QuickTime, iTunes install Safari — like it or not

Susan bradley By Susan Bradley

The auto-update routines for QuickTime and iTunes, two programs that play multimedia files, have quietly begun installing Apple’s Safari browser unless PC users are sharp enough to turn off a little-noticed option.

This week’s abomination makes me question the entire concept of trusting auto-update mechanisms as a way of seeking better security.

Updater for media players adds unwanted payload

My tracking of patches started out this week with an abomination. The latest version of the update mechanism that keeps QuickTime and iTunes software current now sports an additional and non-germane payload. The updater wants to install Apple’s Web browser, Safari, which comes in versions for Mac and Windows.

You may be accustomed to auto-update mechanisms that try to promote optional software. MSN’s Instant Messenger installer, for example, graciously offers to change your home page to MSN.com. So why is Apple’s peccadillo particularly putrid?

It’s because the company is using its security update mechanism to push Safari, which is not a security upgrade.

I know that many users are resigned to vendors using security updates as a mechanism to distribute optional programs. Besides Microsoft, Sun Microsystems is doing this to promote its implementation of Java, and a gazillion other vendors are abusing their auto-install mechanisms, too.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2008-03-27:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.