Tuesday, June 12, 2007 11:37 AM codingsanity

Safari on Windows

There's quite a funny joke going around: apparently Apple are releasing Safari for Windows. This is a browser so unpopular that most Mac users appear to prefer using FireFox instead. Somehow Apple think it's going to coax from IE those users (like me) who were uncoaxed by the much more impressive FireFox. Just for jollies, it appears that Safari may be a major security risk, with Aviv Raff finding a potentially exploitable memory bug using a tool he wrote, Errata Security managed to find 6 bugs in one afternoon, one of which they were able to weaponize. Thor Larholm has created a means of remote executing any code he desires, in a mere 2 hours.

As Aviv points out, have a look at point 12 on the Safari download page. Just claiming that something is designed for security doesn't actually make it so.

Too often I hear people claim that the reason Macs are more secure than Windows has nothing to do with the larger community of attackers in Windows. Well, those chickens are coming home to roost in a big way. Welcome to the big leagues Apple, writing secure software is hard.

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Filed under: ,

Comments

# re: Safari on Windows

Tuesday, June 12, 2007 12:31 PM by Matt

I feel I should remind you that this is a beta release; also that Safari has been on MacOSX for quite a while now and has proved to be pretty secure. It's only now that it's on Windows that its full of holes!

I say don't adopt it just yet (stick with Firefox) but watch the space. Just look at what iTunes on Windows has done to the music management application space!

# re: Safari on Windows

Tuesday, June 12, 2007 12:59 PM by codingsanity

Fair enough I guess. I must admit to more than a touch of schadenfreude though.

But keep in mind, that unlike Safari, iTunes was popular on the Mac. Most Mac users DO NOT use Safari.

# re: Safari on Windows

Tuesday, June 12, 2007 1:09 PM by craig

I only used a Mac for a few days, and it took only a few minutes of using Safari to make me rush off and download FF..

# re: Safari on Windows

Tuesday, June 12, 2007 4:33 PM by Matthijs van der Vleuten

I may not be the average Mac user, but I actually prefer Safari over Firefox, or even Camino. Firefox just doesn't feel right in Mac OS X. I agree about the lack of addons, but that's (for me at least) the only issue with Safari.

# re: Safari on Windows

Tuesday, June 12, 2007 5:58 PM by codingsanity

Maybe it's people who are used to IE/FF that don't like Safari? Everyone I know who has got a Mac after using Windows/Linux has switched away from Safari, but a fair percentage of the always-used-Mac crowd still use it.

In any case, I believe that Safari has <50% market share on the Mac.

# re: Safari on Windows

Tuesday, June 12, 2007 6:12 PM by codingsanity

Apple are reaping a whirlwind they themselves started. The created an antagonistic relationship with security researchers, and now it's payback time. Read here for more information (blogs.zdnet.com/Ou).

What's amusing is that the security researcher from Errata Security who found 6 bugs and published them in his blog rather than contact Apple about them is none other than that David Maynor.

His dislosure policy states " If a vendor answers a vulnerability disclosure with marketing and spin attempts, we no longer report vulnerabilities to that vendor", which is fair enough, and explains the lack of sympathy for Apple.

Like Microsoft, Apple will have to learn to play nice with the security researchers if it wants to improve it's product. Microsoft learnt this the hard way, one wonders if Apple will, or whether they'll be bright enough to learn from others mistakes.

# re: Safari on Windows

Wednesday, June 13, 2007 8:03 PM by Scot Hacker

I wonder  two  things:

1) How  many of  the security issues in Safari 3 have to do with new  code (i.e. issues that pertain equally to  the Mac and Win 3.0 versions), and  that might not be present in Safari  2/Mac).

2) How many of the issues being found in the Win  version pertain to it  running  on Windows, and might  not  be issues at  all when running on OS X.

# re: Safari on Windows

Thursday, June 14, 2007 7:30 AM by David Robarts

I'm a Mac user and always have been, but I prefer Camino because it has proven to work beter for me than Safari has while remaining a consistent as a Mac application. I'm still running Panther, so I'm a bit behind. When I upgrade to Leopard I plan to try Safari anew (unless security issues keep me away). I think Jobs should have been honest about the true reason for Safari on Windows - to support iPhone development - that's the only thing that makes sense. I didn't like how in the Keynote Jobs showed charts with Safari eating up the non-IE market share.

# re: Safari on Windows

Thursday, June 14, 2007 8:29 AM by codingsanity

Scot, from what I understand, at least one of the vulnerabilities had been traced back to the OSX version.

# re: Safari on Windows

Wednesday, June 27, 2007 1:33 PM by zeepee

In my opinion, although only moments after first switching on my mac for the first time i must admit that i was downloading   firefox to give me some familiarity to my previous windows firefox. However, after a few weeks on firefox it feels exactly the same as windows, which doesnt say much for firefox since i upgraded to a mac with a higher ram, and loading times were the same. This made me at least explore safari, and i encourage people to do the same, and the differences between safari and firefox loading times will have you at least considering it...  im still considering a camino conversion perhaps, any advice?