Apparently, my irritations with QuickTime are not the only issues with Apple software. The other day my friend Tashi reported highly critical new vulnerabilities in Apple Safari 3.1 for Windows, the browser she quoted Apple as indicating:
"Engineers designed Safari to be secure from day one"It rather sounds as though the Apple Engineers have a bit of a problem. However, there is more to this story than vulnerabilities. As Tashi reported in What’s Up Apple, I don’t want Safari, Apple is using their Software Update program to push the not so "secure from day one" Safari browser on people. Is the Apple market share doing so poorly that they are resorting to foisting their software on their customers? Is Apple taking advantage of the years the security community has spent telling people to keep their software up-to-date, hoping unsuspecting customers will click Next > Next > Next?
Ed Bott said it best in What Microsoft can teach Apple about software updates:
"Companies that deliver network-connected software that contains potential security vulnerabilities have a responsibility to offer regular updates to repair those issues. The right way to do it involves these four principlesReferences:
- Opt-in is the only way. The update process should be completely opt-in. The option to deliver software should never be preselected for the user.
- Offer full disclosure. The software company has a responsibility to fully disclose what its software does, and the customer should make the opt-in decision only after being given complete details about how the update process works.
- Offer updates only. Updates should be just that. They should apply only to software that the customer has already chosen to install.
- Don’t mix updates. Updates that are not critical should be delivered through a separate mechanism.