Let me set the backdrop for you like this... I just loaded a new machine with Windows 7 primarily to continue to use some of the "can't replace" Windows apps ... one of them being iTunes for my iPhone. As far as installations goes, everything went great! I installed the OS first, then my stand-by anti-virus Kaspersky (KAV) 2010... then I went and installed iTunes 9. Everything was solid.
Once I got everything else I needed installed I started to re-load my iTunes library from the ginormous external drive I have ... and still, all was good. Last thing I needed to do was re-download all my podcasts.
Now, let me remind you in case you've somehow managed to forget, how much I value functionality over security. I don't. I think the rate at which outrageously unnecessary functionality wins out over common-sense security is appalling. Moving right along with the story ...
I bought a few songs via iTunes, downloaded them successfully and started rocking out while the podcasts were supposed to download. I read some email ... I "twittered", and read some blogs from my Google reader. I then went back to my iTunes only to find that it had failed at downloading every... single ... podcast. Every single one had failed with an error -3458. Googling the error I couldn't find anything coherent, or relevant beyond iTunes 7 ... even some stuff that recommended I check permissions on folders. But since iTunes had just installed itself on a new machine, and everything else was working - even downloading newly purchased music - I was baffled.
This is where my spidey sense kicked in and I thought ... "hrmm, what if Kaspersky is somehow causing this?" What I did next was turned OFF (paused, as KAV calles it) the anti-virus client and tried downloading the podcasts again. The result? You guessed it ... everything started downloading smoothly.
I was absolutely baffled. Why in the world would downloading regular music work fine, while downloading podcasts fail? Totally baffling. Without digging into a packet sniffer (which I had not yet installed on that machine) I emailed my go-to Kaspersky support guy and Kenneth quickly responded (as he always does ... which makes me wonder if he sleeps?). Anyway ... there was no internal knowledgebase hint at Kaspersky but what he suggested was mind-boggling from a "security oriented person".
Kenneth suggested I configure Kaspersky Antivirus to trust iTunes.exe and iTunesHelper.exe ... for no other reason than "it would probably work". Did it? Yea, sadly this solution works.
Now, we had a longer conversation about what's going on behind the scenes, and apparently it has something to do with the way that iTunes (thanks Apple) is ever-expanding what iTunes actually does on your system ... and something dealing with the way that podcasts are downloaded goes beyond what the normal profile for an application allows ... thus podcasts fail to download unless you explicitly trust iTunes binaries on your machine.
OK, so here's my problem. First ... what the hell is Apple doing with iTunes that requires such a "constantly changing software profile" as Kaspersky support put it?! I would really like to figure out what Apple's doing, and why they feel the need to change the program fingerprint "with every update" ... very interesting indeed.
Now, what has this taught me? Once again boys and girls ... functionality has run amuck. The answer, of course, if you want the cool things that programs like iTunes do ... you have to take away the security controls. I don't know about you but explicitly trusting iTunes makes my skin crawl ... I really wish that there were other alternatives for connecting to the iTunes online store.
I'm mad as hell folks ... mad as hell that functionality, over and over, and over ... continues to win over common-sense security controls. I guess as long as cool widgets are built that even people like me can't seem to live without ... this will remain the status quo and there is no incentive to change.
Have you run into anything like this? Have a feature vs security story to tell? Either leave a comment or catch me on Twitter (@RafalLos) - I want to publish the best one out there!