Fixing Apple’s Software Update

April 25th, 2008 admin

From AppleInsider

Following complaints about Apple’s Software Update, see here, Apple redesigned it. The new version separates updates to applications from new products. There are toggles for each software product, so one can ignore selected updates, such as Safari. There is also another option for turning off automatic software defaults. Here are screenshots from AppleInsider.

I think this is a much need improvement for clarifying exactly what can and is going to be updated.

Posted in Applications | No Comments »

Exploiting Defaults: The Case of Apple’s Software Update

April 15th, 2008 admin

People often defer to defaults. Developers can take advantage of this behavior. In March 2008, Apple’s Software Update tool included a default for installing Safari.

A succinct explanation of the issues can be found by John Lily, the CEO of Mozilla

The problem here is that it lists Safari for getting an update — and has the “Install” box checked by default — even if you haven’t ever installed Safari on your PC.

That’s a problem because of the dynamic I described above — by and large, all software makers are trying to get users to trust us on updates, and so the likely behavior here is for users to just click “Install 2 items,” which means that they’ve now installed a completely new piece of software, quite possibly completely unintentionally. Apple has made it incredibly easy — the default, even — for users to install ride along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices.

It’s wrong because it undermines the trust that we’re all trying to build with users. Because it means that an update isn’t just an update, but is maybe something more. Because it ultimately undermines the safety of users on the web by eroding that relationship. It’s a bad practice and should stop.

John Gruber points out that this controversy could have been avoided if the checkbox for Safari were off by default.

Photo from CNET

Posted in Applications | No Comments »

How Defaults Affect a Variety of Issues (with Limewire Example)

March 13th, 2008 admin

In an article in the Notre Dame Law Review, we have a section on how defaults affect a variety of issues. This post reprints this section with screenshots.

The first default setting in Limewire sets the upload bandwidth default to 100%. This setting promotes using all of the computer’s available bandwidth for file sharing.

Another default setting sets the program to automatically connect to the network when the application starts up. This ensures that file sharing starts immediately.

A third default setting treats users with fast computers and Internet connections as an “ultrapeer.” An “ultrapeer” helps other users download faster, but demands a greater load on the user’s computer.

All three of these default settings are used to promote file sharing. However, these are not the only defaults in Limewire. Limewire uses default settings for filtering search results by specific words, adult content, or file types. This setting affects free speech, essentially censoring certain Websites from its users.

Other default settings define the community of file sharers. Limewire has a default setting to share files only with people who are sharing files. Users can set the minimum number of files an uploader has to share. This feature defines the community’s boundaries. It can exclude “freeloaders” or people sharing only a few files. Limewire sets the default to one file and, thus, effectively allows everyone (including “free-loaders”) to share files.

Finally, there is a default affecting social communication determining whether the chat feature is on or off.

Limewire’s use of defaults demonstrates how defaults can affect a wide variety of issues. As a matter of policy, defaults are good for a number of reasons. First, defaults provide users with agency. Users have a choice in the matter: They can go with the default option or choose another setting. Second, a default setting guides the user by providing a recommendation. However, there may be situations where users do not need or should not have options. We discuss these situations in more detail later, but the key point is sometimes we do not want to give a user choices.

Posted in Applications | No Comments »

Defaults in Wi-Fi Access Points

March 7th, 2008 admin

Recently, Christian and I published an article on the role of defaults in wireless access points (APs) (a free draft is also available). The paper examines defaults for encryption, ssid, and channel number. In this post, I want to highlight a key finding on the the role of the default for encryption.

For consumer APs, such as Linksys, we found an encryption usage of 23% overall. In contrast, for 2Wire, we found an encryption usage of 96%. As we point out in the paper, the explanation for this difference is largely due to the default setting.

Here are the relevant screenshots:

If the goal is to encourage the use of encryption to secure APs, then the default should be set to enable encryption. Another approach, which is less powerful (but cheaper from the vendor’s perspective) is to use labels and improve configuration software to encourage the use of encryption. California followed this approach with the “Wi Fi User Protection Act”, which had the support of the wireless industry. The law states that:

manufacturers of any device that “includes an integrated and enabled wireless access point… for use in small office, home office, or residential settings… [must] include a warning advising the consumer how to protect his or her wireless network connection, a warning sticker, or provide other protection that, among other things, requires affirmative action by the consumer prior to use of the device.” [Wi Fi Planet]

Posted in Wireless Access Points | No Comments »

IE 8’s Default Settings Will Comply With Web Standards

March 6th, 2008 admin

[From Microsoft Says IE 8’s Default Settings Will Comply With Web Standards — Microsoft]

The next version of Internet Explorer (IE) will comply with web standards by default. This is a shift, because IE 8’s initial setting was an IE 7 compatibility mode. Web sites that wish to use IE 7 compatible mode will now have to insert a meta tag. (More technical details here)

This change in default setting is of enormous importance to web designers, because it can reduce the need to develop an IE specific web design. The new default will encourage the use of web sites based on open standards versus an IE compatibility mode. Microsoft noted that this move should remove any potential legal or regulatory issues.

Here is Microsoft’s explanation in a press release.

“Our initial plan had been to use IE7-compatible behavior as the default setting for IE8, to minimize potential impact on the world’s existing Web sites. We have now decided to make our most current standards-based mode the default in IE8.“This is obviously a complex issue, with important considerations on both sides,” Ozzie said. “On one hand, there are literally billions of Web pages designed to render on previous browser versions, including many sites that are no longer actively managed. On the other hand, there is a concrete benefit to Web designers if all vendors give priority to interoperability around commonly accepted standards as they evolve. After weighing these very legitimate concerns, we have decided to give top priority to support for these new Web standards.

Posted in Web Browsers | No Comments »

Firewall in Windows XP SP2

March 6th, 2008 admin

[From Windows XP SP2s Firewall Will Be in Your Face]
The first version of Windows XP had the firewall turned off by default. Windows Service Pack 2 changed several defaults, including the default for the Internet Connection Firewall. This changed recognized that users don’t understand firewalls and it is best if the firewall is turned on for most users. The image below shows the new settings in Windows Service Pack 2.

Posted in Operating Systems | No Comments »