Sunday, April 20, 2008

Apple Fixed The Piggybacking Issue In SU

Couple of weeks ago, I blogged about this "Safari 3.1 Piggybacks In Sofware Update".

There was a series of reaction specifically those who understands information security, criticizing about Safari 3.1 piggybacking or stealth installation through Software Update.

Now, the interesting news is that Apple fixed this issue in Windows Apple Software Update version 2.1 [READ ZDNet]. I reckon earlier last week, the software update tool still includes Safari 3.1 in the list. However today, this is what i found out.

To manually update, click "Apple Software Update" from Windows Program menu.


Notice "Apple Software Update for Windows", this is an update to get the latest SU version 2.1.


Let's install and check it ...


Here's the new look. Apple fixed the issue by creating two sections: (1) Updates (2) New Software. It simply shows that Safari 3.1 is no longer piggybacking in software updates since it has its own category as New Software. Good!


But wait, how come the tick boxes were already filled-in by default?

Perhaps, this update is a complete conformity to information security if they also changed this default behavior to "NO".

Speaking of default behavior, the latest changes in RapidLibrary requires users to install Zango to access a free content but here's the catch... Click "OK" to cancel and "Cancel" to continue.


Funny, this is Psychology of Security [Reference: Bruce Schneier].