So, in my last post “Can the EU get me QuickTime N?“, I noted that my installation of QuickTime (because I had a .MOV file I want to see) led to Apple Software Update offering me “iTunes + QuickTime 7.5”, despite my removing iTunes every time I find it creeping its way onto my computer.
Now I find that along with that iTunes update, came something that most definitely was not advertised:
My first thought is that if they are going to dump an iPod Service on me, the least they can do is give me a free iPod to use it with.
My second thought is … that really crosses the line.
At least with my inadvertent installation of iTunes, some careful reading, and not guessing, would have prevented me from installing it.
But at no point did I ever agree to installing an iPod Service. I don’t have an iPod, so I don’t need an iPod Service.
Oh, excuse me, two services – there’s also an “Apple Mobile Device” service. And that service requires TCP to be present before it starts. The iPod service requires RPC to be present before it’ll start. So, both of them engage in some form of network communication.
Maybe we should take a look at Microsoft’s Windows Defender, and its standards for what constitutes spyware.
- Deceptive behaviors. Runs processes or programs on the user’s computer without notifying the user and getting the user’s consent. Prevents users from controlling the actions taken by the program while it runs on the computer. Prevents users from uninstalling or removing the program.
- Privacy. Collects, uses, or communicates the user’s personal information and behaviors (such as Web browsing habits) without explicit consent.
- Security. Attempts to circumvent or disable the security features on the user’s computer, or otherwise compromises the computer’s security.
- Performance. Undermines performance, reliability, and quality of the user’s computing experience with slow computer speed, reduced productivity, or corruption of the operating system.
- Industry and consumer opinion. Considers the input from software industry and individual users as a key factor to help identify new behaviors and programs that might present risks to the user’s computing experience.
If you want, read the page linked to, it’s got more detail on what criteria Microsoft looks for in identifying spyware – I think you’ll find that an objective reading matches the iPod Service’s behaviour up with several of the more detailed criteria.
For this blog, though, lets take the overview headings one by one:
- Deceptive behaviours. Yes. Absolutely, it’s running a process right now that it didn’t tell me was going to be added. I had no reason to expect that there’s going to be an iPod Service installed.
- Privacy. No idea – I’m not leaving it there long enough to collect, use, or communicate anything back to Apple.
- Security. Yes – adding a service running as LocalSystem adds to an attack surface that I try to keep low. Besides, “LocalSystem”? Why? Windows Mobile uses Local Service, far less powerful an account.
- Performance. One more service that’s running permanently, that I’ll never use – yes, that’s going to affect performance, and reliability.
- Industry and consumer opinion. Well, this consumer says yes, it’s a bad thing. Maybe not because Apple is trying to write spyware on purpose, but because they ought to know better than to write spyware by accident.
Of course, Microsoft is hardly likely to use this as a reason for Windows Defender to stamp out the iPod Service – they’re too afraid of being sued for the federal crime of ‘messing with Apple’.
And I certainly haven’t found any reason to believe that Apple’s iPod Service is calling home or acting like spyware – so just let’s use a term from Sandi‘s vocabulary, “foistware”. [But that may be just because I haven’t really tried looking.]