I already knew that Safari on Windows sucks, but there's more:
http://news.zdnet.co.uk/security/0,1000000189,39372605,00.htm
Quote'Highly critical' flaws found in Safari for Windows
Two security flaws have been found in the Windows version of Apple's Safari browser, which was released just over a week ago.
An address-bar spoofing flaw was discovered by Argentinian researcher Juan Pablo Lopez Yacubian, who reported it to the Danish security company Secunia on Monday. He also reported a second vulnerability involving memory corruption, although Secunia has not yet established whether or not this flaw is exploitable. Even so, Secunia has classified the vulnerabilities as "highly critical".
"The one vulnerability is a classic spoofing vulnerability which will allow the attacker to make the Safari user believe he is on a different site than he actually is, which makes it easier to steal information from that user," Secunia's chief technology officer, Thomas Kristensen, told ZDNet.co.uk on Wednesday.
"As for the other one... we are still investigating that one," Kristensen added. "It is a memory-corruption vulnerability and we haven't proven yet that it can be exploited but, if it can, then it would be possible for a malicious site to execute keyloggers or other malicious code."
Kristensen said that Apple's controversial tactic of pushing out Safari for Windows as an opt-out "update" to existing iTunes users would be "getting [the browser] more users", but stressed that he "[did] not think the user base for Safari on Windows is big enough for anyone to want to exploit this right now".
"None of those [vulnerabilities] can be exploited if you don't actively use Safari to visit a malicious website," Kristensen said, while confirming that the security flaws have not yet been patched by Apple.
Apple had not responded to a request for comment at the time of writing.
Wait... I thought Apple products were perfect?
And to think that Apple updater (which I have for iTunes) tried to get me to download that yesterday... HA!
/me sticks to Firefox.
No software is perfect...
But I do think it's dirty of Apple to put Safari Installs into iTunes updates.
ok, i'll take the bait....
i will say that ALL browsers are vulnerable to attacks... firefox included.
secondly, safari is still the fastest loading browser, much faster at rendering than firefox... its also one of the most standards compliant as well...
in any case, i'm not saying you should use safari on windows, but its kinda annoying that you make a point to post this... yeah, its a big deal because everyone already knows the other browsers suck, but because its an apple product, its gotta be brought up.
oh well, thats my world
Quote from: jedifunk on March 27, 2008, 10:19:11 AM
in any case, i'm not saying you should use safari on windows, but its kinda annoying that you make a point to post this... yeah, its a big deal because everyone already knows the other browsers suck, but because its an apple product, its gotta be brought up.
oh well, thats my world
You're annoyed but, if I had taken your advice (retroactively?) and was already running Safari, I'd kinda want to know about the bugs.
Quote from: mattstick on March 27, 2008, 10:16:11 AM
No software is perfect...
But I do think it's dirty of Apple to put Safari Installs into iTunes updates.
No doubt that nothing is perfect... especially running on a windows platform. (Though my 'new' Latitude D810 that I've just setup as my new DAW is bullet proof.)
I def. think it's dirty of them to push their products like that.
i'm only annoyed because a point has to be made because its apple...
i'd have to review every post i've made, but i'm pretty sure i've never said they were perfect....
but i guess i'd rather have this situation than for everyone to simply expect that apple products suck like they do for anything having to do with windows.
Quote from: jedifunk on March 27, 2008, 01:38:39 PM
i'm only annoyed because a point has to be made because its apple...
i'd have to review every post i've made, but i'm pretty sure i've never said they were perfect....
but i guess i'd rather have this situation than for everyone to simply expect that apple products suck like they do for anything having to do with windows.
I don't know that anyone is simply saying "Apple Sucks" I think the point is that it's a dirty practice to insert their (unwanted)product in a music player update without telling anyone what they're getting. Thats all.
umm, well, gee... if you're actually paying attention to what you install on your computer then you wouldn't install it if you didn't want it...
i'm not defending apple on this one... i don't think its necessary for them to push safari on windows users... but given that it seems to be a completely acceptable practice in the industry, and consider ms does it all the time, i think apple didn't do anything wrong... or more wrong that anyone else.... now do i think they should hold themselves to a higher standard? absolutely, since they usually do...
and personally, i don't see why safari for windows is a big deal to them... its a free browser, and they make nothing on it (or little to nothing)
Quote from: jedifunk on March 27, 2008, 03:34:43 PM
umm, well, gee... if you're actually paying attention to what you install on your computer then you wouldn't install it if you didn't want it...
i'm not defending apple on this one... i don't think its necessary for them to push safari on windows users... but given that it seems to be a completely acceptable practice in the industry, and consider ms does it all the time, i think apple didn't do anything wrong... or more wrong that anyone else.... now do i think they should hold themselves to a higher standard? absolutely, since they usually do...
and personally, i don't see why safari for windows is a big deal to them... its a free browser, and they make nothing on it (or little to nothing)
Uh, hold up.
I was paying attention to my computer and I didn't install it. but why oh why would I as a person who never has installed it get a notification in Apple Update (an automated service, not one that I kicked off) that there was a new version and did i want to download it?
Bad practice, that's why.
Microsoft has just suffered one of the largest regulatory settlements in history over the way they foist IE on people... this isn't quite as bad but it's the same kind of crap. Bait & switch...
again... i agree with you. i guess my point was that apparently apple decided that since "everyone else was doing it" that it was ok for them
and again, i dont condone that... and i DO hold apple to a higher standard.
At first I thought I'd write the response, "meh". Then I didn't even waste the time. But I'd like to jump in with yet another opinion because the topic has gone past just some "highly critical" :jerking off: bugs.
As for the software being in iTunes, to apple, this is a test of the system for software distribution with something free until it starts being used with the iPhone etc. While at first I didn't like that it was there, it's easy to understand why. Apple wants the public to get into their apps and the way they look. They hurt themselves with a few people (like some of you that are posting here), and for most it's just another window in windows to dismiss. But they help themselves by exposing more people to their style. They're cocky enough to think everyone's going to love it. I like the idea of distributing lots of apple software through iTunes, and controlling updates in there too. You've got to start somewhere. iTunes is a good place to start, and it allows windows users the mac experience.
Remember too, iTunes is somewhat bastardized for the peecee, and it's no wonder that non-applers dislike Apple's attempt to push their software like that. But for me, an apple user that the iTunes app was designed for, anything having to do with safari was totally transparent.
rj,
I'm curious, was it just when you installed it that it asked you if you want a "new" version of Safari or does it ask whenever there's a new version? If it's just the once, then I find it totally reasonable... Like hey, you like iTunes? Do you want to try out Safari? If it's on every version, that should at least be able to be turned off the first time you see the message. Like "do not remind me again".
Apple Updater runs and it offers you an install of Safari, an update to iTunes and a QuickTime update I think.
You have to un-check Safari if you don't want to install it.
No.
Apple Update regularly checks for updates to Quicktime and iTunes which I've run for a little while.
It didn't find anything for those two. What it did find was an opportunity to stick and advertisement in my face.
No matter who does it; it's lame. But seriously, I expect better from Apple.
Quote from: rowjimmy on March 27, 2008, 10:42:37 PM
No matter who does it; it's lame. But seriously, I expect better from Apple.
agreed... i certainly expect more from apple
1. I am browser geek and I was hoping for a decent version of Safari on Windoze. Got it offered through the QuickTime updater and decided to do some digging before I ''OK"ed it. Glad I did so.
2. As for the rants the Apple should know (and do) better, I concur.
And for the record: I have been using using Firefox since ... 0.71. I think.
Firefox 3 is gonna kill... I've been playing with the betas and the heat turned up.
Quote from: rowjimmy on March 28, 2008, 01:16:26 PM
Firefox 3 is gonna kill... I've been playing with the betas and the heat turned up.
Yup, hope they do something about CPU usage though.
The betas that I've tested are notably easier on my RAM.
so I just got a message from Apple telling me it's time to update Itunes.
There is also and Apple update for windows - no mention of safari. Says it's recommended and includes general fixes that improve reliability etc.
Should I trust them? I used to, until this thread
Once you update iTunes, I believe it'll ask if you want to "update" Safari. It won't install without you hitting OK in a window that says install safari explicitly.
thanks
It's funny, but of course Safari is vulnerable on Windows. While all software is flawed, Windows DLL structure makes it more so and Safari must use this structure creating inherit flaws.
Now for Safari on Windows, I only have the beta right now, but it is sloooowwww. On a Mac it is the fastest, unfortunately they are still working on getting the windows port up to speed.
The browser war is really interesting. If most people are using your browser you now have a captive audience for ads, content delivery, whatever. Plus, I really like this browser, what else do they make. I'll use their default search engine and they will make more money of the top links which pay them for click throughs. There is a ton of money to be made in the browser war.