Network admins unhappy with Apple Safari auto installation
April 5th, 2008 Leave a comment Visited 48 times, 1 so far today
Network admins unhappy with Apple Safari auto installation
Sometime back Apple decided that the users of their iTunes and QuickTime applications would like to get a taste of their Safari web browser on the windows platform.
So, the company decided to deliver this product through their Auto Update program utility.
However, this auto delivery has now become a headache for network administrators around the world who are now working hard on removing the Safari web browser from the computers on their network.
The problem is that Safari is not a very popular application on the Windows platform yet and it has not been tested for corporate use. So the administrators on corporate networks are afraid that its presence on the user’s machines could affect the security of the system.
Shavlik Technologies is one company which has already announced that their Shavlik NetChk Protect is now able to automatically detect and remove Safari from the networks it is being used to protect.
Apple, Apple iTunes, Apple QuickTime, Apple Safari, Corporate Networks, Networks, Security, Shavlik, Shavlik NetChk Protect, Web Browsers, Web Browsers
Manuj
Category: Uncategorized
|
TechWhack on Facebook
|
April 5th, 2008 at 09:02 pm
If these admins are so concerned about the security of the system, why are they using Windows in the first place?
April 5th, 2008 at 09:43 pm
Yeah, we sure wouldn’t want to see any security issues show up on Windows. Does anybody ever look at the dialog boxes when running an installer? I’d think a line with a checkbox might be a clue that an optional s/w package was being offered.
April 5th, 2008 at 11:54 pm
Think of this: The machines had iTunes on them, and thus allowed Safari to be presented through iTunes’ installed Apple Software Updater program. Maybe Apple was a little wrong for using the updater to suggest new software. However, the blame for this folly is on the IT admin, not on Apple.
Fact #1: iTunes is a security risk. Why is it on the system? Presumably, it’s because IT let users install it, or maybe even installed it for the users. How do you get music into iTunes? You either download it (through iTunes store or other means), or you rip it from CDs. Under the first scenario, you’re letting files be downloaded into your network which may be of questionable security; in the case of store purchases, obviously the end users are going to want to be able to keep those purchases, so you’re probably allowing them to connect an iPod or burn a CD. Security hole — you’re allowing your user to either connect an unsecured mass storage device to your network, or you’re allowing them to remove data from their computer onto a CD. In the case of ripping from CDs, you’re allowing your user again to introduce data into your network — and music CDs aren’t harmless always, as some have nasty surprises like Sony’s DRM rootkit.
Fact #2: Admins of secure networks should have their end users privileges locked down. Admins should be controlling versioning of software — they should control if and when updates are installed and applied. The fact that Apple Software Update was able to pop up on their machines and the installer routine for Safari be able to run is proof of a security issue that goes far beyond Apple’s suggestion for install in the first place. Yes, be mad that Apple offered it unsolicited, but if your users can download and install Safari, what other stuff are they downloading and installing?
Fact #3: Having a program on your system does not necessarily make your system more or less secure. I bet 99% of the users who install Safari this way will never even open it, they were just too lazy to uncheck the checkbox for it when the iTunes update became available. Even if they do use it, if you have proper proxies, firewalls, and web content filters in place on the network and proper antivirus and antimalware protections on the PCs, you shouldn’t have much to worry about.
Fact #4: IT admins love bashing Apple because they know that their networks probably would be more secure running an all Mac environment — and less maintenance needed means less need for IT staff. Finding flaws with Apple and bitching loudly is just a mechanism for job security.
April 6th, 2008 at 03:51 am
So these admins allow users to install programs on the computers without authorization? I would think any admin worth a damn would have installation forbidden without his/her authorization. So I really don’t believe what is being described here is an actual problem. It is more likely yet another scheme by software companies (such as Shavlik Technologies listed here) to convince admins that there is a problem and they need to buy their software to prevent/fix the problem. These admins are easy targets as most only use windows so tend to believe these fairy tales. Of course this could also just be plain Apple bashing, these windows types love to create fantasy to “prove” bad things about Macs.
April 6th, 2008 at 04:01 am
According to who? Why would the IT dept. in these companies give administrator privileges to any employee to load software at will? Sounds like BS to me.
April 6th, 2008 at 05:14 pm
Apple are not working for the interests of Admins. They are providing a bit of software for the home user. If the Admins are allowing anyone to install software then the Admins are at fault.
April 6th, 2008 at 10:18 pm
Have you ever seen a happy network administrator?
April 7th, 2008 at 04:33 am
Network admins let users install their own software? Then they’re unhappy about it? Sounds bogus to me.
April 7th, 2008 at 09:15 am
So the administrators on corporate networks are afraid that its presence on the user’s machines could affect the security of the system.
Not to sound too much like the NRA, (yeah, I know: it’s really bullets that kill people,) but it’s not Apple that causes security problems, it’s software with security issues that causes problems.
“Software with security issues” includes virtually everything on the planet. As yet, there are many potential issues with Safari, Quicktime and the like, all but one or two easily patched through the “offending” update mechanism, with as yet virtually zero actual losses. With all due respect to the guardians of morality, they protest too much.
April 7th, 2008 at 02:46 pm
Shavlik Technologie is affair with Microsoft for strength security addition to Window systems for protection purposes. It’s is not for Apple in their interests. Business is their business. Internet Explorer is the most flaw browser in Microsoft’s own assurance web and powerful idea functions because not compliant of Web standards.
Safari, Opera, and Foxfire are only excellent browser of choices.
April 9th, 2008 at 10:30 am
Well my reply from Sunday apparently wasn’t liked by the folks on this page as they decided to delete it.
Too bad, as all I was doing was pointing out that the headline (”network admins unhappy with blah blah blah”) was not backed up by the story. No network admins quoted anywhere in the story! Then I pointed out that the story was posted a day after the company named in the story (Shavlik) sent out a press release saying this was a big deal and they sell a product to “uninstall” Safari.
So the story smells, and I called ‘em on it. I think this is a valid criticism of what’s posted here.