Mozilla chief executive John Lilly has lambasted Apple for its use of iTunes to offer the Safari web browser to Windows users, saying the technique “borders on malware distribution practices” and undermines the security of the Internet.”What Apple is doing now with their Apple Software Update on Windows is wrong,” Lilly wrote on his personal blog. “It undermines the trust relationship great companies have with their customers, and that’s bad – not just for Apple, but for the security of the whole web.”
The problem is Apple now includes Safari as a default download for Apple Software Update. ASU is a bloated piece of shit that runs 24/7 if you let it. You get it when you install QuickTime or iTunes on a Windows PC. When Apple releases these super-sized patch sets for their vulnerable software — and make no mistake, Apple’s code is third-rate and very insecure — it now includes updates for software many users either don’t have or don’t care to have.
Rather than installing iTunes when you get an iPod, consider any of the many alternatives. Many of them are either free or inexpensive, nearly all of them are much less resource-intensive and probably less buggy as a result. WinAmp can be used to sync/manage an iPod.
Edit: Lilly’s blog is here. He’s since defended himself against attacks by the Mac fanbois. The most salient points he made, though, were these:
Apple has made it incredibly easy — the default, even — for users to install ride along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices.
It’s wrong because it undermines the trust that we’re all trying to build with users. Because it means that an update isn’t just an update, but is maybe something more. Because it ultimately undermines the safety of users on the web by eroding that relationship. It’s a bad practice and should stop.
I don’t mind being presented opt-in choices. I resent having to opt-out of things like this. As buggy as Safari for Windows has proven to be thus far, and given Apple’s subtleties when it comes to threat severities, they should be ashamed for making this kind of choice for users and potentially installing their browser on computers unless users actually select to do so instead of making that choice for less attentive and less diligent users.