Network News

X My Profile
View More Activity

It's a Jungle Out There for Apple's Safari

For the second time in less than a week, Apple has shipped updates to correct security holes in the beta version of its Safari Web browser. Patches are available for Windows users who have installed the version of Safari for Windows that Apple released last week. Three out of four of the flaws corrected in this latest update also are present in Safari components included in Mac OS X systems.

Mac OS X users can grab the patches using the Software Update function or via Apple Downloads. Windows users need to run the Apple Software Updates program, which already should be installed on any Windows machines that also have Safari, iTunes or QuickTime.

safari302.jpg

I was asked in a Security Fix Live chat last week whether Safari was more or less safe than Firefox or Internet Explorer 7. I responded that this version of Safari for Windows was still in beta phase. Apple essentially is warning people to expect bugs by inviting users and developers to find security holes in the product. As such, I believe we can expect to see a regular series of these updates over the next couple of months. So, unless you enjoy downloading and installing a new version of the browser each week, perhaps the easiest solution is just to wait until Apple issues a final, more stable and secure version for Windows.

By Brian Krebs  |  June 25, 2007; 4:49 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Red Cross Scam Targets Military Families
Next: Social Networking on Internet Scammer Forums

Comments

Thanks for recognizing that this is beta software. Plus the frameworks that make it run are ports of the Mac OS rendering and drawing system, so their is their first time out in the wild. Balanced article and sound advice.

Javbw

Posted by: Javbw | June 25, 2007 5:25 PM | Report abuse

Safari: iApple + iGoogle = iHappy

Elas 3.0.2

I'll give this one a ride...
Next on the list is all the Pimping extensibility that needs to roll-up for v3.X...

Still hoping for double click "new tab" option, and or, a normal old fashioned "new tab" button...
Oh ya and also a new nightly webkit!


To be continued...

Posted by: RL | June 25, 2007 5:46 PM | Report abuse

Posted by: RL | June 25, 2007 5:48 PM | Report abuse

"I responded that this version of Safari for Windows was still in beta phase"

That is a bit of a cop-out. A public release beta has a higher quality bar than an internal or limited release beta, yet it is clear that Apple in not only inviting users to find security bugs, they are expecting users to do their QA work for them. The bulk of security flaws discovered thus far were discovered with off the shelf security software in a matter of hours and a decent internal QA department should have easily uncovered the vulnerabilities. The web browser is the most popular attack vector into a computer, and beta or not Apple had a responsibility to do at least some minimal security evaluation of a publically available piece of software. That really speaks poorly of a company that continually asserts a better security profile than competitors and it would have been more appropriate to have answered with a flat out "no" rather than a qualified "but it's beta".

Posted by: josh | June 25, 2007 6:15 PM | Report abuse

What people fail to realize is that this is how Apple runs its business normally.

Since OS X is based on open source code, all of their bug-finding and hole-seeking is done by 3rd party groups. Apple always invites people to hack into their stuff so that they can make it better, that's how OS X can boast about its security. Safari for Windows is being released in the same thread. Beta by those who can find all the flaws in it, then fixed and fixed until Jobs feels it's up to his standards and releases it in a final version. As they're releasing it as a free download, it's not like they're getting serious money from people to invest in a private 3rd party tester.

This makes perfect sense for Apple, and I'm sure it'll pay off for them in the end.

Posted by: Stephanie | June 25, 2007 6:41 PM | Report abuse

What many are overlooking are the use of dis-informational techniques on apples part. Yes its beta and yes It will have bugs. Apple is inviting the public ( windows community) to become part of the apple community for the first time. Using the good old help us help you technique.
But in the general publics eyes they will think these security holes are because of Windows related security issues not OSX related. Thus pushing more users to the "Secured" OSX Platform. Which is what Apple really hopes for in the end. Look at Safari on Windows as a tech preview of sorts... Like our features? Enjoy more more of them on a more secured platform like OSX.

Posted by: Bob | June 25, 2007 9:11 PM | Report abuse

I am not giving up Firefox for any browser.

Posted by: Firefox Fan | June 25, 2007 9:24 PM | Report abuse

I have the same concerns Bob expressed. Why would Apple waste time creating a browser for Windows other than an attempt to lure users to their platform? I always looked at it the same way when Microsoft created versions of Internet Explorer for Apple. Firefox is a different animal since it runs on many operating systems other than just Microsoft and Apple.

Posted by: TJ | June 25, 2007 9:40 PM | Report abuse

If you really want something that isn't firefox go for Opera. It's streets ahead of the safari rubbish.

Posted by: Seán | June 25, 2007 10:11 PM | Report abuse

Well, I normally don't try Beta versions, but since I have an Apple computer... Why I realize it's a beta, after using Firefox, Safari simply bores me. I haven't seen a flash ad in years, now with Safari 3.0 that's not the case. How do I turn that off? New is nice, but good functionality - and better documentation - is best. Hmmm... maybe the final version of Safari will be a winner?

For Opera I really don't want an add on browser digging into my Address Book. Too bad that functionality couldn't be turned off.

Posted by: umm.huh | June 25, 2007 10:15 PM | Report abuse

Beta software for Windows? Pffft! In the same article, the author admits that 3 out of the 4 flaws are present in the Mac OS X version too! So it has nothing to do with the underlying OS at all, but rather the application itself... But alas, yes, Apple will still try to spin it positively somehow... like maybe "Safari for Mac OS X has fewer flaws than the Windows version". I agree with one of the previous commenters when I say: "Apple, please at least test the product to *some* extent before publishing an alpha version disguised as a public beta."

Posted by: Jessica | June 25, 2007 11:21 PM | Report abuse

Bob's complaint that Apple is engaging in "dis-informational techniques" is absurd. Of COURSE Apple wants everyone to move from Windows to OS X. Remember the "Switcher" campaign? It could not have been clearer that Apple wants you to drop Windows and switch to OS X. If the public thinks that the Safari security holes are due to Windows, perhaps it is because -- and I don't want to put too fine a point on this -- historically, Windows has had a whole bunch of security holes, while OS X has not. If Bob really wants to see disinformational techniques by the master, he should pick up a copy of the U.S. Government's findings of fact in the anti-trust cases against Microsoft, which describe instance after instance in which Microsoft deliberately changed Windows for the sole purpose of sabotaging a competitor's product by making it appear that the competitor's product was buggy when in fact it was not. Safari crashes on Windows? Hmmm... seems like we've seen THIS trick before -- and in fact, we have: again, and again, and again.

Posted by: Karl | June 25, 2007 11:27 PM | Report abuse

uhm, Apple Inc. is not just a computer company anymore. They make products for computing, other things, and for years they make great software for MS Windows, iTunes and Quicktime.

Expect Apple online services to expand from .Mac and ITMS to web entertainment. Safari for Windows, a free browser, may soon integrate with content in ways we haven't seen, perhaps where iTunes and Safari are one in the same - the web browser that provides and controls your A/V and syncs related appliances.

It's only natural that such a beast might someday be released upon Windows users.

As more people use their web browser and services such as Google Docs instead of other software programs for email, writing, scheduling, chat, etc, it only makes sense for the web browser to eventually absorb local tasks performed by other programs people still use, and vice-versa; in iTunes, you could use ANY web content without switching to a 'different' browser.

Ideally, this would all be integrated into the desktop and not a program you have the option to load or not, unless you turn it off.

There is no one better than Apple Inc. positioned to try all this sooner rather than later.

Posted by: bike mike | June 26, 2007 3:31 AM | Report abuse

To whomever said that the flaws are also found on the OS X version: The OS X version of Safari 3.0.2 is also beta. So of course flaws can be found there as well.

Posted by: Mathieu | June 26, 2007 8:24 AM | Report abuse

jessica, matthieu, apple issued an update to fix two system components in OS X, Webcore and Webkit, that Safari relies upon for libraries. hence, this is also an operating system problem, not just with safari.

see:

http://docs.info.apple.com/article.html?artnum=305759

Posted by: Anonymous | June 26, 2007 9:23 AM | Report abuse

For TJ: I think that Bob Cringley's comments on PBS are spot-on for why Apple went ahead with a win32 Safari offering. The iPhone essentially runs Safari as its web browser, and since the phone isn't fully 3G, it will have very limited bandwidth.

The solution is to use websites that are heavily based upon AJAX and Javascript so less data is transferred to build the interface for the user. Since every browser's javascript compatiblity is slightly different, and Safari is a minor player globally, Apple needs to increase Safari's penetration in order to make sure that most websites' AJAX code actually works with it.

This may seen far-fetched, but as a web application developer, I have seen exactly what he's describing. In fact, when the Windows beta was released, I said to myself (well, I guess it's time to start putting Safari into our regular testing procedures).

Posted by: Chris | June 26, 2007 9:24 AM | Report abuse

TJ said: "I have the same concerns Bob expressed. Why would Apple waste time creating a browser for Windows other than an attempt to lure users to their platform?"

Or they did it to provide Windows developers with a reliable preview of any Web-based apps they want to write for iPhone. Anything you write and look at in Safari will look the same on iPhone.

But in any case, is it so bad for a company to try and steal people away from rivals? Isn't that why I have to pay for Microsoft Office:mac instead of having an Apple-authored (competitive) app suite?


umm.huh said: "...I haven't seen a flash ad in years, now with Safari 3.0 that's not the case. How do I turn that off?..."

While many of the plugins won't work with 3.0b yet, http://www.pimpmysafari.com is a great resource for add-on functionality. I'm sure all the devs are already coding away to make their plugins compliant.

Posted by: BdeRWest | June 26, 2007 11:43 AM | Report abuse

>>perhaps the easiest solution is just to wait until Apple issues a final, more stable and secure version for Windows.

And then, go the rest of the way yourself, if Apple still hasn't.
http://content.zdnet.com/2346-12691_22-88454-1.html

Posted by: Mark Odell | June 26, 2007 12:35 PM | Report abuse

Apple's web site states "Apple engineers designed Safari to be secure from day one."

To date, Apple engineers have demonstrated that they are clueless about Windows software security.

Posted by: TomT | June 26, 2007 12:55 PM | Report abuse

"If the public thinks that the Safari security holes are due to Windows, perhaps it is because -- and I don't want to put too fine a point on this -- historically, Windows has had a whole bunch of security holes, while OS X has not."

Not to put too fine a point on this, but your assertion is bulls!#&. Historically, since the release of XP and OS X, OS X has consistantly had more security holes and a longer time between disclosure and fix than XP. With the release of Vista the disparity is even more exacerbated. To date, since the original business release in November, Vista has hand less than a third of the security vulnerabilities uncovered by third party researchers as had OS X in the SAME time frame, despite many times the number of eyes evaluating the product. Since January Apple has patched 102 vulnerabilities. The last round of patches was the fewest this year, with *only* 17 needing patching in OS X, *only* 5 of them being remote execution exploits, and for the first time this year no vulnerability that was older than 50 days. To be blunt, Apple is in the exact same position as MS was in in 2001 concerning security and they should be held accountable for that. If you use any Apple software you should be screaming at the top of your lungs for them to get their act together because they are jeapordizing your computer. They are being irresponsible, just like MS was half a decade ago. The difference is that MS has worked to rectify that over the past five years while Apple, ignoring the lessons demonstrated by their competitor, continues to be complacent.

Posted by: Josh | June 26, 2007 6:55 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company