| By Susan Bradley |
The auto-update routines for QuickTime and iTunes, two programs that play multimedia files, have quietly begun installing Apple’s Safari browser unless PC users are sharp enough to turn off a little-noticed option.
This week’s abomination makes me question the entire concept of trusting auto-update mechanisms as a way of seeking better security.
Updater for media players adds unwanted payload
My tracking of patches started out this week with an abomination. The latest version of the update mechanism that keeps QuickTime and iTunes software current now sports an additional and non-germane payload. The updater wants to install Apple’s Web browser, Safari, which comes in versions for Mac and Windows.
You may be accustomed to auto-update mechanisms that try to promote optional software. MSN’s Instant Messenger installer, for example, graciously offers to change your home page to MSN.com. So why is Apple’s peccadillo particularly putrid?
It’s because the company is using its security update mechanism to push Safari, which is not a security upgrade.
I know that many users are resigned to vendors using security updates as a mechanism to distribute optional programs. Besides Microsoft, Sun Microsystems is doing this to promote its implementation of Java, and a gazillion other vendors are abusing their auto-install mechanisms, too.