Safari: Are There Security Risks for Windows Users?

Safari: Are There Security Risks for Windows Users?
Page content

What is the argument about Safari’s security?

The debate between Windows and Mac users (sometimes friendly, sometimes hostile) has often spilled over to the browsers. Historically, Macs in general and Safari in particular have had a reputation for being less vulnerable to hackers. The pro Mac argument is that Internet Explorer is poorly designed and contains more loopholes which hackers can exploit. The counter argument is that Safari has just as many problems and hackers simply target Internet Explorer because it has many more users. (The figures vary depending on the research method, but as a rough overview around 75% of Internet users are on Internet Explorer while fewer than 5% use Safari.)

Images

Why was Safari described as ‘Malware’?

That’s a separate issue from browser security and really more of a publicity war phrase. When Apple first released Safari for Windows, it included it as a default download on the iTunes update service. Users could opt not to download and install Safari, but many people didn’t pay much attention because they assumed the updates only ever covered iTunes itself plus the QuickTime media software.

A major argument broke out with the companies behind rival browsers, some of whom pointed out it was misleading to offer Safari as an ‘update’ to people who didn’t already have the software on their machine. John Lilly, the man in charge of Mozilla (which makes the Firefox browser) went as far as to say it “borders on malware distribution practices”. However, this debate was about the way Safari was distributed and doesn’t reflect on the security of the browser itself.

So what are the security issues with Safari?

According to security expert Kenneth Van Wyk, there are a couple of potential problem areas:

Like Internet Explorer and Firefox, it allows Javascript and ActiveX content to run automatically on websites by default, meaning you’ll have to change the settings to stop this. Unlike its rivals, Safari doesn’t make it as easy to opt for a balance between allowing all Javascript (which is a security risk) and blocking it completely (which makes surfing impossible).

Secondly, as with Internet Explorer, there are few of the easy-to-apply security updates (or ‘plug-ins’) that you can get with Firefox.

Have there been any major attacks on Safari?

While there haven’t been any major attacks for real, a hacker at a security conference won $10,000 by taking control of a computer in under two minutes after exploiting a flaw in Safari. Though he used a Mac, he said it would have worked exactly the same on a PC. Apple has now fixed that specific flaw, but he insists Internet browsers are the easiest target for hacking.

What about Macs in general?

While major attacks aimed at Macs are rare, they do seem to be on the rise. Security firm Sophos says some hackers appear to be specifically writing viruses to target the Mac operating system. This is partly because some hackers consider it more prestigious to penetrate the supposedly tighter Mac security, and partly because criminals see Mac users as an untapped target audience. While this pattern will mainly affect Macs, it may have the additional effect of making Safari a bigger target.

So should I still use Safari on a PC?

There doesn’t seem to be any evidence that Safari is inherently less secure than Internet Explorer. However, its release on PCs means it will become more popular, which in turn makes it more likely hackers will target it. If you find Safari more useful for your particular needs (see Matt Becker’s review for advice), then it’s certainly worth installing – just don’t become less vigilant about security because you assume Apple products are automatically safer.

Other Editor’s Picks by this Author:

>»>Why You Really Don’t Need a Screensaver

>»>Exploring Windows Defender