Microsoft's security team is warning Windows users to stop using Apple's Safari browser, reports the Channel Register. Users should lay off Safari until security researchers can 
investigate a hole that allows malware to be posted to the Windows desktop without the user's permission. A Web site set up to exploit this hole can download and execute malicious files with no prompting, Microsoft says. The problem is a result of both the default download location in Safari and the way the Windows desktop handles executable files. The story reports:
The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times.
How many users out there are using Safari on Windows? It can't be such a huge market that many hackers would spend their energy trying to attack it. Attacks are becoming less interested in ego-building and more interested in crimeware these days -- meaning they are financially motivated and executed by malware "professionals". (See this great live chat by Crimeware security researchers that discusses the latest threats and ways to avoid crimeware).
Still, if Apple is going to port its browser over to Windows, is it responsible for understanding the OS enough to ensure its browser doesn't cause such holes? Or, given how many third-party Windows apps are out there, is it Microsoft's responsibility to make sure that Windows handles executable in a more protected way?
Go to the Microsoft Subnet home page for more news, blogs, podcasts.
More Microsoft Subnet blog posts:
Windows 7 preview
Ozzie says Yahoo isn't important to Microsoft search
Virtualization and Microsoft license models
Microsoft to add ODF, PDF support to Office
Six free security tools you shouldn't live without
Are open source advocates growing soft over Microsoft?
Advertisement: |
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, managed by editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
The Leader in Network Knowledge
Itunes- Windows and Safari
It a windows user has Itunes ( and quite a few do) then they were subject to apple's auto update application pushing Safari at them. To the novice user the easiest way to remove this reminder was to install Safari. Apple there for should promptly issue a patch since it used a very Microsoft tactic to push Safari at windows users.