Recently, Apple shipped out an update via iTunes that included the installation of Safari, the default browser on the Mac OS X, which is also available for Windows. Now, if you read it once again, with a bit of concentration you would see that, Apple went ahead and included the installation file and also pre-selected it for the user. (Photo Courtesy CNET)
As you can see in the image alongside, a 22.65 MB installation file for Safari was included in the update. This lead to a lot of uproar in the blogosphere led by Mozilla’s CEO John Lilly, who went so far as to say that Apple was pushing malware to its customers.
Though, I do not completely agree that Apple was pushing malware, but I strongly believe what Apple did with this update was ethically wrong, the reason why is that, a majority of users will not bother to read through the text and would just implicitly go ahead and install both the items. Now, imagine that a 22.65 mb file has taken that much bandwidth plus the time for something the user may rarely use. I mean, if someone really wants to use Safari, then they will go over to Apple’s website and download it, install it and use Safari.
This has been widely criticized in the blogosphere, because many are livid at Apple’s tactics and see this as misusing the dominance of the iPod+iTunes Platform. As you know, anyone who owns an iPod or an iPhone has to use iTunes to sync content between your PC/Mac to your iPod or iPhone. Now, whenever you install iTunes, you install the Apple Software Update, which is like the Windows update all PC users are very familiar with.
Now, the job of a software updater should be just that - update software. Now, all software on all Operating Systems have bugs - a software update allows the vendor to address it.
John Lilly explains it better in his post about the Safari fiasco:
Keeping software up to date is hard — hard for consumers to understand what patches are for, how to make sure they’re up to date.
It’s also critically, crucially important for the security of end users and for the security of the Web at large that people stay current. If people don’t update software regularly, it is impossible for them to remain safe; good software developers are creating improvements constantly. That’s why Mozilla spends so much time making sure our own Automatic Update Service works, and why we spend so much time agonizing over the user interface for the updates. We look at the data every time we do an update; we obsess about what we call “uptake rates” — the percentage of Firefox users who are on the most current version of the browser a day or a week or a month after release. As a result, Firefox users are incredibly up to date, and adopt very quickly.
There’s an implicit trust relationship between software makers and customers in this regard: as a software maker we promise to do our very best to keep users safe and will provide the quickest updates possible, with absolutely no other agenda. And when the user trusts the software maker, they’ll generally go ahead and install the patch, keeping themselves and everyone else safe.
Anyone who uses iTunes on Windows has Apple Software Update installed on their machines, which does just what I’ve described above: it checks for new patches available for Apple-produced software on your Windows machine, alerts the user to the availability, and allows updates to be installed. That’s great — wonderful, in fact. Makes everyone more likely to have current, patched versions of Apple’s software, and makes everyone safer.
The problem here is that it lists Safari for getting an update — and has the “Install” box checked by default — even if you haven’t ever installed Safari on your PC.
That’s a problem because of the dynamic I described above — by and large, all software makers are trying to get users to trust us on updates, and so the likely behavior here is for users to just click “Install 2 items,” which means that they’ve now installed a completely new piece of software, quite possibly completely unintentionally. Apple has made it incredibly easy — the default, even — for users to install ride along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices.
It’s wrong because it undermines the trust that we’re all trying to build with users. Because it means that an update isn’t just an update, but is maybe something more. Because it ultimately undermines the safety of users on the web by eroding that relationship. It’s a bad practice and should stop.
And he is right on the money as far as I am concerned, simply because of the trust issue, I mean I am sick of having to install QuickTime too when I have to use iTunes (only for syncing content with my iPod or iPhone), I do not use iTunes as my music player on my pc anyways and I do not intend to do so ever. I do not like it that I cannot use iTunes to do a backup of either my iPod or my iPhone.
But, what Apple did with Safari was highly unethical. I do not want to be shipped out programs under the guise of a security update. I think Apple should realise that is playing with fire as things like this will surely prick the ears of the antitrust authorities in the US and EU. Especially, EU which is far more aggressive at policing considering its stance vis a vis Microsoft, Apple has been dragged to court in the US over iTunes + iPod and the EU followed it up with an investigation of its own into iTunes and the territorial restrictions (you can only buy if you have a card from a bank in a country where iTunes Store is available) that are placed on the consumers and this Safari fiasco just aggravates the situation.
Why do I say so? Because, the defense (which was quite strong) that Apple had in all of these cases was that it was not a monopoly in the digital music market and it did not abuse it as it built up the market based on merits. Microsoft was not fined for having a monopoly position in the OS market but for abusing it by prevent other OEM’s from using any other browser apart from Internet Explorer when they shipped Windows. That was abuse of a dominant position in the OS market to push another product down the consumers throat.
That is what Apple did with Safari too, pushing an unrelated application under the guise of Software update. Now, this pains me a lot to see why my favorite company Apple is doing something so dangerous and is actually mimic our rivals up north in Redmon (read: Microsoft). This fiasco actually led to Ed Bott at ZDnet write a post titled, ‘What Microsoft can teach Apple about software updates‘ - he compared both the Apple Software Update and the Windows Update in a gallery showcasing the difference with the conclusion that Microsoft’s process was more opt-in, i.e. the consumer had the choice and the right over what was being downloaded onto his machine and Apple’s process was more opt-out, i.e. the consumer had to be alert and vigilant and of course knowledgeable enough to opt-out. Probably, Microsoft learnt the hard way because I remember Microsoft once sent me a update for Windows Media Player 10 when I was using Windows Media Player 9, but I did not want to install it at that point as it was too new and my strategy with Microsoft’s products is to wait a bit before installing it (yes, I still run XP SP2 and I have zero plans to change to Vista anytime soon, most probably will move to Mac OS X Leopard and will install XP using either Parallels or Fusion.
Now, why is opt-out so bad and something Ed did not cover in his post was because of what John said - Consumers instinctly, implicitly and intrinsically trust a vendor like say an Apple or a Microsoft when it comes to security updates, because for the vast majority of user, security updates description are mumbo jumbo, they don’t understand how a bug in the system can be exploited and they don’t care about all this mumbo jumbo, they just know its bad so what they do is just tick all and install all updates, I personally have done this many times.
I sincerely hope that Apple for its own good does not keep repeating this and that it really keeps out the antitrust authorities at bay. I would like Apple to render an unconditional apology for having done this and promise not to repeat it, it would do wonders for Apple (I know this is more of wishful thinking but hey what the heck!).
Recent Comments