Slow to criticize, quick to applaud

I usually try to criticize too quickly but occasionally I do. I don't think that my criticism of Apple yesterday was quick considering their past record that I mentioned in that post. However I did have my doubts as to how they would handle the bad driver issue and how quickly they would correct it. Today I see that they have already fixed the problem and are sending out updates to ITunes.

According to my secret source (OK, so it's not a secret source but I've always wanted to have one) Ed Bott has a new post up talking about the fix and his experiences with installing ITunes now that the fix has been released.

Good job Apple. I had my doubts but you proved me wrong.

Can we continue to trust Apple?

If you've read my blog for very long you probably know that I'm not a big fan of Apple, inc. I think that they have some very cool technology and in many ways I'd love to actually have some of it. A Macbook Pro would be nice to have because I think it's a really good laptop. I'd love to have a IPod Touch because it gives me the flexibility of using it as a mp3 and video player as well as allowing me to surf the Internet via wireless networks. Yet, I just can't bring myself to buy any of them because I just don't trust them.

Apple has shown itself time and again to only care about themselves and not their customers. They appear to be willing to do whatever it takes to further their agenda even if it means being dishonest and underhanded. They will even try to ruin the careers of security researchers if it will keep their public image intact. They are willing to try and increase market share for their Safari browser by sneaking it in an update.

I've heard and read horror stories about support when you have to send things off for repair. I've heard them deny that a vulnerability exists and then quietly fix it a month or two later. Then they have the gall to say that the fix wasn't for the earlier announced vulnerability but for something that was not publicly known. They don't seem to care that they release patches that don't fix what they say the patch fixes.

To me this all says that Apple, inc has an ethics problem and when it is this blatant I have a hard time doing business with them. It definitely affects the level of trust that I have in them. The question is will you and other customers continue to trust them?

Why do I ask this? It seems that once again Apple is sneaking things into their updates that they don't feel the need to inform us about. Ed Bott does a good job of chronicling issues with the latest release of ITunes 8 and some things that are happening when you think that all you are updating is ITunes and Quicktime. If what he and others are saying is true then not only is Apple sneaking things into the update process but they are also causing all sorts of problems with windows systems. How will Apple deal with these problems? That is the big question here. Not so much the fact that they are installing things beyond ITunes, although that is an issue that they need to deal with.

I've not installed ITunes 8 yet and won't until I know that the problems are fixed. Why do I use ITunes at all since I'm not an Apple fan. Because I bought a IPod Nano from my Brother-in-Law a few years back and I use ITunes  because it came with the IPod. At that time I actually still had some respect for Apple. When my IPod dies I imagine I will get a different mp3 player and ditch ITunes all together.

The Bad Apple

I've been thinking of buying a MacBook Pro for a while now. It's not something that I need I just want one. Just when I think that I am ready to bite the bullet Apple does something that kind of irritates me and makes me step back and take a second look.

A couple of years ago David Maynor and Johnny Cache were smeared by Apple for doing research and that left a bad taste in my mouth. Then I listened to an interview on Pauldotcom Security Weekly with Roamer where he details his experiences with Apple. This did nothing to endear Apple to me. Well, as time heals all wounds I've been thinking again that I may bite the bullet and buy a MBP and once again Apple has done something that just gets my goat.

Yesterday I noticed that my Apple Updater software was prompting me to install something. I looked at it and noticed that it wanted to install Safari. I don't want Safari and as far as I knew I didn't have it. So I said no and quickly checked my system to see if somehow Safari had been installed without my knowledge. I hadn't. So I mentioned it to some friends in a chat room and then forgot about it.

This morning I received a link for my friend Martin McKeay to a story that explains what happened. It seems that Apple decided to push out the Safari install to everyone who runs Apple Updater. Martin wrote about this here and you should read his take on it. I tend to agree with Martin that there is nothing really wrong with this but it is underhanded and it irritates me. It would bother me just a little if this was the first thing that Apple has done that I didn't like but it isn't. What I like even less is that they do these things and think that it's no big deal. Why shouldn't they be able to smear peoples names and reputations or give bad service or sneak their software onto possibly millions of computers. Their Apple!

I don't like this because it's semi-dishonest and it takes advantage of peoples inherent acceptance Apples goodwill. They assume that because it is being delivered by Apple via an update mechanism that it is an update. A install of software not currently on the system is not an update and it's wrong to make people think it is. People assume that if a reputable company is sending them something via an updater then it is an update and needs to be installed. We in the security community have been preaching to our friends and family to keep their software updated and along comes Apple with what could be called predatory practices. That is just plain wrong.

This won't make me not buy a MBP one day but it will cause me to really consider whether or not I want to spend my money with a company who doesn't seem to care about how they do things. I know that I lots of companies that I do business with do things that I don't like or agree with and there have been lots of companies that I've stopped doing business with (at least knowingly). For now Apple has lost my business again and only time will tell whether or not they earn it back.

Apple removes java script support in QuickTime

Back in January I posted about how it would be nice if software vendors would not put in unnecessary extras that it would make their software more secure and our lives easier. Well it seems that Apple has listened to me (since I am on "The List" I'm sure they closely follow my blog). :) Didier Stevens has reported that Apple has actually removed a feature from QuickTime that reduces functionality but increases security. The new version of Quicktime (7.1.5) has removed support for Java Script.

Kudos to Apple for doing the right thing. Maybe soon other vendors will follow suit.

Apple Eating Crow?

Finally, David Maynor and Johnny Cache get some satisfaction. Apple has finally admitted that there is a problem with their wireless driver. Unfortunately they still refuse to admit that this is related to the to the presentation at Black Hat last month. How does Apple expect us to believe that they just happened to find flaws, on their own, shortly after Black Hat? Their integrity and credibility seems to be getting worse and worse. I had considered getting a Mac after I played with one running Paralles and Windows, but then I read about Chris Hurleys experience and now seeing how they have handeled this has changed my mind.

I'm glad that David and Johnny have been vendicated. If not directly by Apple then by their actions anyway. It's just a shame that so many people jumped on Apples bandwagon and tried to drag their names through the mud. Those of us who are Security pros know that they had too much to lose to make up stories just for the shock factor. I don't think anyone who really matters ever doubted them anyway.