Welcome to WebmasterWorld Guest from 54.146.201.80

Forum Moderators: incrediBILL

Message Too Old, No Replies

Microsoft Urges Windows Users To Avoid Safari

     
4:19 am on Jun 1, 2008 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14487
votes: 49


Microsoft urges Windows users to shun 'carpet bombing' Safari [theregister.co.uk]

Microsoft's security team is advising users to stop using Apple's Safari browser pending investigation into a quirk that allows miscreants to litter their desktop with hundreds of executable files.

Windows users who visit a booby-trapped site with Safari could be forced to download and execute malicious files with no prompting, Microsoft says. The "blended threat" is a result of the default download location in Safari and the way the Windows desktop handles executable files.

This Microsoft advisory [microsoft.com] suggests users "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple."

5:34 am on June 1, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


Oh my, looks like someone at Apple should take a public relations course.

Apple agreed that it might be good if Safari actually checked with the user before downloading potentially vicious files, but signaled that kind of addition wasn't much of a priority.

"Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," someone from Apple's security team told Dhanjani. "We want to set your expectations that this could take quite a while, if it ever gets incorporated."

[theregister.co.uk...]

7:48 am on June 1, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 26, 2004
posts:1392
votes: 0


..we are not treating this as a security issue..

So it can just download all of those nifty adware and malware files to my computer, and I don't even know about it?

Sounds cool...

11:33 am on June 1, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 30, 2003
posts:1067
votes: 0


...we are not treating this as a security issue...

Well, But I do! Just de-installed, suckers!

11:35 am on June 1, 2008 (gmt 0)

Senior Member from MY 

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 1, 2003
posts:4847
votes: 0


Interesting that Microsoft never urged windows users to avoid Internet Explorer during the long history of exploits affecting that browser, many of which have been much more dangerous than this present one.
1:15 pm on June 1, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 15, 2004
posts:2047
votes: 0


Well, they did recommend using it with scripting disabled.
(Brill, eh ?)
1:53 pm on June 1, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.

Done.

Jim

4:01 pm on June 1, 2008 (gmt 0)

New User

5+ Year Member

joined:May 31, 2008
posts:18
votes: 0


interesting. Maybe MS should look at how it allows malware to destroy their operating system.

This shouldn't be an issue on Vista right? I mean, vista is the 'worlds most secure OS', right?

4:49 pm on June 1, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
posts:4783
votes: 0


Perhaps MSFT ought to be more interested in their own security failures.

The prompting of users for all possible things will only result in the user clicking next on those annoying messages anyway, so it's a moot poitn to even add more of those prompts.
Hmm. vista is full of those anoying prompts it appears, so perhaps that's why I'm not using it.

7:26 pm on June 1, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 26, 2004
posts:1392
votes: 0


"Clicking on all possible things", and having prompts for .exe files is not quite the same thing.
9:58 am on June 2, 2008 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14487
votes: 49


Let's stay on topic.
If you'd like to discuss Vista or other MS OS topics feel free to do it in the appropriate forum [webmasterworld.com].

I'm moving my Safari installations into a Virtual PC until this blows over.

1:04 pm on June 2, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 9, 2003
posts:3416
votes: 0


If changing the default download location is enough to completely avoid the problem, why is Microsoft's suggested course of action to "Restrict use of Safari as a web browser?"

Oh right, because when a competing browser starts to gain in market share [marketshare.hitslink.com], Microsoft's first course of action is a FUD campaign.

3:02 pm on June 2, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 11, 2004
posts:582
votes: 0


Why are you using Safari? Is it a good browser? Seems to me like using IE on a Mac, aka there is no point. Just checked apple's page, they claim Safari is faster to load pages than Firefox. Is that true?
4:29 pm on June 2, 2008 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14624
votes: 88


"Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," someone from Apple's security team

Whoever stated this should be called someone from "Apple's LACK of Security Team".

People don't expect malicious files to just appear on their desktop and allowing your software to do such a thing is so wrong, Apple needs to be smacked.

Allowing anything to download files automatically is a huge risk, especially if it dumps them on the desktop. The odds of accidentally launching the file when trying to delete it are pretty substantial for the less than computer savvy, not to mention the curiosity factor of wanting to see what it is.

Most viruses spread because people are stupid and do stupid things so when you give stupid software to stupid people expect even more stupidity to ensue.

Simply amazing.

I'm moving my Safari installations into a Virtual PC until this blows over.

Not sure why you would use Safari on a PC except to test your web sites to see how they would work on a Mac, and if you don't trust your own sites...

[edited by: incrediBILL at 4:30 pm (utc) on June 2, 2008]

8:41 pm on June 2, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


Why are you using Safari?

To see how the web pages I create are displayed - only that,

10:23 pm on June 2, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:July 3, 2006
posts: 3123
votes: 0


Hhhhmmm, I noticed the other day that when trying to force a download in Safari (Win) it would download immediately, to the location specified in prefs, without first prompting to Open/Save/Cancel as all other browsers do!? Mmmmmm?

Text file link that downloads, not displays? [webmasterworld.com]

Only use Safari to test, as mentioned. (Rather like the Network Timeline on the developer toolbar.)

3:54 am on June 3, 2008 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14487
votes: 49


Why are you using Safari?

Just for testing purposes...just like my virtual PCs. That's where I think I'm going to relegate the rest of Apple's software as well. QuickTime is another gaping security hole.
7:12 am on June 3, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:July 3, 2006
posts: 3123
votes: 0


Just checked apple's page, they claim Safari is faster to load pages than Firefox. Is that true?

I think that's questionable. To be honest, in the pages I've tried, I've not noticed much of a difference. The good thing about Safari on Win (for most here I guess) is that it looks the same as on the Mac, scrollbars, dialog boxes, ...everything. It's good for testing. Although IMO the font smoothing is excessive - the text is 'fuzzy'! (I'm sure the text is cleaner on the Mac?!)

12:07 pm on June 20, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 23, 2004
posts: 728
votes: 0


The next question I have is, if you have a firewall, and safari tries to do something it isn't supposed to, wouldn't the firewall protect you?

moderator note:
a discussion about using a Virtual PC
was split off into its own thread:
[webmasterworld.com...]

[edited by: tedster at 12:34 pm (utc) on June 22, 2008]

12:36 pm on June 22, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


I think you'll find that in order to use Safari to browse the web, you have to make a firewall rule that allows Safari to take a lot of actions - so you've already compromised a lot of the safety the firewall gives you.
4:29 pm on June 22, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


There was an update to safari yesterday. I'm on 3.1.2 now.
5:07 pm on June 22, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 23, 2004
posts: 728
votes: 0


@Tedster,

So if you are installing it just for developing purposes, and only view on your own machine, then it should be ok to install it?

Thanks regarding the answer for the firewall question.

5:49 pm on June 22, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


I've installed it only to test pages that I created or my clients created. I also changed the default download folder, as recommended above. I have no current interest in doing regular browsing with Safari, or with IE for that matter. So my risk is extremely minute, I think.
6:30 pm on June 22, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 23, 2004
posts: 728
votes: 0


I only use firefox for browsing. IE6 is for viewing pages in. I need to get IE7 going somehow. Safari would not be for browsing, and I would follow the advice above as stated for the downloads folder.

Thanks for your reply Tedster, it is appreciated. :)

1:32 am on July 6, 2008 (gmt 0)

New User

5+ Year Member

joined:July 5, 2008
posts:1
votes: 0


What's even more annoying is that this weekend, Apple software update on my pc (I have quicktime installed), tried to install Safari on my computer, suggesting that it needed an 'update'.
3:59 am on July 6, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


Yes, those Safari "updates" are very poorly thought out. I've had the same experience, where I update Safari and immediately get told I need to update Safari - and the loop never ends until I just ignore it.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members