Don't need it? Don't install it.
Apple may have recently shoved an unsafe update down your PC's throat, but the broader problem is Apple, or anyone else, installing any unnecessary program on your PC.
If you use any Apple program on Windows you may have noticed recently a rather odd Apple Software Update dialog box telling you under the Updates heading that you need the iPhone Configuration Utility 2.1. I did, and my reaction was: "I do?" After all, I use an iPod Touch, not an iPhone, and iTunes does just fine with managing it. Then, I found I was also getting the notice on Windows PCs that I've never used with my Touch. What is this?
A little investigation revealed that the iPhone Configuration Utility is actually a tool for business system administrators to set up and administer corporate iPhones . Even if I were using an iPhone, I'd need that program like I'd need season tickets to the Detroit Lions. So, I haven't installed it-and I really wish Apple would stop bugging about it.
I didn't think anything more about it. I don't install programs I don't need or plan on testing. Others though did and they discovered that this completely unneeded Apple shovelware for 99.9999% of all users installs not just a configuration program, but the Apache Web server as well. For the tiny number of people who do need it, this lets corporate iPhone users 'phone' in to the business Web server for updates.
For the millions of everyone else having a Web server on your PC is horrible security risk. It's hard enough keeping Windows secure, but adding a totally unregulated Web server to the mix is like throwing matches at a pool of gasoline.
What was Apple thinking!? Actually, I rather doubt they were thinking. As Windows expert Ed Bott pointed out, Apple has long used "its automatic update process to deliver massive amounts of new software to users." That's often software you don't need, and in the case of the iPhone Configuration Utility it's actively making securing your Windows PC harder.
In general, I like Apple products, but I don't like anyone forcing software on me. In fact, I recommend that people only install the programs they need on their PCs. Every last program you install on PC potentially adds what security experts call an 'attack surface' to your computer. By this they mean that you may be adding a new weak spot in your PC defenses.
A Web server, like the one Apple adding to you PC isn't a weak spot though. It's a gateway just asking to be hammered on by an attacker. Managed properly Apache is as safe a Web server as you'll ever find, but ordinary PC users shouldn't try to manage it, and even an expert can't do anything with it if they don't know it's there.
If you haven't installed this program yet, don't. You don't need it, and you don't want it. If you have installed it, uninstall it with Windows' control panel uninstall utility. On XP, that the Change or Remove Program applet. So long as you're at it, you might want to get rid of other programs that you never use. Unused programs make be completely harmless, but they may also be security time-bombs. Stick with just the programs you need and use, and you'll be a better off.
Finally, Apple? Stop pushing software on people! If we want it, we'll download it ourselves. Thank you. Thank you very much.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Bonjour
A while ago I noticed a program on my PC called Bonjour. I had no clue what this was, so looking it up, I find:"Bonjour is Apple's implementation of the Zero Configuration Networking Standard. Bonjour for Windows includes a System Service that helps applications discover shared services on the local network, printer discovery wizard, and IE plug-in for discovering local Web servers."
Do I need this to detect my iPod or something? Apparently not:
"iTunes uses Bonjour to find shared music libraries, to find AirPort Express devices for streaming music to, and to find Apple TVs."
I don't use anything like this, I only use iTunes to add/remove files on my iPod, I don't even sync my play lists, as I hate using iTunes for listening to music. But I still haven't removed it because I don't know if it will cause massive problems running iTunes, or just disable those features.
Apple does a 180.
Miracles happen. Hours after I, and lots of other people, wrote about Apple's mis-step, it appears they've pulled iPhone Configuration Utility from Software Update for Windows.See:
http://www.computerworld.com/s/article/9138620/Apple_pushes_unnecessary_software_to_Windows_PCs
for the details.
Steven
How does this install Apache?
The link you use to demonstrate that the iPhone Configuration Utility installs Apache merely mentions a Ruby web service listening on localhost:3000. That's not Apache. Additionally, the most recent version of the utility (which would have been distributed via automatic updates) is a stand-alone executable, you do not use a browser for configuration and there's no process listening on port 3000.Do you have anything to back up your claim of an Apache installation?