Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: incrediBILL
Microsoft urges Windows users to shun 'carpet bombing' Safari [theregister.co.uk]
Microsoft's security team is advising users to stop using Apple's Safari browser pending investigation into a quirk that allows miscreants to litter their desktop with hundreds of executable files.
Windows users who visit a booby-trapped site with Safari could be forced to download and execute malicious files with no prompting, Microsoft says. The "blended threat" is a result of the default download location in Safari and the way the Windows desktop handles executable files.
This Microsoft advisory [microsoft.com] suggests users "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple."
Apple agreed that it might be good if Safari actually checked with the user before downloading potentially vicious files, but signaled that kind of addition wasn't much of a priority.
"Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," someone from Apple's security team told Dhanjani. "We want to set your expectations that this could take quite a while, if it ever gets incorporated."
The prompting of users for all possible things will only result in the user clicking next on those annoying messages anyway, so it's a moot poitn to even add more of those prompts.
Hmm. vista is full of those anoying prompts it appears, so perhaps that's why I'm not using it.
Oh right, because when a competing browser starts to gain in market share [marketshare.hitslink.com], Microsoft's first course of action is a FUD campaign.
"Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," someone from Apple's security team
Whoever stated this should be called someone from "Apple's LACK of Security Team".
People don't expect malicious files to just appear on their desktop and allowing your software to do such a thing is so wrong, Apple needs to be smacked.
Allowing anything to download files automatically is a huge risk, especially if it dumps them on the desktop. The odds of accidentally launching the file when trying to delete it are pretty substantial for the less than computer savvy, not to mention the curiosity factor of wanting to see what it is.
Most viruses spread because people are stupid and do stupid things so when you give stupid software to stupid people expect even more stupidity to ensue.
I'm moving my Safari installations into a Virtual PC until this blows over.
Not sure why you would use Safari on a PC except to test your web sites to see how they would work on a Mac, and if you don't trust your own sites...
[edited by: incrediBILL at 4:30 pm (utc) on June 2, 2008]
Text file link that downloads, not displays? [webmasterworld.com]
Only use Safari to test, as mentioned. (Rather like the Network Timeline on the developer toolbar.)
Just checked apple's page, they claim Safari is faster to load pages than Firefox. Is that true?
I think that's questionable. To be honest, in the pages I've tried, I've not noticed much of a difference. The good thing about Safari on Win (for most here I guess) is that it looks the same as on the Mac, scrollbars, dialog boxes, ...everything. It's good for testing. Although IMO the font smoothing is excessive - the text is 'fuzzy'! (I'm sure the text is cleaner on the Mac?!)
a discussion about using a Virtual PC
was split off into its own thread:
[edited by: tedster at 12:34 pm (utc) on June 22, 2008]