Network News

X My Profile
View More Activity

Security Updates, But at What Cost?

Apple has released a new version of its QuickTime media player software that includes some security and bug fixes. This update is for Mac OS X users, and does not appear to apply to the Windows versions of Quicktime.

The QuickTime vulnerabilities at issue aren't really all that interesting or easy to explain, but the new version -- 7.0.1 -- appears to be an important update. If you're using an older version, take a second to visit Apple's site and install the update. Mac OS X users also can update via the Software Update preferences menu.

Any of you loyal readers out there using the paid version of QuickTime -- QuickTime Pro -- would be wise to read the following disclaimer from Apple about this update:

"Installation of QuickTime 7 will disable the QuickTime Pro functionality in prior versions of QuickTime. If you proceed with this installation, you must purchase a new QuickTime 7 Pro key to regain QuickTime Pro functionality. After installation, visit www.apple.com/quicktime to purchase a QuickTime 7 Pro key."

The QuickTime Pro issue brings to mind my father-in-law (whom you'll recall was featured in a blog post last week) because he purchases so much software and frequently has questions or gripes about updates. In one recent case, his beef was with with Yahoo's Musicmatch music player software. A few months earlier he'd purchased the "plus" version of Musicmatch and was later prompted to update the installation to fix a few security flaws and application bugs. But when he went to install the updates, he was greeted with the following message:

"The Plus upgrade key you are currently using is not valid with Musicmatch Jukebox 10.0. Click on the 'Purchase 10.0 Plus' button to obtain your new 10.0 upgrade key. If you choose to install 10.0 basic, you will no longer have access to the great features and enhancements available in Musicmatch Jukebox Plus."

I can't recall if he actually sucked it up and paid another $19.99, but am I alone in wondering whether this is a good business practice from a security perspective? I mean, sure, you could argue that hackers will never get around to exploiting this particular QuickTime glitch or that Musicmatch flaw, but that seems to me less a question of "if" it will happen than "when." I understand that the new versions include "great features and enhancements," but that smacks of companies using the threat of security flaws in their software to get people to pay for updates to the latest version. Oh wait, Microsoft has been doing that for years now.

What do you think, readers? Use the comments section below, or drop me an e-mail.

By Brian Krebs  |  June 1, 2005; 12:29 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Security Updates, But at What Cost?
Next: Security Updates, But at What Cost?

Comments

Well, on my system (10.3.9), installing the 7.0.1 patch did not affect my registration for 7.0 Pro ... it appears it is as it was.

Posted by: tlmurray | June 1, 2005 2:39 PM | Report abuse

Reading the text over again, they are referring to a registration of 6 Pro or earlier ... installing 7.0.1 will kill your registration. But moving from 6 to 7 always involved a new registration anyway, so it is not as though the 7.0.1 upgrade (a) acts differently than 6 to 7, and (b) affects 7 Pro.

Posted by: tlmurray | June 1, 2005 2:42 PM | Report abuse

You're right this is total crap. It's just one more example of companies pushing you to buy as much as possible as soon as possible, regardless of if it's necessary as not. And Apple has been in a downward spiral recently with the latest versions of its software not being that great.

Posted by: Alex | June 1, 2005 5:29 PM | Report abuse

Couldn't agree with you more. It's dishonest to force users to pay for an "ugrade" under the guise of security. If Apple was in charge of restrooms they would charge for toilet paper.

Posted by: M Venable | June 1, 2005 7:25 PM | Report abuse

IMHO, this is nothing short of online blackmail (e-blackmail). What makes this different than the con artists who install malware on your machine and then force you to pay $19.99 to remove it? I stopped using MusicMatch specifically due to this unethical behavior. In fact, when I purchase new machines I remove any vestige of MusicMatch that I can find.

Posted by: Bernard | June 2, 2005 10:51 AM | Report abuse

A question to the complainers: If you had QT6, were you "offered" the 7.0.1 update via the Software Update tool? I ask because, again, the upgrade from 6 to 7 was always a paid upgrade. But I can see the complaint if you are offered the upgrade via Software Update, because it's one of those things where users typically don't read the various messages ... they just start clicking buttons to get it done.

Posted by: tlmurray | June 2, 2005 11:03 AM | Report abuse

Mr. Krebs,

Perhaps you should do a little research before you publish your articles. The 7.0.1 patch DOES NOT kill the registration for Quicktime 7.0. The message you refer to is the fact that upgrading FROM Quicktime 6 Pro TO Quicktime 7 Pro does require purchasing a new license.
That's all.

Posted by: Eric Wilson | June 2, 2005 11:03 AM | Report abuse

Well I should have known better, I purchased a Quicktime Pro key on March 25, 2005. The total including taxes was $31.49. I can remember doing a Quicktime Update but I probably didn't read the details. I guess my key was for Quicktime Pro 6 since it no longer works on Quicktime Pro 7. Other vendors often give you a grace period if they release a new version. Don't expect that from Apple. I bought a new G5 in December and just paid for the Tiger OS upgrade which has had more problems than most of the recent Apple releases. I think I will pass on Quick Pro 7 on my 10.4 machine. I'll downgrade a machine to Quicktime 6.

Posted by: ocracokewaves | June 2, 2005 11:07 AM | Report abuse

Great article and I thank you for it. Like your father-in-law, I purchased the $19.95 lifetime update for musicmatch, which is not something I normally do, but at the time I did use it all the time, now I don't and Windows Media Player keeps improving so it will do just fine. You can bet I won't be paying for it again!! These companies will always find some way to rip off the customers and try to get more money from us - well, people need to dump their programs and demand their money back in my opinion.

Posted by: Denise | June 2, 2005 11:15 AM | Report abuse

I think the critical thing here is:
Is the vulnerability in V6? If it is, is there a patch for current owners of V6 Pro? If yes, then no security issue.
OTOH, if the flaw exists in V6 but the only way to get the patch is to upgrade to V7, then that's different.
In the first example you can stick with V6 and still be secure. In the second, they are basically charging you for a ptach to fix a vulnerability in their software. If Microsoft did that they be dragged before a judge.

Posted by: Kenton | June 2, 2005 12:16 PM | Report abuse

This is the reason that I quit paying for Microsoft products years ago.

They want you to pay for updates even when the bugs you think are fixed in the update, aren't! But now it's security bugs instead
of functionality bugs.

Posted by: Mark | June 2, 2005 12:54 PM | Report abuse

I've abandoned Musicmatch for the same reason; they don't even offer a discount on buying the new version if you bought the one right before it. What's worse, EVERY TIME I loaded up the version I paid for, it would pop up a nag box trying to get me to upgrade, and there was no way to disable this. Simply unacceptable.

Posted by: Jake | June 2, 2005 5:09 PM | Report abuse

I have an additional complaint about MusicMatch, which was that whenever I upgraded, I lost the song titles of my ripped music files in Hebrew fonts, which were replaced with "???" marks after the download - the worst part was that MusicMatch could find and download the file names in Hebrew, but wanted money (i.e., an upgrade) in order to do so.

Posted by: Louis | June 2, 2005 6:32 PM | Report abuse

Security upgrade?? Yes I agree that it should be a one time fee for the PRO version and any security upgrades should be free.
Not good business practice. I was about to buy the PRO in version 6 but noticed the warning when 7 came out now I wonder if its worth it if they keep pulling this stunt??

Posted by: Carl | June 2, 2005 10:07 PM | Report abuse

I just purchased Quicktime Pro about 3 weeks ago. I'm running MacOS 10.4 - Tiger and installed the Quicktime 7.0.1 patch. It has NOT had any effect on my Quicktime Pro registration status.

Posted by: rick | June 3, 2005 1:51 AM | Report abuse

The upgrade cost is only for people who were running Quicktime 5 or 6. Those are pre-tiger people who installed quick time 7 separately.

I thought the disclaimer was a little poorly worded. I already have a Pro 7 key and it still made me start.

What was annoying a little bit was that when I bought Tiger (despite getting two free developer copies, I felt I should buy at least one as well because I have that many active macs) I had to upgrade to
Quick Time 7 Pro and didn't get a discount. I had a pro 6 key and I paid for Tiger and I still had to shell out full price for the
upgrade.

That said, it seems like I only have to pay that fee every two years or so, and unless you use Quick Time as a fast and dirty editing tool or you work with PC media files (I do both), I don't think you need QT Pro. But it would have been nice to upgrade at a discount after shelling out for an OS upgrade.

Posted by: Alan | June 3, 2005 9:19 AM | Report abuse

I made the mistake of updating to Quicktime 7.0 last week only to find that I needed to purchase a new "key" to use the Quicktime Pro that I purchased under 8 months ago. I quickly came to the conclusion that Apple's claim of OS superiority because of its low threat of virus attacks was pure hogwash. I'd rather live with the mere "threat" of a
virus attack than an exploitive ploy from a company purporting to act in a consumers best interests.

Posted by: Jesús Lebrón | June 4, 2005 1:28 AM | Report abuse

Whenever any company releases a new (major) version of software, I expect it to be a paid upgrade. So, I see no issue with Apple asking users to pay for a new key for QuickTime Pro 7. However, I agree with some people here that it would be better if current users of QuickTime Pro 6 could at least receive some form of discount off the normal price. That way, people who purchased their QuickTime Pro 6 key only months ago wouldn't feel so ripped off.

By the way, Apple does offer a grace period for free upgrades (I got Tiger (OS 10.4) for only cost of shipping and handling), allbeit a short grace period.

Posted by: MP | June 8, 2005 3:57 PM | Report abuse

Whatever the true meaning of the wording, it's really bad wording. I'm not going to bother to upgrade my QuickTime until if/when I see a "better" update come along. :)

Posted by: John | June 23, 2005 12:29 AM | Report abuse

I had the same problem with Musicmatch. I had purchased a key which was supposed to be for all future upgrades to the product. However, they renigged on their offer when they eliminated that version support. A Bad and illegal practice

Posted by: BGeorge | July 3, 2005 10:23 AM | Report abuse

For those who upgraded and lost their pro key with 7, on the Apple website, you can download and reinstall QT 6 and it will restore your pro standing.
I wish I would have know about losing the pro standing prior to the upgrade, and mini heart attack. However, I've returned to my previous version and all is better.
Just thought I'd let everyone know.

Posted by: QuickSearch | August 24, 2005 4:24 PM | Report abuse

These type of things should be considered when determining which OS to go with. I like the Stability of mac but they have always pulled this kind of thing. When they went from 10.2 to 10.3 the only major upgrade was security fixes. Security upgrades should always be free. To microsofts credit they continued to fix and update security flaws in earlier versions of software for years after a new version of software is released. I love my Mac, but I will likely return to a PC after this computer lifecycles out. I fully understand mac charging for QT pro 7 upgrade, however if there is a security risk in QT 6 they should correct the security risk for at least 5 years after they release the product. At least quicktime is not as bad as the OS. With that you get a new one every year at $150 and all you get is essentially a what Microsoft calls a Service pack and offers for free.

Posted by: Mike | September 7, 2005 5:40 PM | Report abuse

If you want itunes V.5 you have to get Quicktime 7 which means you loose Quicktime pro in the process. Windows or MAC OS. This sucks.

Posted by: gear | September 13, 2005 9:39 AM | Report abuse

I had a similiar problem with Musicmatch but with a twist. They asked if I wanted to upgrade. I selected NO and then the old version of Musicmatch I had was disabled. The only thing you could do was upgrade to version 9. Then when installing the new version they do not give any support unless you get the pay version of the program. They do not tell you how to install but when you extract the program you see that it is loaded into a temp directory in windows where the setup program is located.

Posted by: kthompson | October 23, 2005 12:12 PM | Report abuse

I have had Musicmatch for a long time. And now, suddenly, they have taken away customer and technical service features and Super Tagging, which I find very useful. I paid for Musicmatch Plus years ago, then paid for it again when jumping to version 10. I didn't want to pay twice, but I didn't want to lose features. I also didn't have much of a choice since the program was limiting services and creating pop-up boxes warning me to upgrade. Unbeknown to me I was only signing up for a one-year agreement to Super Tagging and customer service when I re-paid for this product in December, 2004. This practice of forcing "upgrades" and then putting customers on the dole for a new subscription just burns me up. I find it to be irresponsible, unloyal, and backhanded. I also suspect it borders illegality.

Posted by: David M. | December 22, 2005 8:25 PM | Report abuse

Musicmatch sucks. I have the same problem with Musicmatch, and I bought version 10.

As a sneaky condition of some 10.00.something upgrade, they switched the license around to disable Super Tagging unless I renew every year. This is no longer the software I paid for.

If they can't release new versions that are worth the upgrade, they don't deserve any money. Reducing functionality like that is unbelievably dishonest.

Posted by: theo | January 31, 2006 11:12 PM | Report abuse

I guess what I'm slightly confused of, is why no one ever says anything regarding this liscense agreement AND what you should do if you already have a quicktime 7.0.1 in you applications folder. Does this mean that you are an exception to this BS or will there still be a compromise ?(compromise being that you lose pro functionality)

That's my situation. I already have 7, so what do I do ?

Posted by: Cr8Tron | May 30, 2006 12:38 PM | Report abuse

Actually, It's Quicktime 7.0.4 that I already have. Once again, what should I do ? (Does the concern of losing pro functionality even apply to me ?)

Posted by: Cr8Tron | May 30, 2006 12:49 PM | Report abuse

I actually got sucked into the MusicMatch upgrade fiasco last night... "Important FAST Security Update"... wasn't fast to install, and it unplussed my MusicMatch. They will never see another DIME of my money again ever. I'm removing the whole thing from my computer. Windows Media Player has better visualizations anyways.

Posted by: Brian T | June 3, 2006 11:05 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company