Oh my, looks like someone at Apple should take a public relations course.

Apple agreed that it might be good if Safari actually checked with the user before downloading potentially vicious files, but signaled that kind of addition wasn't much of a priority.

"Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," someone from Apple's security team told Dhanjani. "We want to set your expectations that this could take quite a while, if it ever gets incorporated."

[theregister.co.uk...]

..we are not treating this as a security issue..

So it can just download all of those nifty adware and malware files to my computer, and I don't even know about it?

Sounds cool...

...we are not treating this as a security issue...

Well, But I do! Just de-installed, suckers!

Interesting that Microsoft never urged windows users to avoid Internet Explorer during the long history of exploits affecting that browser, many of which have been much more dangerous than this present one.

Well, they did recommend using it with scripting disabled.
(Brill, eh ?)

Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.

Done.

Jim

interesting. Maybe MS should look at how it allows malware to destroy their operating system.

This shouldn't be an issue on Vista right? I mean, vista is the 'worlds most secure OS', right?

Perhaps MSFT ought to be more interested in their own security failures.

The prompting of users for all possible things will only result in the user clicking next on those annoying messages anyway, so it's a moot poitn to even add more of those prompts.
Hmm. vista is full of those anoying prompts it appears, so perhaps that's why I'm not using it.

"Clicking on all possible things", and having prompts for .exe files is not quite the same thing.

Let's stay on topic.
If you'd like to discuss Vista or other MS OS topics feel free to do it in the appropriate forum [webmasterworld.com].

I'm moving my Safari installations into a Virtual PC until this blows over.

If changing the default download location is enough to completely avoid the problem, why is Microsoft's suggested course of action to "Restrict use of Safari as a web browser?"

Oh right, because when a competing browser starts to gain in market share [marketshare.hitslink.com], Microsoft's first course of action is a FUD campaign.

Why are you using Safari? Is it a good browser? Seems to me like using IE on a Mac, aka there is no point. Just checked apple's page, they claim Safari is faster to load pages than Firefox. Is that true?

"Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads," someone from Apple's security team

Whoever stated this should be called someone from "Apple's LACK of Security Team".

People don't expect malicious files to just appear on their desktop and allowing your software to do such a thing is so wrong, Apple needs to be smacked.

Allowing anything to download files automatically is a huge risk, especially if it dumps them on the desktop. The odds of accidentally launching the file when trying to delete it are pretty substantial for the less than computer savvy, not to mention the curiosity factor of wanting to see what it is.

Most viruses spread because people are stupid and do stupid things so when you give stupid software to stupid people expect even more stupidity to ensue.

Simply amazing.

I'm moving my Safari installations into a Virtual PC until this blows over.

Not sure why you would use Safari on a PC except to test your web sites to see how they would work on a Mac, and if you don't trust your own sites...

[edited by: incrediBILL at 4:30 pm (utc) on June 2, 2008]

Why are you using Safari?

To see how the web pages I create are displayed - only that,

Hhhhmmm, I noticed the other day that when trying to force a download in Safari (Win) it would download immediately, to the location specified in prefs, without first prompting to Open/Save/Cancel as all other browsers do!? Mmmmmm?

Text file link that downloads, not displays? [webmasterworld.com]

Only use Safari to test, as mentioned. (Rather like the Network Timeline on the developer toolbar.)

Why are you using Safari?

Just for testing purposes...just like my virtual PCs. That's where I think I'm going to relegate the rest of Apple's software as well. QuickTime is another gaping security hole.

Just checked apple's page, they claim Safari is faster to load pages than Firefox. Is that true?

I think that's questionable. To be honest, in the pages I've tried, I've not noticed much of a difference. The good thing about Safari on Win (for most here I guess) is that it looks the same as on the Mac, scrollbars, dialog boxes, ...everything. It's good for testing. Although IMO the font smoothing is excessive - the text is 'fuzzy'! (I'm sure the text is cleaner on the Mac?!)

The next question I have is, if you have a firewall, and safari tries to do something it isn't supposed to, wouldn't the firewall protect you?

moderator note:
a discussion about using a Virtual PC
was split off into its own thread:
[webmasterworld.com...]

[edited by: tedster at 12:34 pm (utc) on June 22, 2008]

I think you'll find that in order to use Safari to browse the web, you have to make a firewall rule that allows Safari to take a lot of actions - so you've already compromised a lot of the safety the firewall gives you.

There was an update to safari yesterday. I'm on 3.1.2 now.

@Tedster,

So if you are installing it just for developing purposes, and only view on your own machine, then it should be ok to install it?

Thanks regarding the answer for the firewall question.

I've installed it only to test pages that I created or my clients created. I also changed the default download folder, as recommended above. I have no current interest in doing regular browsing with Safari, or with IE for that matter. So my risk is extremely minute, I think.

I only use firefox for browsing. IE6 is for viewing pages in. I need to get IE7 going somehow. Safari would not be for browsing, and I would follow the advice above as stated for the downloads folder.

Thanks for your reply Tedster, it is appreciated. :)

What's even more annoying is that this weekend, Apple software update on my pc (I have quicktime installed), tried to install Safari on my computer, suggesting that it needed an 'update'.

Yes, those Safari "updates" are very poorly thought out. I've had the same experience, where I update Safari and immediately get told I need to update Safari - and the loop never ends until I just ignore it.