Mozilla chief executive John Lilly has criticized Apple for its use of iTunes to offer the Safari web browser to Windows users, saying the technique “borders on malware distribution practices” and undermines the security of the Internet.
“What Apple is doing now with their Apple Software Update on Windows is wrong,” Lilly wrote on his personal blog. “It undermines the trust relationship great companies have with their customers, and that’s bad – not just for Apple, but for the security of the whole web.”
“Apple has made it incredibly easy — the default, even — for users to install ride-along software that they didn’t ask for and maybe didn’t want. This is wrong, and borders on malware distribution practices,” said Lilly in the post.
“It undermines the trust relationship great companies have with their customers, and that’s bad not just for Apple but for the security of the whole web.”
“Keeping software up-to-date is hard — hard for consumers to understand what patches are for, how to make sure they’re up-to-date. It’s also critically, crucially important for the security of end users and for the security of the web at large that people stay current,” he said.
Apple expanded its presence on the Windows platform on January First Week when it released a Windows-compatible version of its Safari Web browser. Released as a public beta, the final version of Safari 3 will run on both Windows and Mac OS X 10.5.
According to Apple CEO Steve Jobs the Windows version of Safari 3 has the same technology as the Leopard edition, including built-in Google and Yahoo search capabilities.
Apple decided to make Safari a cross-platform application to boost the Web browser’s market share. According to figures cited by Jobs, Safari currently captures about 5 percent of the browser market; Microsoft Explorer commands 78 percent of the market while Mozilla’s Firefox has a 15-percent share.
“The Mac’s market share is great, but we want to grow, and, in order to do that, we have to create a version of Safari on Windows,” Jobs told WWDC attendees. “And that’s exactly what we’ve done.”
But Lilly wrote, “The problem here is that it lists Safari for getting an update – and has the ‘Install’ box checked by default – even if you haven’t ever installed Safari on your PC.”
With this particular type of mechanism, Lilly argued, it’s important that users trust that the updates offered are necessary, so that they update as often as possible without really thinking about it.
“The likely behavior here is for users to just click ‘Install 2 items’, which means that they’ve now installed a completely new piece of software, quite possibly completely unintentionally,” Lilly wrote. “This is wrong, and borders on malware distribution practices.”
He said the practice undermines the way software makers want users to behave toward update systems, which “ultimately undermines the safety of users on the web.”
Lilly said he has no criticisms of the Safari browser itself.