September 28, 2009, 11:36 AM — If you use any Apple program on Windows you may have noticed recently a rather odd Apple Software Update dialog box telling you under the Updates heading that you need the iPhone Configuration Utility 2.1. I did, and my reaction was: "I do?" After all, I use an iPod Touch, not an iPhone, and iTunes does just fine with managing it. Then, I found I was also getting the notice on Windows PCs that I've never used with my Touch. What is this?
A little investigation revealed that the iPhone Configuration Utility is actually a tool for business system administrators to set up and administer corporate iPhones . Even if I were using an iPhone, I'd need that program like I'd need season tickets to the Detroit Lions. So, I haven't installed it-and I really wish Apple would stop bugging about it.
I didn't think anything more about it. I don't install programs I don't need or plan on testing. Others though did and they discovered that this completely unneeded Apple shovelware for 99.9999% of all users installs not just a configuration program, but the Apache Web server as well. For the tiny number of people who do need it, this lets corporate iPhone users 'phone' in to the business Web server for updates.
For the millions of everyone else having a Web server on your PC is horrible security risk. It's hard enough keeping Windows secure, but adding a totally unregulated Web server to the mix is like throwing matches at a pool of gasoline.
What was Apple thinking!? Actually, I rather doubt they were thinking. As Windows expert Ed Bott pointed out, Apple has long used "its automatic update process to deliver massive amounts of new software to users." That's often software you don't need, and in the case of the iPhone Configuration Utility it's actively making securing your Windows PC harder.
In general, I like Apple products, but I don't like anyone forcing software on me. In fact, I recommend that people only install the programs they need on their PCs. Every last program you install on PC potentially adds what security experts call an 'attack surface' to your computer. By this they mean that you may be adding a new weak spot in your PC defenses.
A Web server, like the one Apple adding to you PC isn't a weak spot though. It's a gateway just asking to be hammered on by an attacker.