[Infowarrior] - Apple's insecure iPhone forced update

[Richard Forno]

Don't need it? Don't install it.Apple may have recently shoved an  
unsafe update down your PC's throat, but the broader problem is Apple,  
or anyone else, installing any unnecessary program on your PC.

Tags: Apple, iPhone Configuration Utility

http://www.itworld.com/security/79064/dont-need-it-dont-install-it

If you use any Apple program on Windows you may have noticed recently  
a rather odd Apple Software Update dialog box telling you under the  
Updates heading that you need the iPhone Configuration Utility 2.1. I  
did, and my reaction was: "I do?" After all, I use an iPod Touch, not  
an iPhone, and iTunes does just fine with managing it. Then, I found I  
was also getting the notice on Windows PCs that I've never used with  
my Touch. What is this?

A little investigation revealed that the iPhone Configuration Utility  
is actually a tool for business system administrators to set up and  
administer corporate iPhones . Even if I were using an iPhone, I'd  
need that program like I'd need season tickets to the Detroit Lions.  
So, I haven't installed it-and I really wish Apple would stop bugging  
about it.

I didn't think anything more about it. I don't install programs I  
don't need or plan on testing. Others though did and they discovered  
that this completely unneeded Apple shovelware for 99.9999% of all  
users installs not just a configuration program, but the Apache Web  
server as well. For the tiny number of people who do need it, this  
lets corporate iPhone users 'phone' in to the business Web server for  
updates.

For the millions of everyone else having a Web server on your PC is  
horrible security risk. It's hard enough keeping Windows secure, but  
adding a totally unregulated Web server to the mix is like throwing  
matches at a pool of gasoline.

What was Apple thinking!? Actually, I rather doubt they were thinking.  
As Windows expert Ed Bott pointed out, Apple has long used "its  
automatic update process to deliver massive amounts of new software to  
users." That's often software you don't need, and in the case of the  
iPhone Configuration Utility it's actively making securing your  
Windows PC harder.

In general, I like Apple products, but I don't like anyone forcing  
software on me. In fact, I recommend that people only install the  
programs they need on their PCs. Every last program you install on PC  
potentially adds what security experts call an 'attack surface' to  
your computer. By this they mean that you may be adding a new weak  
spot in your PC defenses.

A Web server, like the one Apple adding to you PC isn't a weak spot  
though. It's a gateway just asking to be hammered on by an attacker.  
Managed properly Apache is as safe a Web server as you'll ever find,  
but ordinary PC users shouldn't try to manage it, and even an expert  
can't do anything with it if they don't know it's there.

If you haven't installed this program yet, don't. You don't need it,  
and you don't want it. If you have installed it, uninstall it with  
Windows' control panel uninstall utility. On XP, that the Change or  
Remove Program applet. So long as you're at it, you might want to get  
rid of other programs that you never use. Unused programs make be  
completely harmless, but they may also be security time-bombs. Stick  
with just the programs you need and use, and you'll be a better off.

Finally, Apple? Stop pushing software on people! If we want it, we'll  
download it ourselves. Thank you. Thank you very much.