• United States



Like Taking Candy from a Stranger

Mar 26, 20083 mins
Data and Information Security

Last week I crawled out of bed and made my way to my office.  When I booted my Windows XP virtual machine I was greeted with the familiar iTunes software update screen informing me of yet another upgrade, patch, or fix for iTunes… or so I thought.  Fortunately I had already drowned myself with enough coffee to force my eyes to begin to open enough to see that this wasn’t a new version of iTunes at all, but instead Safari. 


On Windows!?

I felt like a cop on TJ Hooker who draws down his gun on a 112 year old grandmother.  My finger was still poised on the mouse, mid-click when it finally registered what was going on.  Apple was trying to install what I would call from any other company, “shovel-ware”.  You know, the crappy software that un-reputable types will try to shovel onto your computer without you knowing.  Not malware per se, but trial software and software that you neither want nor need.  In any case, I was a bit surprised to find Apple stooping to this level.  Don’t get me wrong, I certainly understand WHY they did it.  Why not leverage their market share of the music download market to make inroads into the web browser space as well. It certainly is a very effective way to distribute your browser to millions of users.

Unfortunately, this mechanism, as effective as it may be, likens Apple to the crap-mongers that create those pop-up ads that look like genuine Windows error messages informing you to clean your registry or install a particular vendor’s anti-virus software. 

I am sure that you have all seen the polarization of the Windows and Apple cults.  This action by Apple will no doubt solidify some firmly into the Windows camp.  As a happy (but not exclusive) Mac user, I find this act a pie in the face.  Apple …almost… managed to get me to fall for the typical Windows user habit of clicking absent-mindedly and installing unwanted software.  Furthermore, I really don’t understand why this underhanded push of Safari was warranted.  After all, unless you’ve been asleep for the last 10 years, you have seen Apple’s marketing behemoths manage to push the iPod, iPhone, iMac, and iTunes into millions of hands and in many respects reshaping the music industry.  If Apple wanted to legitimately push Safari, why not create a slick marketing campaign geared towards windows users.  Imagine the new TV spot, “I’m Safari. And I’m Internet Exploiter.” 

I’m not really surprised that Apple used this tactic.  I think that they’ve certainly grown big enough to weather any fallout.  Though, I am reluctant to say so, I think that this incident may have a positive outcome.  I know that I, for one, will definitely loose my complacency about software updates for quite some time to come.  That said, I suppose a “thank you” is in order.  Thanks Apple for screwing up.  Your blunder gave me a much needed kick in the pants!

Chad McDonald, CISSP, CISA, C|EH, PMP is a Senior Professional Services Consultant with Imperva. Chad has worked previously at National Student Clearinghouse, Centers for Disease Control and Prevention, Georgia Department of Audits and Accounts and is the former Chief Information Security Officer at Georgia College & State University. Chad has addressed numerous groups on topics such as business continuity planning, incident response, and information security awareness. Chad has spent the bulk of his career building, managing, and assessing information security for educational and research organizations. Chad has earned multiple professional security certifications. He is a member of the Information Systems Audit and Control Association as well as InfraGard, an FBI Task Force charged with protecting the nation's information infrastructure. Chad is active in the security community He worked with law enforcement agencies to assist in the prosecution of the first computer crime on record in Georgia and continues to assist local and state authorities with computer based investigations. Chad has investigated computer and computer-related crimes for local and state law enforcement agencies. Chad is an avid Mac user, since he was rescued from the dark side eight years ago. He currently conducts the vast majority of his work using a MacBook Pro and a MacBook. Chad looks forward to the day that he can stop referring to himself in the third person and actually pay someone to write his bio for him. The opinions and statements expressed here are those of Chad McDonald and in no way reflect opinions or statements of any employer or organization with which Chad is affiliated.