Apple pushes MobileMe surprise to XP, Vista via iTunes update
Adds sync service control panel to Windows without notifying users
Computerworld - Apple Inc. installed a control panel applet for its MobileMe online sync and storage service on Windows XP and Windows Vista systems when they were updated to iTunes 7.7 -- the second time this year that it's bundled new software with an update for an existing program.
The anti-malware organization that rebuked Apple for similar tactics in April said it has not had a chance to investigate, but on a general level the group objects to software that's installed without prior user approval or knowledge.
Computerworld has confirmed that installing iTunes 7.7, the version required to access Apple's new iPhone- and iPod touch-specific App Store, also installs a MobileMe control panel in both Windows XP and Windows Vista. The control panel, dubbed "MobileMe Preferences," is used by subscribers to log into the service, set sync options for Outlook or Internet Explorer, and access MobileMe's online storage.
People who are not yet subscribers are taken to an Apple marketing Web site if they click on the "Learn More" button under a "Try MobileMe" heading.
The end-user licensing agreement (EULA) that accompanies the iTunes 7.7 update makes no mention of the MobileMe software that's installed on the PC, nor are there any notifications elsewhere during the setup procedure. Also, uninstalling iTunes does not uninstall the MobileMe control panel applet. Instead, users must select "Apple Mobile Device Support" from the "Add or Remove Programs" applet in XP or "Uninstall or change a program" in Vista to uninstall the software.
Apple's decision to include the MobileMe preferences applet without telling users reminded some of the dustup last spring when the Cupertino, Calif. company offered Safari 3.1 to Windows users via the Apple Software Update tool, even if they hadn't had Apple's browser on their PCs previously.
Back in April, Mozilla Corp., which develops the Firefox open-source browser, objected to the practice, with its CEO, John Lilly, saying that the practice "borders on malware distribution practices." Stopbadware.org, an anti-malware advocacy group founded by Google Inc., Lenovo Group Ltd. and Sun Microsystems Inc., notified Apple it would soon issue a "badware" alert for Software Update because of the tactics. Apple made that alert moot, however, when it changed the updating tool so that it separated updates for already-installed programs from offers to install new software.
Maxim Weinstein, manager of Stopbadware.org., stopped short on Monday of calling Apple's newest move a repeat of the Safari incident. "We haven't had an opportunity to look at it, so we don't have a formal evaluation," he said. "But our guidelines require and the [user] community expects that when an application installs new or different functionality that users are notified and able to consent to that."
Weinstein said that Stopbadware.org would probably look into the MobileMe-iTunes situation in the next week or two.
MobileMe, which has had a rocky start since its launch a week and a half ago, synchronizes e-mail, contacts and calendars on multiple Macs, PCs, iPhones and iPod touches; provides Web-based e-mail, contact and scheduling applications; and offers 20GB of storage space for an annual fee of $99.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts