Safari For windows

Apple Safari has created a buzz among various other web browsers like Firefox, Internet Explorer and Opera. After much hype a threat has been detected. Talking about its security, if you think that your computer is all safe and sound after using Safari then you could be mistaken. A “carpet bombing flaw” has been detected on the computers of Safari users. Read more

One of the most popular points that Mac fans bring up when pointing out how much better Macs are than Windows computers is how much more secure Macs are.  However, when Apple released the Safari browser for Windows testers quickly realized that the browser was anything but more secure than Internet Explorer 7.  This is especially troubling since Apple touted the Safari browser on its web page as being “secure from day one.”

Researchers downloaded and began playing with Safari on Windows almost the minute that it was released.  One researcher in particular, Thor Larholm, found a URL protocol handler injection vulnerability that allows commands to be executed remotely.  This was found less than two hours after installation.  Larholm was quick to note that Safari doesn’t handle URL validation in iframes like it should, which allows programs to manipulate protocol handlers in unpredictable manners. 

David Maynor of Errata Security also found bugs as well – six of them, he claims.  Of these six, four are DoS and two are remote code execution bugs.  Additionally, he claims multiple crashes just from idle use and especially from importing bookmarks into the browser, a feature that many, if not most, users will almost definitely use, at least upon initial installation.

While it seems to be lax on security, Safari is simply too stringent on some issues.  For instance, Safari simply will not allow open a website with expired or unsigned SSL certificates.  While this keeps users safe, it can be extremely frustrating when the user is familiar with the site and wishes to continue.  Firefox is much more clever in handling expired or unsigned SSL certificates in that it gives the user a choice of whether or not to continue by enabling a warning to pop up.  Safari users would just be forced to use another browser, probably Firefox. 

In its defense, Apple has been diligent in releasing updates for the Safari browser but not all claimed exploits have been thoroughly patched.  This may be due to the fact that many people that actively search out these exploits give feedback to the companies whose software they test.  This is particularly true of David Maynor.  Maynor has vehemently stated that Apple has chosen to attack his credibility instead of fixing crucial security exploits in his previous attempts to point them out to the company to be fixed.

Apple will hopefully address all of the concerns with their new browser as it is clear that they cannot rely on hackers to simply target Internet Explorer just because it is a more popular web browser these days – particularly if they want to enable their fans to continue the argument that Macs are more secure.

Microsoft Windows!

Although apple is happily touting the security of its new browser, the bad news are hitting hard.

Several first day vulnerabilities have already been discovered, amongst them memory errors and even code execution exploits.  Yes, that means someone could use a website to execute code on your computer.

This sheds a bad light on the application and we can just hope that Apple will adress those issues as soon as possible.

Right now, Firefox still seems to be the most secure browser out there.