There's been a bit of a ruckus this week over Apple's decision to use its Software Update tool to push other Apple software on users. More specifically, those who have installed iTunes will discover that Software Update is now offering you Safari, despite the fact that most iTunes users don't want such a thing. Anyway, Mozilla CEO John Lilly describes why Mozilla feels Apple's decision to do this is wrong -- and how moves like it can endanger the security of the Web:
What Apple is doing now with their Apple Software Update on Windows is wrong. It undermines the trust relationship great companies have with their customers, and that’s bad — not just for Apple, but for the security of the whole Web.
Keeping software up to date is hard — hard for consumers to understand what patches are for, how to make sure they’re up to date.
It’s also critically, crucially important for the security of end users and for the security of the Web at large that people stay current. If people don’t update software regularly, it is impossible for them to remain safe; good software developers are creating improvements constantly. That’s why Mozilla spends so much time making sure our own Automatic Update Service works, and why we spend so much time agonizing over the user interface for the updates. We look at the data every time we do an update; we obsess about what we call “uptake rates” — the percentage of Firefox users who are on the most current version of the browser a day or a week or a month after release. As a result, Firefox users are incredibly up to date, and adopt very quickly.
There’s an implicit trust relationship between software makers and customers in this regard: as a software maker we promise to do our very best to keep users safe and will provide the quickest updates possible, with absolutely no other agenda. And when the user trusts the software maker, they’ll generally go ahead and install the patch, keeping themselves and everyone else safe.
Anyone who uses iTunes on Windows has Apple Software Update installed on their machines, which does just what I’ve described above: it checks for new patches available for Apple-produced software on your Windows machine, alerts the user to the availability, and allows updates to be installed. That’s great — wonderful, in fact. Makes everyone more likely to have current, patched versions of Apple’s software, and makes everyone safer.
The problem here is that it lists Safari for getting an update — and has the “Install” box checked by default — even if you haven’t ever installed Safari on your PC.
That’s a problem because of the dynamic I described above — by and large, all software makers are trying to get users to trust us on updates, and so the likely behavior here is for users to just click “Install 2 items,” which means that they’ve now installed a completely new piece of software, quite possibly completely unintentionally. Apple has made it incredibly easy — the default, even — for users to install ride along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices.
So I agree totally with this. I'd also like you to silently imagine, for a moment, the outrage that would break out if Microsoft were to try something like this. Why Apple can keep abusing its customer relationships and not just get away with, but flourish, is confusing to me. This is a company that is widely loved. But that love is absolutely a one way street.