A sleazy QuickTime trick
In a perfect world, we’d be able to choose one media player for everything. In the real world, we need two or three media players to handle the mix of incompatible and proprietary formats available on the Web. So, although I don’t use QuickTime often, I keep a copy installed so that I can see video clips on sites that offer only Apple formats.
If you use QuickTime on Windows or a Mac and you haven’t updated it since January 10, you’re at serious risk. But be careful when you go looking for that security update or you may get more than you bargained for.
On January 10, Apple released a critical update for QuickTime designed to fix five separate vulnerabilities, any of which can result in “arbitrary code execution” if you simply view a specially crafted image file (QTIF, GIF, TIFF, or TGA) or a similarly doctored media file. The vulnerability exists on Windows XP, Windows 2000, and Mac OS X. Sounds at least as serious as the WMF exploit that Microsoft was pilloried for, and indeed it is. (It took 71 days for Apple to come up with the patch after this vulnerability was reported, by the way, but that’s a topic for another day.)
Being a security-conscious sort, I checked my version of the QuickTime Player and determined that it was hopelessly out of date. I had version 6.5.1 installed; these vulnerabilities are fixed in version 7.0.4. I tried the Update Software option from the QuickTime Player menu, but when it finished its quick download and installation I was only at version 6.5.2, and it told me I was completely up to date. So I headed over to Apple’s QuickTime site and was greeted with this page:
I’ve circled the two areas of interest on this page. See that big blue Free Download Now button? That’s what most people will click. I almost did, until I noticed the wording at the top of the page: “QuickTime 7 with iTunes 6.” I don’t want iTunes! But I need that security update. Maybe I should read the security bulletin again. Oh, dear. Right there at the bottom, it has the bad news:
APPLE-SA-2006-01-10 QuickTime 7.0.4:
For Mac OS X v10.3.9 or later
The download file is named: “QuickTimeInstallerX.dmg”
Its SHA-1 digest is: a605fc27d85b4c6b59ebbbc84ef553b37aa8fbcaFor Windows 2000/XP
The download file is named: “iTunesSetup.exe”
Its SHA-1 digest is: 1f7d1942fec2c3c205079916dc47b254e508de4e
Well, that’s odd. If I own a Mac, I can just get the QuickTime installer, but because I use Windows I have to install iTunes? Doesn’t seem right.
Hey, what’s that tiny link at the bottom of the QuickTime downloads page? The one that reads QuickTime Standalone Installer? Clicking that link from Internet Explorer installs the QuickTime ActiveX control. Clicking it from Firefox downloads a file called … QuickTimeInstaller.exe. No iTunes required. (Update: The QuickTime ActiveX control only loads in IE if it’s not already installed. The download link leads to the QuickTime installer, regardless of browser.)
This is a crappy way to do business, Apple. The security bulletin should reference the QuickTime installer, not just the iTunes setup file that happens to include the QuickTime Player. And if someone comes to your site looking for a critical security update, don’t push extra software on them.
Years ago, Real used to pull this same crap with their RealPlayer. When you visited the download page, you were steered into the trial version of Real’s subscription-based software, and it took a treasure map and a Sherpa to find the tiny link to the free player. It took a few thousand complaints, but Real finally wised up. Go to Real.com now and you’ll see two buttons of equal size: one offers a 14-day trial of its premium SuperPass product; the other is labeled Free Download. No magnifying glass required.
I never thought I’d say it, but Real is setting the standard when it comes to downloads. Apple, clean up your act.
Update: A visitor from Down Under comments that Real.com is up to its old tricks on sites outside the United States. After telling Real.com that I’m from Australia, I can see what he’s talking about. As a point of reference, here’s what the main U.S. page looks like:
I USED to be able to find the link for the stand alone version of Quicktime… Thank you for finding it for me again. I’ve just been getting the itunes version, installing the whole thing (because it WON’T let you do a customize install of ONLY quicktime), then going into add & remove and removing iTunes. Because I don’t WANT freaking iTunes. Realplayer I gave up on long ago went with Real Alternative and use Mediaplayer Classic to view realplayer files and feeds… hm… I wonder if it can handle quicktime files also… I’ll have to play and see.
Apple’s business practices are getting nastier all the time. I agree with you that while I might HAVE to have QuickTime for this or that reason, I certainly have no need of iTunes. I use Real Rhapsody and get everything I need from that and my Creative Labs MP3 player. BTW, anyone interested in seeing that Mad TV “Apple iPad” skit should visit my web site where I link to a transcript as well as a streaming video version: http://mikesalsbury.com/mambo/content/view/380/
What is also galling is that after getting itunes without realising it, when I tried to have a look at it I was told itunes was not available in my region. It still kept pestering me however until I figured out how to get rid of it.
Another minor annoyance is the checkbox to get Quicktime out of the system tray is under the Advanced tab. You think they’re hiding it?
A quick google search for “quicktime standalone” and you will get a link to http://www.apple.com/quicktime/download/standalone.html which is what you really want
I use both Mac and WinXP, and I have to say I am against the bundling of these two pieces of software, though for a different reason than that listed here. I like both iTunes AND Quicktime, but it seems stupid to me for them to be bundled together. iTunes used to load much more quickly than it does now because now it’s bloated with Quicktime. I don’t understand why they couldn’t have left well enough alone and kept them separate. Hopefully if enough people complain to Apple, they’ll reconsider this policy.
It seems like a lot of PC users are beginning to feel what it has felt like to be a Mac user for quite some time, like since the beginning.
It’s interesting that the only people to comment here are “yessers” for Ed Bott’s quite skewed perspective…
Do you actually have a comment to leave, Nate, or do you want to just stick with innuendo?
::cough:: http://www.free-codecs.com/ ::/cough::
I own a mac and a PC, and I have seen these kind of tricks from all sorts of developers. They’re not going away, although I think Ed for bringing this particular example to our attention.
It’s ironic. I just wanted to get iTunes without Quicktime, as, every time I reinstall Quicktime, I go through a mess of a time trying to keep it from taking over my web browser. This wouldn’t be so bad if Quicktime 7 ripped out the ability to ‘save as file’ so that, if I click a link to a multimedia file, I have to either listen to it in the Quicktime plugin, back up a page, right click on the like and only THEN be able to ‘save as file’; or I have to pay $30 bucks to do something that every version of Quicktime has done before, up until now…
And don’t even get me started on the fullscreen option for watching videos (it’s not free anymore, either).
So put me in the minority that’s trying to get away from quicktime…
First of all once again I would like to say thanks to Apple to let me live different experience and not be a part of “Windows people” anymore.
It obvious that for some its difficult to understand simple things, like why QT is a part of iTunes for windows and not for Mac. If you want to answer yours self so get the Mac and see, owise here is the SECRET:
iTunes and iTunes music store have features like movie trailers, which obviously requires QT that is why its bundled, to allow the whole package work the way it should. You say why its not bundled for Mac? Because all Mac have QT pre-installed this is default player.
So enjoy your “last year” Longhorn, Vista, Whatever window and best regards to Mr. Gates.
I agree: ‘Totally’ sleazy on Apple’s part. Too bad I didn’t read this before I got sucked in to it. I had a ‘bitch’ (read that Apple) a real bitch of a time getting iTunes ‘off’ my computer and had to take QuickTime down with it. I also used CCleaner (free, highly recommended) to remove the last sputtering, clingy vestiges of both off of my computer. I read your article and thanks to you found the very ‘muted’ link to the standalone download. Apple and all others who think this is the way to go to get your software numbers up, think again. I will think twice about any Apple product, I don’t care how good it is.
QuickTime 7.1 standalone is available at http://www.apple.com/quicktime/download/standalone.html
The main download site no longer offers the choice of the standalone version.
What the hell, this guy work for real.com? Both Realplayer and quicktime proprietary formats SUCK. Use WMP or winamp which support AVI, MPG, etc, and ditch the secondary players.
I have never really worried about this, I just install it all and remove iTunes without ever running it.
I’ve never had the slightest problem uninstalling it, although I have never ever run it.
SIR,
I don’t make a habit of adding to ‘comments’ sections, but I’ve been riding the edge of a perfect 10 day and feel the need to tip my hat to one of the thousands of faceless computer chaps who generates gleanings in cyberspace.
I’d just like to thank Ed Bott for saving me some time and pointing out the not-at-first-obvious link to the standalone player and the update debacle which I wouldn’t have known about otherwise. You popped right up in the top 10 on my GOOGLing the unwanted ITunes ‘feature’.
The ease at which one can find and exchange info on the web still amazes me to this day. I still remember the dark era of 029′s, ‘Big Iron’ and TSO.
Sincerely,
Bob Paine
As a long time Mac user forced to live in a PC world (I use & own BOTH), I find it funny to read more flaming crap about Apple. Do you HAVE to use Quicktime? No. But remember that it’s thanks to Apple that the video revolution started on the computer & web — even amid attempts by Microsoft to squelch it in favor of WMP.
Is Apple perfect? Not even close. And they are trying to finesse users into d/l-ing iTunes to increase their market share; but isn’t this just them finally taking pages from the Microsoft marketing playbook to increase their dominance when/where they can? There are alternatives, as have been pointed out. Do some research before putting crap on your computer (anyone remember the old RTFM mantra IT handed out in the old days?).
A young friend who has a laptop PC demonstrated to me why he prefers Quicktime. Compared with the Windoze software, it gave a better picture AND better sound. If this die-hard Mac user was surprised.
I had the same problem with the release of QuckTime 7. I had iTunes on my PC until I realized that I wanted no part of any DRM crap, and would never, EVER download music again. I removed iTunes and updated QuickTime with the standalone link and haven’t looked back. Frankly, I want no part of i-ANYTHING ever again, be it Apple, Microsoft, or whatever.
Now that I’ve had my rant, I’m going to go relax and play some LPs on my bedroom stereo. Ain’t nobody gonna deny me THAT!
Larry