Respected consumer advocacy group recommends against using Safari

re: Respected consumer advocacy group recommends against using Safari

Waethorn — Thu, 07 Aug 2008 21:34:54 GMT

"I believe that Apple should disclose exactly which bug fixes are being applied by updates and patches. If they did that, that would go along way in acknowledging the problems and correcting them."

I second that. For a company that relies heavily on open-source software at the core (and for john's claim that they are so "open"), they sure like to keep their secrets hidden behind the BSD license. Luckily there are companies like Secunia, as well as my buddy's firm that acknowledge their flaws for them.

re: Respected consumer advocacy group recommends against using Safari

shark47 — Thu, 07 Aug 2008 21:30:05 GMT

" Again, it's not like they are getting 3.5% of viruses and trojan horses and the rest. So I find that interesting. The mac's "resurgence" has been in the news for years now, so I'm frankly amazed at the lack of a serious, broad attack. There's something there that's not easily explained away by "tiny marketshare"."

Read the book 'The Tipping Point' by Malcolm Gladwell.

re: Respected consumer advocacy group recommends against using Safari

johnpapola — Thu, 07 Aug 2008 21:14:20 GMT

@Sub,

Agreed on all fronts. I think the thing is that OSX did have structural advantages over windows, including the admin password requirement for software installation.

Vista has brought parity, and probably superiority to Windows over OSX... so now it's more about marketshare... though it's hard to deny the dearth of attacks given the visibility of the Mac. Again, it's not like they are getting 3.5% of viruses and trojan horses and the rest. So I find that interesting. The mac's "resurgence" has been in the news for years now, so I'm frankly amazed at the lack of a serious, broad attack. There's something there that's not easily explained away by "tiny marketshare".

re: Respected consumer advocacy group recommends against using Safari

subzerohitman721 — Thu, 07 Aug 2008 20:26:55 GMT

@johnpapola...

Regarding your comments on Apple doing better with communication, I agree. I believe that Apple should disclose exactly which bug fixes are being applied by updates and patches. If they did that, that would go along way in acknowledging the problems and correcting them.

I also agree with you that users must acknowledge that the false sense of security does begin and end with the user. My own user experience has conditioned me to check updates at least once a week. I update my anti-virus every 2 to 3 days. It was this routine that protected my then XP system when Blaster hit back in 03. I think once people have a update and maintenance routine, computing will be a lot more stable. Then we can argue about other things.

Peace.

re: Respected consumer advocacy group recommends against using Safari

johnpapola — Thu, 07 Aug 2008 19:27:48 GMT

@snake and everyone else that's reasonable,

just ignore Waethorn. At some point, he'll tire of posting his apple-bashing garbage into a vacuum. Responding just feeds his obsessive need to stroke his ego with self-declared victories in these discussions.

I've turned over a new leaf in this regard. I'm hoping it will stick.

re: Respected consumer advocacy group recommends against using Safari

Waethorn — Thu, 07 Aug 2008 19:22:58 GMT

"do you come up with this stuff your self or do you have some Word Macro that cranks out this fiction?"

You mean like Mossberg's reviews?

Sorry, but no matter how hard you push those fingers in your ears, it's the absolute truth.

re: Respected consumer advocacy group recommends against using Safari

Snakedoctor1 — Thu, 07 Aug 2008 19:07:21 GMT

@Waethorn do you come up with this stuff your self or do you have some Word Macro that cranks out this fiction?

We cold all post BS about My Vista is fine, My XP never crashes, My Mac has no problems.....BLAH....BLAH...BLAH.....YAWN!

I could find plenty links like this that are pro-Apple based on its security....

www.forbes.com/.../apple-army-hackers-tech-security-cx_ag_1221army.html

And probably the same for Windblows as well.

re: Respected consumer advocacy group recommends against using Safari

Waethorn — Thu, 07 Aug 2008 18:40:51 GMT

"Yeah and he seems to be perfectly fine with discussing things with you..."

Considering that it was about a shared client whos two dedicated networks consist of one of Mac's, running OS X Server (Tiger), and the other consisting of Windows Server 2003 R2 (which I'm currently in charge of), and they completely failed a wire-line penetration test on their Mac network, having been successfully had customer information databases stolen, overwritten, and then deleted by an outside source, I'd say that working together with a buddy of mine already in the security industry wasn't disclosing any unnecessary information. I sure had a laugh about it anyway.

BTW: The client now does quarterly remote penetration tests through my buddy's company. So far, the Windows network hasn't been penetrated. The Mac one failed 4 more tests after the initial incident about a year ago. Both systems have security updates deployed automatically to client machines too.

re: Respected consumer advocacy group recommends against using Safari

tayme — Thu, 07 Aug 2008 17:23:01 GMT

@Snake - Oh, I agree that MS has dragged their feet at times...but recently they have improved security practices greatly. I also know that not too many places use OS X as a DNS Server and that OS X has BIND disabled by default. I was responding to joe-dokes' post, which gave the standard response that would leave one to falsely believe that Apple is "better" at security response than all other OS makers...

--tayme

re: Respected consumer advocacy group recommends against using Safari

Dude1313 — Thu, 07 Aug 2008 17:21:18 GMT

Waethorn said:

"Funny thing is you keep saying this but then offer up no proof other then "My friend says"...."

You obviously know nothing about security firms (obviously), but there's something called an NDA at most of them. Flaws and exploits are not discussed openly in public. Apple follows this example to a tee - in fact, they deny all knowledge of it.

Yeah and he seems to be perfectly fine with discussing things with you... or at the very least it makes convenient fodder for you lack facts backing it up.

re: Respected consumer advocacy group recommends against using Safari

Snakedoctor1 — Thu, 07 Aug 2008 16:38:43 GMT

@tayme,

This all happened a year ago with MS

www.itjungle.com/.../two042507-story02.html

In fact in that case some third party company came out with a patch because MS was dragging its feet. Most people did not go with the 3rd party patch for fear of compatibility problems, and I agree with that.

Apple probably had to do more testing. Also the # of Bind DNS servers running on OS X, exposed to the internet, its probably so low they could have waited a year and not been hit. This would only have probably only affected OS X server running DNS in a DMZ that was open to the internet. Never have even seen this. Usually its cheap Linux box doing this or an appliance. Some all Windows shops will use some low powered Windows box, but I have never seen a OS X DNS server.

re: Respected consumer advocacy group recommends against using Safari

Waethorn — Thu, 07 Aug 2008 14:15:28 GMT

"Funny thing is you keep saying this but then offer up no proof other then "My friend says"...."

re: Respected consumer advocacy group recommends against using Safari

tayme — Thu, 07 Aug 2008 13:40:52 GMT

@joe-dokes - "Could it face serious problems in the future sure, but it probably has the expertise and resources to respond appropriately."

You mean like they did here? www.scmagazineus.com/.../113260

"After waiting since the beginning of July, Apple has put out a patch for the DNS cache poisoning flaw discovered by security researcher Dan Kaminsky.

Cisco, Microsoft, Sun Microsystems and many Linux versions put out a fix for the flaw on July 8, when it was first disclosed. Apple had taken some heat when it did not release its patch then, too.

Andrew Storms, director of security operations for nCircle, said in a blog post that some of the patches for components in Apple's systems are incomplete."

Apple needs to get serious about security and quit assuming that they are invulnerable. As an Apple customer, I have sent an email asking why this took a month longer than any other company and why it is still not fully patched...have any of you?

--tayme

re: Respected consumer advocacy group recommends against using Safari

johnpapola — Thu, 07 Aug 2008 13:14:22 GMT

I think everyone reasonable can agree that Apple needs to do more from a communication standpoint. Those that say it's "impossible" for them don't know the company that well. Apple's Joe Schor, product manager for Aperture is very directly engaged with the community. In fact, all of the pro-apps are. It's a market Apple knows well and has a long relationship with. They just need to realize that being opaque doesn't always serve them elsewhere.

Security starts and stops with the user and having a false sense of security is worse than anything. That's something Apple needs to fight. They are correct that the Mac's track record on attack is superior. Superior by a margin far in excess of their marketshare. It's not like the mac gets 3.5% of all attacks. It gets almost zero. That's not proportional. So they have a reasonable case to bring to consumer who have been burned on windows. It's fair for them to say "we're a safer neighborhood".

They just can't encourage users to leave the doors unlocked.

re: Respected consumer advocacy group recommends against using Safari

lotsamystuff — Thu, 07 Aug 2008 13:09:25 GMT

"Funny thing is you keep saying this but then offer up no proof other then "My friend says"...."

Yeah, Wae's the king of anecdotal evidence. He's regaled us several times with his fascinating stories of malfunctioning Macs in Apple stores, frustrated consumers at Best Buy, and his own customers who straggle into his basement with their non-working Macs and beg him to replace them with a home-built Vista box. I guess that's why he hangs out at Apple stores looking for customers—they make great fodder for his comments.

But back on topic...

I think the CR recommendation makes since. Safari has clearly lagged behind in offering phishing protection, and although one could argue with the efficacy of such "protection", the fact is it's part of what should be considered standard on a modern browser. Better alternatives are available, and they should be seriously considered.