Safari-gate Continued: Disabling Apple’s Second Update for Windows

I’m unamused by Apple‘s desire to push Safari 3.1 down the throats of Windows users. I, too, was surprised by Apple’s move. While in Europe a week and a half ago we were trying to fix a friend’s computer that was badly infected with viruses and malware. When we finally got everything cleaned up Apple Software Update wanted to install Safari 3.1. I searched the hard drive, registry, and other places to see if we missed a phantom Safari install somewhere but couldn’t find it anywhere. After an exhaustive search, we all gave up and figured it would be more productive to head out for dinner. Had I known Apple was dubiously sending out updates then we could have saved ourselves a lot of time–unfortunately the blogosphere hadn’t picked up on the issue at that point. Anyway, the fundamental issues have been discussed elsewhere ad infinitum. My opinion is that Apple needs to change its software update model so that new products are opt-in while currently installed products are opt-out.

Playing the role of the family IT guy can be quite difficult and I’ve set up each machine I “remotely administer” such that updates are done automatically. Apple Software Update was on my safe list until Safari-gate. Now its a matter of making sure Apple doesn’t get Safari 3.1 installed on any machines especially because of the exploits being found in the browser. I’m not very happy with Apple and they have yet to pull the updates so a permanent solution is necessary that still allows iTunes updates.

Dan over at dcunningham.net has done some great investigative work and found registry keys that can be used to ignore updates pushed by Apple Software Update. His solution is to block updates via Product ID in a REG_MULTI_SZ key named Update_Ignore_List. Unfortunately, this is a temporary measure. The first Apple Safari 3.1 update was labeled 061-4516. A second update is now showing with a label of 061-4588.

This key below should work to block all known Safari 3.1 updates as of April 1, 2008:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Apple Inc.\Apple Software Update]
“Update_Ignore_List”=hex(7):30,00,36,00,31,00,2d,00,34,00,35,00,31,00,36,00,00,\
00,30,00,36,00,31,00,2d,00,34,00,35,00,38,00,38,00,00,00,00,00

Because Apple could push more updates at any time this necessitates removing Apple Software Update from the scheduled tasks folder on Windows until a more permanent solution is found.

In one last interesting twist from Apple, it seems like there is no way (known to me) to block updates machine-wide. Granted this could be a Windows installation issue on my end but I’m severely doubting Apple at the moment. In Dan’s solution above the blocking is done in the HKEY_CURRENT_USER (HKCU) hive not HKEY_LOCAL_MACHINE (HKLM). If I replicate the Update_Ignore_List key in HKLM for a machine-wide block while deleting the key in HKCU, then Apple Software Update still shows Safari 3.1 in the update list. Maybe I’m doing something wrong? Only further testing will tell.

This is the key I’m using if you want to test it yourself:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Apple Inc.\Apple Software Update]
“Update_Ignore_List”=hex(7):30,00,36,00,31,00,2d,00,34,00,35,00,31,00,36,00,00,\
00,30,00,36,00,31,00,2d,00,34,00,35,00,38,00,38,00,00,00,00,00

Popularity: 3% [?]

April 1, 2008 | Filed Under Tech/Gadgets 

Comments

Leave a Reply




*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word