September 28, 2009, 11:36 AM — If you use any Apple program on Windows you may have noticed recently a rather odd Apple Software Update dialog box telling you under the Updates heading that you need the iPhone Configuration Utility 2.1. I did, and my reaction was: "I do?" After all, I use an iPod Touch, not an iPhone, and iTunes does just fine with managing it. Then, I found I was also getting the notice on Windows PCs that I've never used with my Touch. What is this?
A little investigation revealed that the iPhone Configuration Utility is actually a tool for business system administrators to set up and administer corporate iPhones . Even if I were using an iPhone, I'd need that program like I'd need season tickets to the Detroit Lions. So, I haven't installed it-and I really wish Apple would stop bugging about it.
I didn't think anything more about it. I don't install programs I don't need or plan on testing. Others though did and they discovered that this completely unneeded Apple shovelware for 99.9999% of all users installs not just a configuration program, but the Apache Web server as well. For the tiny number of people who do need it, this lets corporate iPhone users 'phone' in to the business Web server for updates.
For the millions of everyone else having a Web server on your PC is horrible security risk. It's hard enough keeping Windows secure, but adding a totally unregulated Web server to the mix is like throwing matches at a pool of gasoline.
What was Apple thinking!? Actually, I rather doubt they were thinking. As Windows expert Ed Bott pointed out, Apple has long used "its automatic update process to deliver massive amounts of new software to users." That's often software you don't need, and in the case of the iPhone Configuration Utility it's actively making securing your Windows PC harder.
In general, I like Apple products, but I don't like anyone forcing software on me. In fact, I recommend that people only install the programs they need on their PCs. Every last program you install on PC potentially adds what security experts call an 'attack surface' to your computer. By this they mean that you may be adding a new weak spot in your PC defenses.
A Web server, like the one Apple adding to you PC isn't a weak spot though. It's a gateway just asking to be hammered on by an attacker. Managed properly Apache is as safe a Web server as you'll ever find, but ordinary PC users shouldn't try to manage it, and even an expert can't do anything with it if they don't know it's there.
If you haven't installed this program yet, don't. You don't need it, and you don't want it. If you have installed it, uninstall it with Windows' control panel uninstall utility. On XP, that the Change or Remove Program applet. So long as you're at it, you might want to get rid of other programs that you never use. Unused programs make be completely harmless, but they may also be security time-bombs. Stick with just the programs you need and use, and you'll be a better off.
Finally, Apple? Stop pushing software on people! If we want it, we'll download it ourselves. Thank you. Thank you very much.
