Against my better judgment, I’ve installed QuickTime on my computer so that I can view the few movies on the web which use one of Apple’s proprietary formats. I say "against my better judgment" because QuickTime seems to be full of security holes (routinely downplayed by Apple) and ill-conceived and dangerous "features."
While Apple does seem to eventually fix these problems, even when they won’t admit the seriousness of them, the way they distribute patches ranges from dysfunctional to outright invasive. For example, Apple has an update tool which can automatically download and install patches to QuickTime, similar to Windows Update. This is, in principle, a good idea, but Apple has chosen to:
- Not make the latest QuickTime patch available via their update application, or even directly from Apple. Instead, you have to get it from MySpace (MySpace!) and if you don’t have a MySpace account, you’re out of luck.
- What the Apple update tool does try and install on my machine, on the other hand, is ITunes. You get the chance to cancel this, but you have to notice that the update tool is doing something different than what you expect — anyone who has read that there is a bad security hole in QuickTime and then sees an Apple update available in their tooltray might well blindly click through the update without carefully reading what Apple intends to install on your computer. I’ve never had ITunes, and don’t want it. Isn’t the unwanted installation of for-profit software, well, malware?
The next time you see an Apple ad questioning Windows security, consider the source.