« Yahoo Faces New Suit From Chinese Dissidents | Main | Google Zen: The Answerless Answer »

March 3, 2008

Is Safari Less Secure?

Securosis does a little followup on last week's tidbit from PayPal's CISO, who recommended its users avoid Safari:

"Now, let’s look at Safari. The truth is, based on talking with security researchers. that IE7 on Vista is more fundamentally secure than Safari. I’m not sure about Firefox, but suspect it is also probably more fundamentally secure. But that almost doesn’t matter- the real world risk, today, of using Safari is extremely low. That could change instantly, at any given time, and probably will, but until then I feel comfortable using it for most of my browsing needs.

"A bigger hole with Mac (or PC) browsing is QuickTime, which is in the midst of some rough times from a security perspective. But QuickTime runs in any browser, not just Safari.

"My overall take? Most users don’t understand or care about anti-phishing notifications built into their browsers. Safari does lack security features available in competitors, and has had a few vulnerabilities this year, but real-world risk is low for now. Support for extended validation certificates is a nice to have feature, but probably won’t improve Safari security for the average user in any material way.

"Not that we shouldn’t keep the pressure on Apple to keep strengthening the OS and browser, but I’d prefer they put more effort into sandboxing and other anti-exploitation defenses than little green borders when I visit someone willing to cough up an insane amount of cash to Verisign."

Several weeks ago, when Charlie Schluting tested DNS Advantage and its anti-phishing services, he was glad to have Firefox's blacklist as backup when DNS Advantage failed to stop 150 (out of 150) attempts to load known malicious sites.

I wobble between Firefox and Safari for day-to-day use, myself ... Firefox when I want to do some Web scripting and need Firefox's excellent Web developer tools, Safari for most day-to-day stuff. But I guess I rely on OpenDNS to catch any malicious stuff I might come across. And I'm a raving paranoiac about opening links from mails, even when I'm pretty sure they're legit.

(Link)

E-mail   0 Comments    Digg This    add to del.icio.us

Posted by mhall at 2:23 PM | Add Comment

Leave a comment











Type the characters you see in the picture above.

 




JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers