So is Safari Safe?
May 22nd, 2008We know that Mac users stand little or no chance of being infected with malware, at least with Mac OS X so far. In the days of the Classic Mac OS, there were several dozen viruses of various levels of severity, but few that would cause anywhere near the havoc of a typical Windows outbreak.
However, with Apple now gaining huge chunks of market share, and working hard to promote its default browser, Safari, on the Windows platform, you have to wonder whether that’s a safe move or if there’s potential trouble afoot.
Now it’s fair to say that the ActiveX feature of Internet Explorer is the real culprit for many online infections. Although there are still some misguided souls who program their sites to use Microsoft’s proprietary technology, a growing number of Webmasters appreciate the fact that Internet Explorer is not the beginning and end of the Internet and there are superior options. As Microsoft’s browser share dips below 75%, you can readily see that a company can ill-afford to restrict the also-rans from their content.
I mean, would you want to block 25% of your potential customers because they drove a Chevrolet rather than a Ford?
Into this mix comes Safari, and since the Windows version was finalized, Apple has used a controversial bit of stealth marketing to get people to download a copy. Although it is also offered separately, one fine day, Safari appeared along with the regularly scheduled QuickTime and iTunes updates, using the Windows version of Apple’s Software Update. Since the option to download Safari was already checked for you, I suppose it was natural to assume it was really part of the package.
After an outcry from some critics, including the CEO of Mozilla, which develops Firefox, Apple relented somewhat, and consigned Safari to a specially-crafted “New” category in Software Update. Of course, it was still selected, which means that you’d have to make the tiny effort to uncheck the Safari download not to take it as part of the package. Apple realizes that few Mac and Windows users read those things, so they weren’t losing much in making this concession.
As a Windows browser, Safari is actually quite good. It’s speedy and reasonably stable, although it continues to mimic various elements of the Mac user interface. I suppose it serves Windows users right, though. After all, how many Windows to Mac ports over the years played the same trick on us? The first attempt to deliver a Mac version of WordPerfect years ago failed, because it was not sufficiently Mac-like, and Microsoft’s Mac Business Unit has received an ear-full of complaints when they don’t follow Mac conventions as well as they should.
Now as to Safari: Since it’s not saddled with ActiveX or the interdependencies to the Windows operating system that are found in Microsoft’s applications, it should fare reasonably well. Yes, Apple has to fix security leaks from time to time, but so far at least, they’re not being exploited in the wild. That augers well for Safari, except for one missing piece.
Phishing protection!
You see, other browsers will warn you if you attempt to login to a site that appears to be fraudulent. Safari has no such feature, and shouldn’t that be a major shortcoming?
Well, let’s not forget that the online criminals who engage in phishing scams are using social engineering to entice you to visit a site and give up your personal bank account and/or credit card information. They send you emails hoping to make you believe that they really come from PayPal, Wells Fargo Bank or some other well-known financial institution, letters that say you must click a link to enter a site to fix some sort of security problem.
Now I’m sure all of you know not to fall for such scams. You just ignore the message, and if you’re concerned, you contact your financial institution to confirm that your account hasn’t been compromised. So you shouldn’t need your browser to inform you that a site your visiting may be bogus. Or at least that’s what I believe, although I can’t say that I have the stats on hand of just how many innocent people have their identities compromised by such nefarious activities.
At the same time, it wouldn’t hurt for Apple to have such a feature added to Safari. I doubt that the engineering work would really be so onerous that such a capability has to await another full browser or operating system upgrade.
In the meantime, if you are concerned you might find yourself an unwary victim, you might just configure your Mac or PC to use OpenDNSÂ instead of whatever DNS system your ISP uses now. DNS, short for Domain Name System, is simply a set of computer servers that convert your Web access request from, say, www.apple.com, to the corresponding IP number.
OpenDNS does it better, having a huge cache and a set of servers across the U.S. and in several other countries for redundancy. They also manage PhishTank, the best-known service for monitoring phishing exploits, and that’s part of the package when you use OpenDNS, which is, by the way, free.
So whatever fears you might have about Internet security, certainly Safari shouldn’t be doing anything to keep you from staying safe in your online pursuits.
| Print This Post
I’m not sure exactly what “pfishing protection” amounts to (although I am sure that, whatever it is, it’s no substitution for good old common sense). Maybe it’s something along the lines of blocking situations where a URL embedded in in html code does not match the URL in the text displayed on the user’s screen? In any event I have suspicions that, like virtually all anti-spam schemes in e-mail programs, it is bound to have unintended and unwanted consequences. Once I almost missed a piece of e-mail that was vitally important to me because Mail misidentified it as spam, so I switched off Mail’s anti-spam system. I’m pretty sure that if I had a browser with an anti-pfishing feature, pretty soon I’d discover I wanted to disable that too. In this respect, I vote for keeping Safari exactly as it is.
I’ve been hit by a few Windows viruses over the years, and one Mac virus (worm, actually. The Autostart worm, which appeared sometime around 1997 or 1998, installed a fake print spooler into the classic Mac OS system folder that quietly sat there munching away at your files, slowly rendering the data on your hard drive useless while at the same time copying itself to any disks connected to your Mac, including floppies. My PowerBook got infected when a friend in my reserve unit gave me a document on an infected floppy, and my Power Mac got infected when I connected the PowerBook in SCSI disk mode.
Windows malware infections were far more numerous, but none were anywhere near as destructive or hard to trace. Windows malware cost me time, but the Autostart worm destroyed data, and since it infested my external drives (my backup solution), there ended up being a number of files that were simply gone forever.
These days I feel a lot safer using OS X that Windows, but I have no illusions that any operating system, browser, or anything else will be 100% safe.
That’s why I periodically check my Spam folder to make sure there are no mistakes. We use Google Apps here for our company and personal mail (which allows you to use your domain rather than just Gmail in the address) and we rarely run into any difficulties with mistakes. Maybe a few a week at the most.
Peace,
Gene
I am a frequent reader of your blog and just wanted to inform you that I really like your articles.