Safari Will Be a Security Risk on Windows
Reports of new security holes in the just-released Safari browser for Windows keep dropping like, well, apples from a tree. I'm sure this comes as no surprise to you, but I wonder if Apple wishes it had chosen a less prideful statement about their program than this one from the beta download page:
Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one.
Riight. The programmers may have wanted to create a carefree browser that didn't have to worry about Web attacks, but security bugs discovered yesterday, the day the beta released, and today just confirm that using Safari won't magically bring along Mac OS's relative lack of concern about the never-ending attacks and viruses that target Windows. Safari represents a security risk for Windows, just like every other Windows browser.
How much of a risk has yet to be seen. It of course depends not only on how well designed the program is, but on how many people use it. But using a less-popular browser doesn't automatically mean you'll fly under the radar - do-it-yourself attack kits allow for loading up one malicious page with multiple attacks that can hit a range of browsers.
So if you decide to use Apple's browser, you'll still need your hard-won critical eye for suspicious sites, downloads and links. Along with your willingness to apply patches and close the inevitable holes.
PC World's Marketplace
PC World's Free Whitepapers
tech news tech blogs community & forums laptop prices software reviews downloads
First, Safari doesn't support ActiveX, which is the source for most Explorer hacks. Accordingly, one can assume Safari is safer (as opposed to perfect) because it doesn't run those god awful scripts.
Second, Apple's Canwest Hack was a Java exploit using Quicktime. Moreover, a user had to visit an infected website for the hack to work. It doesn't even work anymore, as it has been patched.
Third, the hack found yesterday is laughable. The guy says he is a Safari research expert. Accordingly, we can assume he is pretty familiar with the workings of Safari. So it is not like a guy without any particular knowledge of Safari hacked it. Moreover, he isn't even sure if the hack is exploitable.
On the other hand, I can point you to about a thousand Interent Explorer hacks that are in the wild and exploitable. How many Safari hacks are in the wild and exploitable? I will answer that for you: none.
It's interesting, however, that with all the so-called security researchers out there who are annoyed with Apple that they haven't been able to develop any truly affective malware for Mac OSX. The argument has always been that Apple is only safe because of its small market share. But this article seems to prove that a lot of top researcher are targeting Apple every chance they get because of Apple's perceived arrogance, yet they only seem to be able to ding Apple's image, not really dent it. Perhaps with time they'll find some huge flaw in OSX that seriously tarnishes Apple's image, but finding bugs in a beta browser is far from hitting a real home run. Until then, I think they're actually making Apple's case for them (i.e., pissed off hackers can't find "critical" flaws in Apples' OS.)
It's not about how buggy is the software - big or small, the software will always have bugs. Always. Every software does. Programmers cannot create the perfect software.
It's the fact that how Apple makes it out that Safari, even on Beta stage, has come from iGod himself. It is a ludicrous statement and it's good that these people have found hole to wipe the smug smile off Apple users who claim that their OS is nothing but perfection.
Oh, and to donstacey42, there is malware for the mac: http://www.zdnet.com.au/news/security/soa/Destructive-OS-X-malware-spies-on-Apple-users/0,130061744,139164062,00.htm
it's just that not many people use MacOSX compared to Windows. If it was used as much as Windows, or even more, it would be picked to pieces just the same.