Apple unnecessarily exposing Windows networks to security risks?

April 5, 2008

Apple unnecesarily exposing Windows networks to security risksApple is unnecessarily creating security risks for large networks by automatically installing its Safari browser with recent iTunes and Quicktime updates. Though this may only come across as an annoyance to individuals, several companies view this as a security threat.

The Apple Software Update, the program used to update and install various Apple products, is now automatically installing Safari along with any updates to any Apple software. Apple may think it is delivering a blessing to the less-stable Windows world, but the auto-install is creating issues for companies employing large, high-security networks.

"I went into work the next day and I scanned my network, and my inventory software said I have Safari on 30 PCs," said a Soy Capital Bank network administrator to InfoWorld. "This is not good; this is a security risk. We’re a bank."

A truly secure network supporting an institution like a bank would require that network admins know exactly what is installed on every machine, so an automatic "update" like this exposes machines to very unnecessary holes. As we have previously learned, Safari can be a devastating vehicle of damage — just like Internet Explorer.

Some conspiracy theorists might conclude that Apple is purposefully creating trouble for Windows networks to make the Macintosh appear more secure, but that would only be a theory. Then again, big corporations don’t get into shady business, right?

Be Sociable, Share!

18 Responses to “Apple unnecessarily exposing Windows networks to security risks?”

  1. Rick:

    Wah Wah Wah Wah and how did the wonderfully secure Microsoft windows (otherwise known as total security risk) allow that to happen? gee where were the MS security features????

  2. Alan Lance:

    Do the words “check box” mean anything to some people?

  3. AdamC:

    Wow, i didn’t know Apple also install Safari in stealth mode into PCs without informing the users and all along I thought only MS windos automatically install software and malware.

  4. IT Administrator:

    The kind of admins that whine about this stuff are idiots anyway … If you’re in an environment that needs to be that secure, your users shouldn’t have permission for installers such as Apple Software Update / Safari installer to run. The admin should be in control of versioning of software on the systems.

    Heck, I’d have to wonder why iTunes would even be on one of those systems in the first place … because last I looked, the only two ways to get music into iTunes are through either download (through iTunes or elsewhere) or by pulling music off CDs, and I’d hate to think my bank is allowing end users to download music files (or anything else for that matter) or to insert materials through an optical drive (even music CDs can be harmful — the whole Sony Rootkit DRM comes to mind) on machines with sensitive data — hell, I’d hope that machines with truly sensitive data wouldn’t even be hook into the public internet at all!

    Point is … these administrators that whine are morons that didn’t lock down their networks, and they’re taking an opportunity to bash Apple because they realize that without the problems that MS Windows causes, if companies were to start using more Apple / Mac hardware and software, many of them would be out of their jobs…

  5. ardaz:

    This is total bull. First safari is not automatically installed – it’s an option… second, what is this security conscious system admin doing letting his network users download software direct to their machines anyway. If that is normal for Soy capital Bank, then your money isn’t safe and he should be shown the door. Talk about passing the buck….

  6. OS11:

    It’s only a problem if a company is still using Microsoft products on their machines. Once they upgrade to Macs, they won’t have problems, plus much of the IT staff won’t be needed, so they need to plan to get rid of their buggy systems, problem solved.

  7. Walt French:

    Yeah, if installing unapproved software is a security risk, it should have been prevented. Or, more flexibly, individuals may be given the OK to install software but only IE can access the internet.

    Security types are actually control types, but I understand (at least a bit). It’s a lose-lose deal for them: if spyware/malware comes in thru a new, unknown channel (such as whatever exploit was recently used to snare a MacBook Air), the security guys get blamed. If they don’t let users have flexibility to work the way they want, they get blamed.

  8. Walt French:

    Yeah, if installing unapproved software is a security risk, it should have been prevented. Or, more flexibly, individuals may be given the OK to install software but only IE can access the internet.

    Security types are actually control types, but I understand (at least a bit). It’s a lose-lose deal for them: if spyware/malware comes in thru a new, unknown channel (such as whatever exploit was recently used to snare a MacBook Air), the security guys get blamed. If they don’t let users have flexibility to work the way they want, they get blamed.

  9. Dave:

    Our business celebrates 10 years as a Mac shop in July of this year. That’s 10 years without a virus, trojan or key tracker…

    Of course, security experts keep reminding me that I’m just lucky.

  10. eobiont:

    To suggest that switching to Macintosh on an enterprise level would reduce IT staff levels is rediculous. Apple provides no enterprise level management tools for Macintosh. Say you have 1000 Macintosh computers on a network. How would I report on what OS version was installed on each one. How can I find out if the February patches for Leopard are installed. Do I need to send out an IT person just to check if the patches are being applied. What about Quicktime? How do I ensure that it is up to date on each of these machines?

    The bank example in this article is really rediculous. As others have said, in a bank no user should have admin rights to her machine. Also, Apple provides stand alone QT installers for enterprise so that you can automatically and silently install/ update QuickTime without any other components. Get a brain moran.

  11. IT Administrator:

    @eobiont: It’s called Apple Remote Desktop. It has full reporting capabilities, ability to push updates and patches from a central console, and even control machines for purposes of troubleshooting or remote usage in the style of VNC or RDP/Windows Remote Desktop Connection. It’s a product that’s been around for YEARS, and it’s now a version 3.x product.

    So I stand by the original assertion — Mac would reduce IT staff, particularly at the helpdesk level, with the reduced risk of malware contaminating endpoint computers. Plus, Mac technologies like Bonjour eliminate a lot of the manual configuration problems for things like network printers that on Windows most times require an IT guy to provide instructions on connecting to (and most recent HP network printers support the Bonjour protocol) Personally, I think Mac would work insanely well for an enterprise.

  12. David Flory:

    eobiont should learn to spell (ridiculous and insure) and then people might pay more attention to what s/he says. Oh well, that way the other errors pointed out by others would be even more obvious.

  13. OS11:

    oh my God eobiont!

    Apple has had enterprise level reporting and software updating tools on the Mac for decades. Apple’s high powered Remote Desktop software alone runs circles around anything in use in Windows enterprise.

    Your ignorant comment is just another reason Mac IT always laughs at Windows IT, you guys are just out of the loop to how modern computing works.

    Macs are the gold standard in efficient businesses, but I guess you don’t work for one.

  14. Sharon:

    Let IT be alone working with evil Microsoft in poor enterprise and network banks’ needs. IT itself entirely is possibly envious of Apple. We are watching you.

  15. Chuck:

    Thanks to all those who spoke about that wonderful app, Apple Remote Desktop. It DOES run circles around anything on the Windows side. I know. I worked at a Fortune 100 company that used Altiris. What a joke compared to ARD. Try remote controlling a Windows PC with that cludge of a program, and then remote control a Mac with ARD.

    You guys are absolutely right: Windows admins don’t have a clue to anything outside of their MSFT world. Sad, truly sad.

  16. Sridhar Krish:

    I think nobody understood Bonjour. It is just an advertising protocol and has nothing to do with compromising security.

    It is like DNS, it says shares having media files exist or a printer exists. If nobody implements security to protect these systems then it is an issue.

    The security issue that is unnecessarily raked here has nothing to do with the protocol. It is like saying DNS is a problem because it lets somebody to know the servers available in my network…

    The issue here is Security by Obscurity.. IT never is a recommended method and is frowned upon. Just because something is not visible does not mean it is not vulnerable.

    Most people who exploit networks and devices are smart enough to anyway find devices that are obscured.

  17. whinedows biatch:

    u av splt “ridiculous” rong. innit.

    nt tht u cr u fkn langwij btchrng cntz

  18. Michael Schweitzer:

    A hacker accessed my iMac through the Bonjour port (5353). Is Bonjour a security risk? Yes. I learned it the hard way. I had the rebuild my security system. If Apple had integrity, it would prompt you to click “allow” before letting Bonjour infiltrate.

Leave a Reply:


Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content

Archives

Copyright © 2014 Blorge.com NS