "Ignore this update" option (which I just found out about - it's tucked away in a menu) should be more discoverable. Apple is very good at UI - they how to do this kind of thing right, so there's no excuse for this. Trying to get user to try Safari by gentle force isn't the right route to go. They need to produce a kick-ass browser that people want to check out.
james3mg
on Mar 24, 2008
Gotta say, I agree with ibarskiy - the analogies I've seen so far about this issue have not been quite right. How about this one: you install Virtual PC for Mac (a Microsoft program) or Office for Mac, and a few weeks later, an update program offers you some critical updates, one of which is Internet Explorer. Even if you uncheck it, you'll be offered it again every few weeks. Now, I'm well aware that IE is no longer made for Mac, thus this could never happen, I'm just asking you to imagine the kind of outcry that would result if it did. And I don't think you can make a case that Microsoft has a monopoly on productivity suites on the Mac OS...not even as much as iTunes has for audio jukeboxes on Windows, so I don't think the analogy is far off. That being said, no analogy is perfect. I'm not trying to stir up troubled waters even more, simply trying to show why this is unacceptable in the minds of most people who have to help maintain any PC but their own.
solaranox
on Mar 24, 2008
re: Lookmark I am not giving Apple a pass on this... But come on, uncheck the box and move on. Which is a bigger story/problem? Apple doing this, or Dell and HP loading new PCs with so much crapware that it cripples the system unless you install all of it? Should Apple have done this? No. No company should offer new/unrelated software with an update or when another application is installed. The fact that Paul posts soooo many Apple bashig stories on a Windows centric site, sure seems to me that he is trying to drive his hit count, or he has an underlying issue with Apple. Read Paul's posts on WHS data corruption problems. There is no-where near the venom in those posts that he typically applies to Apple "problem" posts. And that is on a MAJOR issue that can cause data loss, that looks like it will not be fixed 6 months after is was first reported!
lookmark
on Mar 24, 2008
The problem isn't that you have just uncheck the box once, though, it's that you have to uncheck the box every time Software Update is scheduled to appear. That can be a real annoyance that most people won't see how to opt out of. That's just not a smart move for Apple in the long run. But yeah, I agree that this annoyance has been blown way, way out of proportion. Saying this "borders on malware distribution practices" is stupid.
drylight
on Mar 25, 2008
This is just a way for Apple to offer ignorant people (i.e. IE users) a much better browser.
Aferguson99
on Mar 27, 2008
Just noticed on The Register that that the license terms for Safari for Windows say that you can only install it on an Apple Computer. You can only legally install it under Bootcamp or VMware or Parallels on a Mac, not on any other PC. http://www.channelregister.co.uk/2008/03/26/apple_safari_eula_paradox/

Please or Register to post comments.

Related Articles

IT/Dev Connections

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• 120 Technical
Sessions
• Networking with Peers
• Expert Speakers


Come See Paul Thurrott & Mary Jo Foley in Person!

Register Now

Office 365 InfoCenter

Get the latest insight and info from Paul

Read Now!

What I Use
Apr. 18, 2013
Article

What I Use: On the Road 21

Every so often, I publish an updated version of my “What I Use” document, which details the technology products and services I actually use day-to-day. Since I’m currently on my third business trip in five weeks, this is perhaps an ideal time to discuss the technology products I rely on when I travel and a few related points....More
Mar. 6, 2013
Article

What I Use: March 2013 33

Lots of changes since November, including a new PC-based home server running Windows 8, several new smart phones, new PCs and tablets, new cloud backup, Office 365 Home Premium and a nice doubling of my Internet speeds courtesy of Verizon FIOS....More
WinSuperSite.com
Related Penton Sites
Copyright © 2013 Penton Media, Inc