Windows Safari users at high risk for attack, says Microsoft Security
By Microsoft Subnet on Sat, 05/31/08 - 2:21pm.Microsoft's security team is warning Windows users to stop using Apple's Safari browser, reports the Channel Register. Users should lay off Safari until security researchers can 
investigate a hole that allows malware to be posted to the Windows desktop without the user's permission. A Web site set up to exploit this hole can download and execute malicious files with no prompting, Microsoft says. The problem is a result of both the default download location in Safari and the way the Windows desktop handles executable files. The story reports:
The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times.
How many users out there are using Safari on Windows? It can't be such a huge market that many hackers would spend their energy trying to attack it. Attacks are becoming less interested in ego-building and more interested in crimeware these days -- meaning they are financially motivated and executed by malware "professionals". (See this great live chat by Crimeware security researchers that discusses the latest threats and ways to avoid crimeware).
Still, if Apple is going to port its browser over to Windows, is it responsible for understanding the OS enough to ensure its browser doesn't cause such holes? Or, given how many third-party Windows apps are out there, is it Microsoft's responsibility to make sure that Windows handles executable in a more protected way?
Go to the Microsoft Subnet home page for more news, blogs, podcasts.
More Microsoft Subnet blog posts:
Windows 7 preview
Ozzie says Yahoo isn't important to Microsoft search
Virtualization and Microsoft license models
Microsoft to add ODF, PDF support to Office
Six free security tools you shouldn't live without
Are open source advocates growing soft over Microsoft?
- About The Microsoft Update
Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited
Most Discussed Posts
- Blog Roll
-
- Microsoft Subnet Home Page
- http://www.networkworld.com/subnets/microsoft/
- All Microsoft Subnet bloggers
- http://www.networkworld.com/community/blogs/microsoft/feed
- ActiveWin
- http://www.activewin.com
- Blake Handler The Road to Know Where
- http://bhandler.spaces.live.com/
- Dmitry's PowerBlog
- http://dmitrysotnikov.wordpress.com/
- Doug Brown,DABCC
- http://www.dabcc.com
- Ed Bott's Windows Expertise
- http://www.edbott.com/weblog/
- Joseph Tartakoff Microsoft Blog
- http://blog.seattlepi.nwsource.com/microsoft/
- Long Zheng istartedsomething
- http://www.istartedsomething.com/
- Mini-Microsoft
- http://minimsft.blogspot.com/
- Paul Thurrott's Supersite for Windows
- http://www.winsupersite.com
- Robert McLaws WindowsNow
- http://www.windows-now.com
- Scobleizer
- http://scobleizer.com/
- Techmeme
- http://www.techmeme.com/
- Todd Bishop's Microsoft Blog
- http://www.techflash.com/Microsoft
-
Network World, Inc
The Connected Enterprise