Windows Safari users at high risk for attack, says Microsoft Security

Microsoft's security team is warning Windows users to stop using Apple's Safari browser, reports the Channel Register. Users should lay off Safari until security researchers can

security
investigate a hole that allows malware to be posted to the Windows desktop without the user's permission. A Web site set up to exploit this hole can download and execute malicious files with no prompting, Microsoft says. The problem is a result of both the default download location in Safari and the way the Windows desktop handles executable files. The story reports:

The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times.

How many users out there are using Safari on Windows? It can't be such a huge market that many hackers would spend their energy trying to attack it. Attacks are becoming less interested in ego-building and more interested in crimeware these days -- meaning they are financially motivated and executed by malware "professionals". (See this great live chat by Crimeware security researchers that discusses the latest threats and ways to avoid crimeware).

Still, if Apple is going to port its browser over to Windows, is it responsible for understanding the OS enough to ensure its browser doesn't cause such holes? Or, given how many third-party Windows apps are out there, is it Microsoft's responsibility to make sure that Windows handles executable in a more protected way?

Go to the Microsoft Subnet home page for more news, blogs, podcasts.

More Microsoft Subnet blog posts:

Windows 7 preview Ozzie says Yahoo isn't important to Microsoft search Virtualization and Microsoft license modelsMicrosoft to add ODF, PDF support to OfficeSix free security tools you shouldn't live withoutAre open source advocates growing soft over Microsoft?
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT