I love it when people just find an excuse to make a big deal out of nothing. Apple is probably doing all you Windoze fools a favor by giving you something to hopefully snap you out of that trans you're in. Besides, nothing was FORCED upon anyone. If you bloody morons READ before accepting anything, you wouldn't have a problem. But then again, Windoze users are Windoze users for a reason ;-)
aztut
· 1 year ago
Man, you sound like a guy with anger issues. No need for name-calling and insults-everyone is entitled to their own opinion. Plus, if Macs were so great everyone would have one, instead of vise-versa!
Dan Cunningham
· 1 year ago
Actually, I have to disagree here a bit. Macs are gaining massive market share - my primary home machine is a Mac, and I love it.
HOWEVER! I still think Apple made a bad move with forcing this down...
Just my 2 cents, Dan
tenorsax
· 7 months ago
Jarod: What kind of idiot are you? Nobody cares whether you use mac or windows except dung-suckers like you. "..nothing was forced upon anyone?" Were you born yesterday? Every OS and software out there puts undesirable crap on your pc without your knowledge. Then when someone asks for solutions you whine "I'm Mac and you're Windows ooooh"
Dan
· 1 year ago
Such a clever comment, really. Another fanboy rant.
It's not "forced" on you, no - but it IS "opt-out" rather than "opt-in", and it's worded in such a manner that the average user thinks it's a "system update". In a corporate environment, where security is paramount - this is not acceptable, and Apple is doing no favours to any corporate customer by not delivering a decent disabling mechanism
And for the record, my two home machines are both Mac's.
Robert
· 1 year ago
i absolutely love how every time Apple does something that is by all accounts an evil doing as judged by Windows as well as *nix users worldwide (and in some cases the BBB or a courtroom) their fanboy drones come to the defense of poor old Steve whom is just such a man to be revered for his efforts in snubbing philanthropy and child support dodging.
Jarod
· 1 year ago
Its not being a fanboy; but if you've noticed, everything and everyone is becoming so damned paranoid and insecure and expectation have become absurdly ridiculous. Yes, people are supposed to READ. In corporate environments, and by that I mean, REAL corporate environments, GOOD admins have all user stations LOCKED DOWN so that no user can install anything. Granted, thats not typical of lots of companies, but its no excuse for human laziness and blaming on 'Oh I didnt read it'. So what if its OPT OUT. Does the extra click warrant such a DRAMATIC reaction. Are people soooo lazy, that ONE click is such a biig deal. Common people! Forget that its Apple for a second. This is certainly not the first time something like this happened. But all eyes are on Apple, and hence, automatically, its a big deal. I just think the internet and technology is simply creating a generation of lame, full of excuses, lazy bums.
Robert
· 1 year ago
Jarod --> i fully respect the fact that this is a simple matter of unchecking a checkbox at the user level but from all the arguments i have read pushing this solution and faulting the users for being "lame, full of excuses, lazy bums" none of them take into account that perhaps many of those users haven't a clue what Safari is. i'm willing to bet that most of Quicktime's user base on the Windows side of the fence have never heard the word without it encompassing a trip to Africa. now when you are like me and have both family and friends spread around the world with PCs/Laptops that you cannot lock down unless you could afford to quit your job to administer them remotely at the drop of a dime Apple just put a thorn in your cereal because go figure this caught some off guard as they did not know what Safari was and it was an labeled as "update". remember the window clearly reads "select the items you want to update". to the common user this reads out that it is already there and something they should update because that wording implies it is already installed.
imagine if MS released IE8 under a different name than "Internet Explorer" and their Office updater on the Mac popped up to update the Office software but along for the ride came this unheard of product to the user and in the process removed Safari, FF, Opera or even Camino as the default browser. think Apple, and their followers, would stand for anything less than Ballmer's head on a platter?
David P.
· 1 year ago
Who cares about your stupid corporate lockdown BS. I'm sick of going to my little ol' grandma's and mother's houses and having to uninstall all the crap that gets put on their computers because they have to "opt-out" instead of opt in. I save your idiotic anti-microsoft excuses, they all use Firefox. Apple is no different from Microsoft, shoving it's products down people's throats. Just give us a way to stop them.
David P.
· 1 year ago
Nevermind, I just removed the Apple Update run from my scheduled tasks and that seems to have taken care of it.
DaleP
· 1 year ago
Robert--> " that perhaps many of those users haven’t a clue what Safari is."
DUH!!! Then JUST SAY NO!!
In my company the rules are simple: If you don't know, ASK. If you don't recognize the sender/domain of an email, don't open it. If you don't know what some update/software is or where it came from, JUST SAY NO! You can always get that update again.
But I forgot, we can't be personally responsible for anything today, just have to find someone else to blame.
Dan
· 1 year ago
It really seems to be as if some people have missed the whole point of this post. It's all good and well saying "Duh! Say No!", "Good admins have their workstations locked down" and "People shouldn't be so lazy and read what's on the screen". The fact of the matter is, they DON'T say no, circumstances can dictate that a machine CAN'T be locked down, and some people ARE lazy.
It's all good and well for techno-literate people to come to this blog and rant on about how lazy or stupid people are but seriously, this is NOT "everyday people" area of expertise. The likelyhood is, you, work in the IT industry or acquire your knowledge through IT as a hobby. Professional staff in a company - the likes of accountants, architects, secretaries etc - are employed for their skill-set which, although probably involves a level of IT knowledge (ie, email, spreadsheet etc), does NOT require them to know what a "Safari" is and whether it should be updated (mislabelled; should be installed) or not.
It's the responsibility of the IT department to protect the data of the company, which often includes Software deployment, machine lockdown, and patch / update management. As an IT professional, my beef is that Apple expect you to use a Software Update service (much the same as Windows Update), with absolutely no level of control as to what is deployed, apart from a Yes / No - Install or Dont. Larger companies will have the resources to cut out the ASU service, and manually push out say, Quicktime every time there's a new release. Smaller companies don't have the same reasources, so they are likely to use the ASU service for patch management of Quicktime and maybe other products.
Every time a new update gets released, the user just clicks Ok to install it. After a while, they get used to just clicking Ok on this update dialog box that appears, and do it without thinking. And suddenly one morning, all of your staff have a new web browser as the default, they're bookmarks are nowhere in sight, they're being redirected from the company Intranet page, and they're already exposed to 2 security vulnerabilities (see blog update above).
Seriously, can you *honestly* argue with this? It DOES happen, and there's a hierarchy of blame that can be attributed; but at the top of the chain sits Apple, who gave no way of easily disabling updates, or no advanced notification that this was coming - both of which Microsoft gives with Windows Update, WSUS (corporate Patch Management) and security bulletins given well in advance of monthly patching.
THAT is why I made the above blog post. So that there IS a way of disabling Safari from being installed. I don't dislike Apple - I own 2 Macs, an iPhone, an iPod and an Apple TV. I think their products are amazing. Regardless, I strongly disagree with they way they've handled the Safari deployment and see it as a sneaky method of gaining a large share of the browser market in a short period of time, which puts the average, non-technical, computer user at risk.
Rant over.
Alex
· 1 year ago
What happens if the user has already installed Safari via the update and you then apply these registry changes?
I haven't tested it but if they stop getting Safari updates you may make things worse in the future.
Dan
· 1 year ago
Actually, I suspect this update applies *solely* to Safari 3.1 and not any future updates. If you manage to deploy it prior to ASU doing it's update check, you shouldn't be prompted to install Safari. If you have Safari installed, the update code should change for future security updates or new versions and so it should prompt to install them as they are released.
I'm hopeful though, that Apple will update the ASU service to provide better lockdown capabilities for corporate environments - preferrably before the next Safari update.
Dan
Jarod
· 1 year ago
Whatever. In this day and age it is people responsibility to take account of their actions. You do it when you drive, you do it when you're out in the real world. You should also be doing it online. Microsoft has imposed and forced 10 years worth of shit onto users. So much, that it's being ripped apart by the 'TRUE' justice system in Europe, unlike that Mickey Mouse club we have here in the US. I don't feel that Apple did anything wrong. Lots of people liken this to installing malware, but the Safari browser is anything but Malware. Users unintentionally install a billion harmful things on their PCs simply by using IE. Now THATS something to be pissed about. This whole Safari thing is a JOKE.
Dan
· 1 year ago
I wouldn't consider Safari to be malware, but I would say that the mechanism in which it's being deployed is sneaky at best, and a genuine problem for administrators and security experts everywhere.
"Whatever"? That is completely ignorant, and offensive. I gave you a solid argument and rather than counter with anything constructive or challenging, you dismiss everything I've said - which indicates that you won't listen to reason.
As I said, this blog post is specifically for people who need a mechanism to disable ASU. Please, don't turn this into an MS/Apple war.
Nelson
· 1 year ago
I think you are missing the point here. In a domain environment, admins need to have control over the systems we are required to manage. Quicktime is software that is necessary and is acceptable. But Safari is not, if we wanted it on our machines we would download it and install it for our users. I.E. offers many benefits through group policy that you just do not get with Safari. I can't set a universal home page for every machine in my domain or manage security settings through group policy with Safari. Apple is wrong to push this down the users throat and then expect admins to waste their time uninstalling it from hundreds of machines. I've got better things to do with my time.
Thank you Dan, for going through the trouble to find this for all of out here in Microsoft land. You have saved me many hours of pain.
Sande Nissen
· 1 year ago
Dan: When I look at a PC with the most recent Apple Software Update installed, in the registry the key I find is: [HKEY_CURRENT_USER\Software\Apple Computer Inc.\Apple Software Update] not: [HKEY_CURRENT_USER\Software\Apple Inc.\Apple Software Update]
Can you confirm that your original posting is correct?
Because, like you, I'm thinking of the responsibility of us desktop managers to protect the integrity of the equipment we support, so we're about to push this solution out to all our users. I want to be sure I have it correct.
Dan
· 1 year ago
I've checked on multiple machines and mine are always "Apple Inc.". Might be prudent to set up two reg files and check which ASU key exists before applying.
Incidentally, it seems that the update codes DO change, as shown by the recent iTunes and Quicktime updates. To exclude Safari (up to 3.1) and iTunes (up to 7.6.2) but keep Quicktime updates, the following reghack works:
I am in the process of using a GPO logon script to deploy the registry key and I noticed that using the "061-4516" didn't ignore Safari on my Win XPSP2 box. So I ran ignore from the Apple updater and it added a 061-4588 instead. This leads me to believe that this value isn't fixed even for Safari 3.1.
On my Vista box the reg key is [HKEY_CURRENT_USER\Software\Apple Computer Inc.\Apple Software Update] with a value of 061-3352.
Cheers
Dan
· 1 year ago
How odd. I have both 061-4516 and 061-4588 on the list about but not 061-3352 and it's ignoring Safari for me fine. I guess there's really no good way of blocking Safari effectively. :(
Matt
· 1 year ago
You guys DO realize, at least on the Windows version of the Apple Software Update that under the tools menu, there is an option to ignore updates? Why not use that? I couldn't even get the registry hack to work; I had Apple's program do it for me.
Also, I agree that this is rather sneaky. It's like the cellphone people at the mall that always offer you a cellphone. A saying I like comes into play here. "Don't call us, we'll call you." I don't know about you guys, but I don't like to be bugged to install software that I don't want or need, without asking for it. And no, I'm not a Windows fanboy, because IE's Silverlight pissed me off just as much, and there's seemingly no way to remove that update. So in this case, Apple at least gives you an option. Microsoft, as usual, is just doing more rights restricting. That's besides the point.
Corey
· 1 year ago
The thing that bothers me about this whole thing.. I got the iTunes software as it gives me what I need. I expected it to work a certain way. There's an implied agreement between User and Developer, "I use your program, you keep it working how I expect it to."
I enjoyed just being able to click 'Update!' with confidence and it would update Quicktime and iTunes - fixing bugs, security holes, etc. without doing something I didn't expect it to do. Then what do I find? Safari's on my computer! Apple violated my trust that their software would work as expected.
Yes, it's an easy problem to fix. But trust is so much than that.
Eric Skagerberg
· 1 year ago
In a Windows Active Directory network, I'm inclined to use a Software Restriction Policy path rule to disallow Apple Software Update, and then roll out any updates through a Group Policy Object's Software Installation policy instead, choosing the "Uninstall the applications when they fall out of the scope of management" option to automatically remove old versions.
To disallow Apple Software Update in Group Policy: - Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules - Right-click or Action > New Path Rule... - Path: C:\Program Files\Apple Software Update - Security Level: Disallowed
This would prevent Apple Software Update from running, regardless of whether the user installed it, or what version was installed.
Eric S. Santa Rosa, CA
David Dice
· 1 year ago
Does anyone know if this will prevent iTunes from starting an update? There's a checkbox in Edit|preferences to "Check for Updates Automatically". Will disallowing the updater in policy prevent it from running via this checkbox? Or is there a registry key that is set by this checkbox (I haven't been able to track one down), because then I could also turn this off in group policy.
My users are allowed to install iTunes, and I need to have a way to update it without allowing Safari and especially Bonjour which I absolutely don't want.
Henry O
· 1 year ago
My problem with this whole thing is that I'm prompted to "update" Safari every time a new update is released. So maybe once a week a window pops up, minimizing whatever I was doing, saying "oH noez you dun has safari on your comp lol instal it k" and I have to uncheck the damn box and quit out of the window and it really really pisses me off that there's no option to disable the update prompts.
Ryan
· 1 year ago
I personally hate apples software update with a passion. Simply installing quicktime will plague a computer with constant dialog boxes attempting to force itunes, safari and whatever else apple thinks they can shove down users throats with no visible way to disable it.
AndyB
· 1 year ago
Just like others here, I had to install Quicktime for some reason. After I finished, I un-installed it.
Done? Heck no. I found I had installed iTunes as well. For what? I hate the thing. So I un-installed that too, re-installed the Quicktime alternative and left it.
Now, I found that Apple's Updater wanted me to re-update/install not only Quicktime, but iTunes and Safari as well. What a way to rope in new customers. Will I ever trust and buy from Aplle?
Well done!
AndyB
Drew
· 1 year ago
Wow what a discussion. How about Add/Remove Programs and uninstall Apple Software Update? Or uncheck the setting when installing Quicktime!
@!@ /
Wow Life is easy, Drew Piss on Uncompatible APPLE
Rottin1
· 1 year ago
Ding Dong, the wicked witch is dead...
I for 1 believe that most if not all commercial browsers are nothing more than a bunch of hacking info gatherers, and defiantly "all" OS's are like governments controlling there users instead of their users controlling the systems they create.
I long for the time when garbage in garbage out was the norm, and when you wanted to update software you did it manually...
YouseGuysAreAllCrazy
· 1 year ago
Wow. What was waste of time for sooooooooooooo many of you.
My solution - dump iTunes. It's crap anyway, cumbersome, and you can't load podcasts from other than your own PC.
Winamp, baby. That's the ticket.
The Safari debacle is just one more reason to dislike Apple.
Paul R.
· 1 year ago
Dan,
Does the .REG file listed above disable Quicktime update? I need to stop Quicktime update for ALL users.
Dan
· 1 year ago
Paul,
Since the update list changes as Apple releases each update, the above info is outdated. The current ignore for Safari in the MULTI_SZ is "061-5475". You can disable the current version of iTunes + Quicktime by adding "061-5557".
Dan
Paul R.
· 1 year ago
Dan,
I am still having an issue with Quicktime prompting user to update when they access a .mov file within Internet Explorer.
Any ideas?
Paul
Dan
· 1 year ago
That's not Apple Software Update, that's the built-in mechanism within Quicktime. You need to open up Quicktime, then Preferences. Under Update, untick "Automatically check for new version" and click Apply.
All Comments
HOWEVER! I still think Apple made a bad move with forcing this down...
Just my 2 cents, Dan
"..nothing was forced upon anyone?" Were you born yesterday? Every OS and software out there puts undesirable crap on your pc without your knowledge. Then when someone asks for solutions you whine "I'm Mac and you're Windows ooooh"
It's not "forced" on you, no - but it IS "opt-out" rather than "opt-in", and it's worded in such a manner that the average user thinks it's a "system update". In a corporate environment, where security is paramount - this is not acceptable, and Apple is doing no favours to any corporate customer by not delivering a decent disabling mechanism
And for the record, my two home machines are both Mac's.
imagine if MS released IE8 under a different name than "Internet Explorer" and their Office updater on the Mac popped up to update the Office software but along for the ride came this unheard of product to the user and in the process removed Safari, FF, Opera or even Camino as the default browser. think Apple, and their followers, would stand for anything less than Ballmer's head on a platter?
DUH!!! Then JUST SAY NO!!
In my company the rules are simple: If you don't know, ASK. If you don't recognize the sender/domain of an email, don't open it. If you don't know what some update/software is or where it came from, JUST SAY NO! You can always get that update again.
But I forgot, we can't be personally responsible for anything today, just have to find someone else to blame.
It's all good and well for techno-literate people to come to this blog and rant on about how lazy or stupid people are but seriously, this is NOT "everyday people" area of expertise. The likelyhood is, you, work in the IT industry or acquire your knowledge through IT as a hobby. Professional staff in a company - the likes of accountants, architects, secretaries etc - are employed for their skill-set which, although probably involves a level of IT knowledge (ie, email, spreadsheet etc), does NOT require them to know what a "Safari" is and whether it should be updated (mislabelled; should be installed) or not.
It's the responsibility of the IT department to protect the data of the company, which often includes Software deployment, machine lockdown, and patch / update management. As an IT professional, my beef is that Apple expect you to use a Software Update service (much the same as Windows Update), with absolutely no level of control as to what is deployed, apart from a Yes / No - Install or Dont. Larger companies will have the resources to cut out the ASU service, and manually push out say, Quicktime every time there's a new release. Smaller companies don't have the same reasources, so they are likely to use the ASU service for patch management of Quicktime and maybe other products.
Every time a new update gets released, the user just clicks Ok to install it. After a while, they get used to just clicking Ok on this update dialog box that appears, and do it without thinking. And suddenly one morning, all of your staff have a new web browser as the default, they're bookmarks are nowhere in sight, they're being redirected from the company Intranet page, and they're already exposed to 2 security vulnerabilities (see blog update above).
Seriously, can you *honestly* argue with this? It DOES happen, and there's a hierarchy of blame that can be attributed; but at the top of the chain sits Apple, who gave no way of easily disabling updates, or no advanced notification that this was coming - both of which Microsoft gives with Windows Update, WSUS (corporate Patch Management) and security bulletins given well in advance of monthly patching.
THAT is why I made the above blog post. So that there IS a way of disabling Safari from being installed. I don't dislike Apple - I own 2 Macs, an iPhone, an iPod and an Apple TV. I think their products are amazing. Regardless, I strongly disagree with they way they've handled the Safari deployment and see it as a sneaky method of gaining a large share of the browser market in a short period of time, which puts the average, non-technical, computer user at risk.
Rant over.
I haven't tested it but if they stop getting Safari updates you may make things worse in the future.
I'm hopeful though, that Apple will update the ASU service to provide better lockdown capabilities for corporate environments - preferrably before the next Safari update.
Dan
"Whatever"? That is completely ignorant, and offensive. I gave you a solid argument and rather than counter with anything constructive or challenging, you dismiss everything I've said - which indicates that you won't listen to reason.
As I said, this blog post is specifically for people who need a mechanism to disable ASU. Please, don't turn this into an MS/Apple war.
Thank you Dan, for going through the trouble to find this for all of out here in Microsoft land. You have saved me many hours of pain.
[HKEY_CURRENT_USER\Software\Apple Computer Inc.\Apple Software Update]
not:
[HKEY_CURRENT_USER\Software\Apple Inc.\Apple Software Update]
Can you confirm that your original posting is correct?
Because, like you, I'm thinking of the responsibility of us desktop managers to protect the integrity of the equipment we support, so we're about to push this solution out to all our users. I want to be sure I have it correct.
Incidentally, it seems that the update codes DO change, as shown by the recent iTunes and Quicktime updates. To exclude Safari (up to 3.1) and iTunes (up to 7.6.2) but keep Quicktime updates, the following reghack works:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Apple Inc.\Apple Software Update]
"Update_Ignore_List"=hex(7):30,00,36,00,31,00,2d,00,34,00,35,00,31,00,36,00,00,\
00,30,00,36,00,31,00,2d,00,34,00,32,00,37,00,30,00,00,00,30,00,36,00,31,00,\
2d,00,34,00,34,00,37,00,38,00,00,00,30,00,36,00,31,00,2d,00,34,00,35,00,38,\
00,38,00,00,00,00,00
On my Vista box the reg key is [HKEY_CURRENT_USER\Software\Apple Computer Inc.\Apple Software Update] with a value of 061-3352.
Cheers
Also, I agree that this is rather sneaky. It's like the cellphone people at the mall that always offer you a cellphone. A saying I like comes into play here. "Don't call us, we'll call you." I don't know about you guys, but I don't like to be bugged to install software that I don't want or need, without asking for it. And no, I'm not a Windows fanboy, because IE's Silverlight pissed me off just as much, and there's seemingly no way to remove that update. So in this case, Apple at least gives you an option. Microsoft, as usual, is just doing more rights restricting. That's besides the point.
I got the iTunes software as it gives me what I need. I expected it to work a certain way. There's an implied agreement between User and Developer, "I use your program, you keep it working how I expect it to."
I enjoyed just being able to click 'Update!' with confidence and it would update Quicktime and iTunes - fixing bugs, security holes, etc. without doing something I didn't expect it to do. Then what do I find? Safari's on my computer! Apple violated my trust that their software would work as expected.
Yes, it's an easy problem to fix. But trust is so much than that.
To disallow Apple Software Update in Group Policy:
- Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules
- Right-click or Action > New Path Rule...
- Path: C:\Program Files\Apple Software Update
- Security Level: Disallowed
This would prevent Apple Software Update from running, regardless of whether the user installed it, or what version was installed.
Eric S.
Santa Rosa, CA
My users are allowed to install iTunes, and I need to have a way to update it without allowing Safari and especially Bonjour which I absolutely don't want.
Simply installing quicktime will plague a computer with constant dialog boxes attempting to force itunes, safari and whatever else apple thinks they can shove down users throats with no visible way to disable it.
Done? Heck no. I found I had installed iTunes as well. For what? I hate the thing. So I un-installed that too, re-installed the Quicktime alternative and left it.
Now, I found that Apple's Updater wanted me to re-update/install not only Quicktime, but iTunes and Safari as well. What a way to rope in new customers. Will I ever trust and buy from Aplle?
Well done!
AndyB
How about Add/Remove Programs and uninstall Apple Software Update? Or uncheck the setting when installing Quicktime!
@!@
/
Wow Life is easy,
Drew
Piss on Uncompatible APPLE
I for 1 believe that most if not all commercial browsers are nothing more than a bunch of hacking info gatherers, and defiantly "all" OS's are like governments controlling there users instead of their users controlling the systems they create.
I long for the time when garbage in garbage out was the norm, and when you wanted to update software you did it manually...
My solution - dump iTunes. It's crap anyway, cumbersome, and you can't load podcasts from other than your own PC.
Winamp, baby. That's the ticket.
The Safari debacle is just one more reason to dislike Apple.
Does the .REG file listed above disable Quicktime update? I need to stop Quicktime update for ALL users.
Since the update list changes as Apple releases each update, the above info is outdated. The current ignore for Safari in the MULTI_SZ is "061-5475". You can disable the current version of iTunes + Quicktime by adding "061-5557".
Dan
I am still having an issue with Quicktime prompting user to update when they access a .mov file within Internet Explorer.
Any ideas?
Paul
Then you need to copy and deploy the file:
For Vista machines:
C:\Users\<username>\AppData\LocalLow\Apple Computer\QuickTime\QuickTime.qtp
For XP machines (I think):
C:\Documents And Settings\Local Settings\Application Data\Apple Computer\QuickTime\QuickTime.qtp
This will prevent the update check from happening on the other machines.
Dan</username>