Archive for April 15, 2016

Friday, April 15, 2016

Apple Stops Patching QuickTime for Windows Despite 2 Active Vulnerabilities

Apple:

If you no longer need QuickTime 7, here’s how to remove it from your PC.

They don’t say why you might want to do this, though.

Juli Clover:

The Department of Homeland Security’s U.S. Computer Emergency Readiness Team today issued an alert recommending Windows users with QuickTime installed uninstall the software as new vulnerabilities have been discovered that Apple does not plan to patch.

Christopher Budd:

First, Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.

Second, our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.

Dan Goodin:

The retirement of QuickTime for Windows has been in the planning stages for at least a few months, and possibly much longer. Apple has never supported QuickTime for Windows 8 or 10, although some users found ways to work around the restriction. What’s more, the January update removed the browser plugin for QuickTime, making it impossible for video on websites to seamlessly play in a user’s browser. As a result, there’s little chance QuickTime vulnerabilities could be harnessed into a drive-by download exploit. Instead, exploits would have to rely on social engineering that convinces a user to download a video and open it in QuickTime.

Even so, Apple officials should have shown the courtesy to tell Windows users QuickTime was no longer receiving security updates, rather than leaving it to Trend Micro.

Rosyna Keller:

As for Adobe apps needing QuickTime on Windows, there’s also irony there. All indications were that Apple didn’t tell Adobe until everyone else found out. The same thing happened when Apple announced during a Carbon WWDC session that 64-bit HIToolbox was cancelled. This was the first time Adobe or anyone else learned about the cancellation.

Apparently, Lightroom 6 for Windows relies on QuickTime.

Update (2016-04-16): Nick Heer:

It’s easy enough to uninstall QuickTime, but a surprising number of programs on Windows list it as a dependency, including GoPro Studio and Cubase to run, and Premiere Pro, After Effects, and Traktor for various features.

Pierre Lebeaupin:

As far as users go, the average user now has a number of alternatives, starting with VLC, but there are a number of people working on Windows in media and media-related industries who will miss having a reference media player on their machine (iTunes’ just not the same thing). However, software developers who were still building against the QuickTime SDK and relying on QuickTime being installed on Windows should have seen it coming for some time: the writing has been on the wall for QuickTime for Windows since QuickTime X in 2009, when there was no corresponding update on the Windows side, which stayed on QuickTime 7.

Update (2016-04-19): Adobe (via Rosyna Keller):

Adobe has worked extensively on removing dependencies on QuickTime in its professional video, audio and digital imaging applications and native decoding of many .mov formats is available today (including uncompressed, DV, IMX, MPEG2, XDCAM, h264, JPEG, DNxHD, DNxHR, ProRes, AVCI and Cineform). Native export support is also possible for DV and Cineform in .mov wrappers.

Unfortunately, there are some codecs which remain dependent on QuickTime being installed on Windows, most notably Apple ProRes. We know how common this format is in many worfklows, and we continue to work hard to improve this situation, but have no estimated timeframe for native decode currently.

Update (2016-05-26): David McGavran:

Today we’re pleased to announce that Adobe has been able to accelerate work that was already in progress to support native reading of ProRes. This new capability is fully licensed and certified by Apple, and barring any unforeseen issues during pre-release, these fixes will be included into an update to the relevant products in Creative Cloud shortly.

Additionally, we are planning on adding native export support to .mov wrapped files of DNxHD and DNxHR. This shows our commitment to the DNxHD/DNxHR codecs. This support augments our currently supported import of DNxHD and DNxHR in .mov and .mxf and native export in .mxf. Similarly, in an effort to allow as many legacy files to be supported as possible we will also be supporting the reading of AAC Audio and PNG Compressed frames and the reading/writing of Animation frames.

When these fixes are released most Windows users will have a seamless workflow for virtually all popular codecs even with QuickTime removed from the computer; however, we do anticipate that some older, less used legacy formats may not be directly supported and therefore no longer be accessible. Users may need to find a method of transcoding their legacy media.

Paid App Store Search

Adam Satariano and Alex Webb:

Among the ideas being pursued, Apple is considering paid search, a Google-like model in which companies would pay to have their app shown at the top of search results based on what a customer is seeking. For instance, a game developer could pay to have its program shown when somebody looks for “football game,” “word puzzle” or “blackjack.”

Paid search, which Google turned into a multibillion-dollar business, would give Apple a new way to make money from the App Store.

John Gruber:

This sounds like a terrible idea. The one and only thing Apple should do with App Store search is make it more accurate. They don’t need to squeeze any more money from it. More accurate, reliable App Store search would help users and help good developers. It’s downright embarrassing that App Store search is still so bad. Google web search is better for searching Apple’s App Store than the App Store’s built-in search. That’s the problem Apple needs to address.

Daniel Jalkut:

Putting aside the fact that such a move seems un-Apple-like, I don’t see how it would benefit Apple, either.

[…]

Allowing third parties to pay for placement in the App Store would not contribute to Apple’s justifications for the App Store in any way. Who benefits from such a change? The businesses paying for the placement, presumably. It’s hard to see how paid placement would consistently benefit either Apple or its direct customers. It’s unlikely that paid listings would be used to highlight apps that are in line with Apple’s other goals for the store.

Craig Grannell:

Subramanian is right in one sense: if Apple does this, it will be huge. It’ll be huge in eradicating any sense that the App Store is a meritocracy when it comes to app visibility.

[…]

My bigger concern, though, is paid placement permeating throughout the store, such as on to the entry pages a great many people use to find new apps and games. There, Apple’s ‘curation’ is uneven. I’ve been told by various American friends that ‘Editor’s Choice’ in the US is closer in meaning to ‘this is interesting’ than ‘this is amazing’, but even so, that slot is often filled with garbage, albeit garbage released by companies important to Apple from a revenue standpoint.

Nick Heer:

Apple doesn’t need “a new way to make money from the App Store”. They need a way to get developers to make more money. They need to de-crappify the Store and improve the chances of success for smaller developers.

Paul Jones:

I doubt this is true, because I don’t understand this move at all. Apple makes their biggest margins on selling their hardware, and any potential revenue from App Store pay-to-play will be dwarfed by profits from their products. The App Store needs some work done on discovery, but it’s not to make discovery less egalitarian towards Big Money.

Kirk McElhearn:

Apple has done some dumb things in the company’s history, but this stands out as particularly stupid. Let’s be honest; Apple really doesn’t need the money that they’d be making from paid search placement, and all this will do is make the customer experience worse. It’s already very hard to find anything on the App Store, since Apple is so lenient about clones, and about apps using misleading keywords in their names and descriptions. Adding paid search will turn the App Store into a random morass of crap.

Juli Clover:

Apple is said to have approximately 100 employees working on its App Store project under vice president and former iAd leader Todd Terisi, including engineers who formerly worked on the iAd team. According to sources who spoke to Bloomberg, the search team is relatively new and it is not yet known if and when changes will be introduced to the App Store.

Update (2016-04-16): Andrew Cunningham:

That said, charging for visibility might not actually solve any of those problems. Those with the money to pay Apple’s fees could well be the same big-name app developers whose software already dominates search results and the Top Charts. And making enough money from your app to make paying for search results worthwhile could still be contingent on getting into those Top Charts or onto one of Apple’s curated lists somehow.

Mayur Dhaka:

Apple ran a video at WWDC last year called The App Effect. In it, Apple tries to deliver the message that the App Store is a platform that gives big companies and one-man-shows a level playing field. […] I really hope Apple sees value in fixing the App Store before thinking of ways to squeeze more money out of it.

Michael Rockwell:

There’s just too many downsides associated with charging developers for placement in App Store search results. I would be shocked if Apple made a move like this.

nathanaldensr:

Am I wrong in suggesting that Apple created this problem and is now asking developers to pay to "fix" it? Why wasn’t search already better?

rudedogg:

If I was tasked with creating a system that only benefits those ALREADY doing well in the app store, and hurts indie developers I would come up with exactly what they’re proposing.

devhead:

I would like Apple to fix search before they start asking devs to pay for placement. For such a simple data set, their search features are completely non-existent. Search terms look to need to be pretty close to exact, the search results are artificially limited by some mechanism, no ability to search multiple terms, no ability to create custom lists, no ability to filter based on more than their two or three meaningless filters, etc.

See also: Hacker News.

Update (2016-04-19): Nick Heer:

What concerns me is that this story would have been immediately written-off prior to the introduction of iAd, or even just a few years ago. It is entirely unlike Apple. But recent decisions by Apple — such as the introduction of an interstitial ad displaying to users not subscribed to Apple Music, or the other interstitial ad that displayed on older iPhones after the introduction of the 6S — makes this all the more likely.

Update (2016-04-21): Ben Thompson:

As for the concerns of Apple bloggers that such a scheme will reinforce the tendency of the App Store to ensure the rich get richer, well, I’m sorry to say but there is no evidence that Apple cares. The company has done nothing to help developers with more traditional business models (i.e. not pay-to-play games) monetize; indeed, in a telling twist the team working on this search ad product is the former iAd team, which Steve Jobs himself said existed so that apps could be as cheap as possible. The Occam’s Razor conclusion is that Apple is actually serious about their services business or, perhaps more accurately, hopeful they can offer an alternative narrative to Wall Street alongside what might be a very tough earnings report.

Marco Arment:

Such a system would exacerbate much of the App Store’s dysfunction, disincentivizing improvements to organic search and editorial features while raising the cost of acquiring new customers above what many indie developers and business models can sustain.

[…]

While a good search-ad system could benefit the App Store, customers, and many of us, nothing in Apple’s track record suggests that they’re willing or able to do this well.

But a bad search-ad system, on top of bad search, will only further damage the App Store, funnel more of our already slim margins back into Apple like a massive regressive tax, and erode customers’ confidence in installing new apps.

Update (2016-04-22): John Gruber:

Perhaps comparisons to Google search are a red herring, and the right comparison is to Amazon, and retail co-op. Pay for placement, just like in grocery stores.

[…]

I don’t think it makes sense that it’s a trial balloon from someone in favor of the program. Apple doesn’t care about “warming us up” to changes. They don’t care. I think it makes more sense as a leak from someone opposed to it, and who foresaw that it wouldn’t go over well.

Paul Jones:

The App Store started off indie because of the shared code with Mac and intense developer interest, but I think Apple’s plan has always been to cater to big brands, like Nike, Disney, Bank of America, etc.

[…]

The reason I was wrong about Apple making money on paid search is I was looking at this from my own perspective, that Apple doesn’t stand to make money from me (and people like me) on pay-to-play App Store search results. But from the big brands like Nike, Disney, and Bank of America, etc, Apple absolutely stands to make good money.

Nick Heer:

I know this gets repeated ad nauseum, but it remains true: the App Store is not in good shape. A paid search placement feature dropped overtop the existing infrastructure would likely be a disaster.

Update (2016-04-25): Roopesh Chander:

Actually, ad-like stuff already shows up in App Store search. If you search for “podcast player” right now in the App Store, you get an ad for Apple’s Podcasts app right on top, and the search results below that. (However, I don’t know of any other app that’s promoted this way. Anything else you’ve spotted?)

[…]

I don’t think ads in App Store search can improve the viability of paid-upfront apps being able to sustain themselves.