Mac Security 101
For Better or For Worse: Safari For Windows
By Kale Feelhaver
Apple surprised all of us at WWDC 2007 by releasing a new version of Safari, v3, which will run on both Mac OS X and Windows. The new version is currently available in beta, and freely downloadable off Apple’s website. A lot of analysts have called it a good thing, while still others have said this move is destined for failure. Personally, I’m not concerned with the pass/fail status of Safari for Windows, but I do have some security concerns.
Everyone knows that Microsoft Internet Explorer is the most exploited web browser on the Internet. Luckily for Mac users, Microsoft discontinued development on the Mac version of Internet Explorer (IE) in June 2003, a few months after Apple released the original public beta of Safari for Mac OS X. They continued to support the application until December of 2005, when Microsoft officially declared it discontinued. The lack of IE on the Mac platform made 100% of IE-based exploits exclusive to Windows. This was good news for Mac users, but it gave all of us a false sense of security. If 99% of all browser exploits are focused at IE… that made Macs immune to 99% of the exploits. This makes the Mac more secure based on the odds, but it does not mean that Safari is truly more secure than IE. Fortunately, many security professionals put Safari through the wringer, and they found that the browser was truly a secure design, which gave it 2 advantages. However, in 2006, the first Safari-focused exploits made their debut on the Internet. These were still tame compared to the thousands of exploits focused at IE, but they did receive a lot of press.
Apple’s release of Safari for Windows brings a stable and fast web browser to PC users and there’s a good chance that it will have a fast adoption rate. In fact, during its first 2 days, Safari for Windows saw over 1,000,000 downloads. This is good news for Apple, but could prove to be bad news for Mac users. Now that Safari is making its way into the Windows community, Safari-based exploits may become more common. There is no way to tell if these exploits will target Safari as an application, or if they’ll target Windows through Safari. Windows-centric exploits should not affect Mac OS X, but if the exploit is targeted specifically at the application… it may be just as dangerous to Mac users.
Being an IT professional (and general computer geek), I downloaded and installed Safari on a Windows system to test it out. My own test results showed that the browser was far faster than any of the other Windows browsers I have tried, but it was also very buggy. I had random crashes and saw a lot of odd behavior that wasn’t seen in IE or Mozilla Firefox. I have not yet downloaded Safari v3 for Mac OS X, but I would assume it is nearly as stable as the current version, which is not the case with the Windows counterpart. At this point it is too early to tell how serious these bugs are, but time will tell.
Now, before you run and change your default browser to Camino, keep in mind that the Firefox browser is essentially the same scenario. There have been exploits that targeted Firefox on all platforms, but most have still been Windows specific. Safari is still a great web browser on the Mac and will continue to be, but Mac users should be aware of the possible exploits that could result from the Windows version. As always, be careful on the Internet, and watch where you click.
