Apple's Safari a Windows security risk?

by Thomas Ricker, posted Jun 12th 2007 at 6:25AM

As you've probably heard by now, Apple has rekindled the browser wars by releasing a beta of their Safari web browser for Microsoft Windows. Already, security vulnerabilities have been revealed within just a few hours of release. So far we're seeing a handful of denial-of-service bugs and at least two issues with Apple's code that would allow remote execution by a rogue host. Sure, some of the most visible claims come from the David Maynor who (in)famously called-out Apple with a MacBook WiFi hack only to be disemboweled by the hordes of Mac faithful. Still we're talking pre-release code so what do you expect? Besides, what better way to undermine an enemy than to present a concealed weapon in the form of a gift?

Filed under: Misc. Gadgets

Tags: apple, browser, microsoft, safari

Reader Comments (Page 1 of 2)

Neutral

Argot @ Jun 12th 2007 6:39AM

Well, they stole BSD to create a safe OS(X). Why not steal Firefox and create a safe Browser? :)

Neutral

supermeerkat @ Jun 12th 2007 7:51AM

No they didn't, you idiot.

Neutral

CapnDangerous @ Jun 14th 2007 4:18PM

Argot,
perhaps you should do your homework before you make an arse of
yourself. The majority of the members of the team which created
Firefox, coded the original Safari. First. So, if you wanna get
technical about it, Firefox came from Safari. But honestly, your
comment is just silly.

Neutral

Neotokio @ Jun 12th 2007 6:40AM

I wonder if ppl get what 'public-beta' means...

Highly Ranked

daniel @ Jun 12th 2007 7:55AM

i never remember any of the firefox betas being as buggy as this

Neutral

brendan Sheehan jnr @ Jun 12th 2007 8:25AM

This is the first public beta of Safari on Windows, and it's a hell of a lot more ambitious than Firefox. Resizable text boxes, movable tabs that also drag off to form a new window dynamically. Built-in search with unprecedented ease of use, merge all windows, private browsing. Sure Firefox is a nice browser, but there is no arguing that Apple is attempting to push things forward here, and they are managing to keep the UI of the thing very minimal at the same time. I think it's a fine first beta for such a full featured web browser. People always go on about Firefoxe's plugins, but what they fail to realize is most computer users don't even know what plugins are. When all the kinks are ironed out, you'll see that Safari will be the browser for the rest of us.

Highly Ranked

Mike @ Jun 12th 2007 10:32AM

Wow, it didn't take long for someone to defend Apple using the "it's just a beta" excuse. You same people were slamming the IE7 beta for their vulnerabilities, with the explanation "so what if it's an early pre-release build, doesn't Microsoft have standards?"

Highly Ranked

McGinley @ Jun 12th 2007 12:09PM

@brendan Sheehan jnr

Safari crashed before I tried to use ANY of the features that you mentioned in your defence.But yeah those features are pretty good,but I like firefox...I dont feel the need to change...I suppose thats just personal preference.

Neutral

brendan Sheehan jnr @ Jun 12th 2007 1:28PM

@ McGinley, personal preference is a good thing, it makes the world go round.

Neutral

JD @ Jun 12th 2007 6:00PM

This is from the Safari download page:
"Why You'll love Safari
...
12. Security
Apple engineers designed Safari to be secure from day one."

Really?

Neutral

McGinley @ Jun 12th 2007 6:42AM

Using Safari now...it makes Engadget look ugly...and takes about half a minute to fully load the page.

Neutral

McGinley @ Jun 12th 2007 7:09AM

It seems pretty decent except for the crashes but I'll be sticking to Firefox for the time being.

Neutral

BoxOfSnoo @ Jun 12th 2007 7:49AM

Looks perfect here. And I only had one crash; when managing bookmarks.

Neutral

ThePatient111 @ Jun 12th 2007 6:44AM

THis years WWDC wasnt that good and the other features such as Safari were filler for iphone to come along.
I have tried the Safari browser out its not bad but firefox is better.

It is so obvious there is bugs on a windows computer but not with a Mac program and it is still only 24 hours after it was announced and released.

Neutral

reductant @ Jun 12th 2007 6:44AM

I like Safari so far. I wish when I clicked on the address bar or search box it would highlight the entire text so I could immediately start typing a new string. And I wish I didn't have to install Logitech drivers to get the back/forward buttons on my mouse to navigate web sites. And I wish it didn't screw up my iTunes installation (uninstalled and reinstalled and still not working). I also wish it would have a new tab button. But otherwise, appearance is nice. I prefer the blurrier text, and it is so much faster than IE7.

Neutral

BoxOfSnoo @ Jun 12th 2007 7:50AM

Click on the icon in the address bar to select all text.

Neutral

treetrunk @ Jun 12th 2007 8:15AM

Oh, because that's sensible. How often do you click to edit part of a URL, compared to typing a whole new one? For me I think the only times I've ever edited a URL is in testing websites I've made myself. Otherwise, if I click on the address bar, it's invariably to type a new address. Also, why doesn't CRTL+ENTER work?

Neutral

brendan Sheehan jnr @ Jun 12th 2007 8:15AM

ctrl+T

Neutral

Galley @ Jun 12th 2007 8:41AM

In OS X version of Safari you can double-click an empty space on the tab bar to create a new one, or use CMD + T. Likewise, CMD + L will take you instantly to the address bar with the address highlighted. I'm assuming the Windows version uses the Control button.

Low Ranked

reductant @ Jun 12th 2007 8:45AM

I'd really prefer not to use keyboard commands. A simple button wouldn't have killed them. So far, on my computers, IE7 is more convenient but loads pages slower, FF boots slowly and is moderately faster, and Safari is much faster but has some slight annoyances in the interface. Other thing is that IE is completely integrated into Windows and because it usually always pops open even when another browser is set to the default, I'll likely continue to use it.

Neutral

Hawkman @ Jun 12th 2007 8:45AM

I'm one of those who find the fact that, when on Windows, I _can't_ double-click to select the url in pieces highly frustrating :-)

Triple-click in the address bar to select all the text should also work (it always has on Mac, anyway).

Neutral

treetrunk @ Jun 12th 2007 8:55AM

In Firefox you can. 1 Click selects all, double-click selects a word. How often do you edit URLs by word though? Is it to leave the www and .com to compensate for the lack of CTRL+ENTER?

Neutral

narrativium @ Jun 12th 2007 1:02PM

No need for CTRL+Enter. Just press Enter and Safari will add "www." and ".com".

Neutral

treetrunk @ Jun 12th 2007 1:27PM

"No need for CTRL+Enter. Just press Enter and Safari will add "www." and ".com"."

...sometimes. Doing that gives me a sporadic mix of "can’t connect to the server" messages, "can’t open the page" errors, and occasionally the correct behaviour you describe. Also, even when it works, waiting for Safari to add them is a LOT slower - typing Google and pressing CTRL+ENTER in Firefox loads the page in an instant, typing Google and pressing enter in Safari gives a 3-5 second delay before it corrects the URL and begins loading.

So I disagree. There certainly isn't "no need" for CTRL+ENTER. They're not using it for anything else, it's a common standard millions are used to, and wouldn't add any clutter to the interface or any complexity for anyone who didn't know it was there, so why not add it?

Neutral

Hawkman @ Jun 12th 2007 4:08PM

I often edit by word - removing the crap on a url I was linked to so I get the base site, for instance. Edit-by-word just removes the need for mousing accuracy when I head to the address bar :)

I've personally never had any trouble just typing a word without "www" and ".com" either - but to be honest, autocomplete generally has me there after a couple of characters anyway, so it's not something I do regularly.

Neutral

Benoit Liard @ Jun 12th 2007 6:53AM

I think if you are releasing a new browser and it still have the half of feature of gmail (ie, chat) and other ajax site that are not full clean, then you missed the chance.

Neutral

Hawkman @ Jun 12th 2007 8:39AM

Google seem to serve up different pages to different browsers - so who knows if Safari 3 could actually support chat, etc?

Safari on the Mac is rock-solid, very fast and has great rendering. (Note: just because Safari has the best standards support, doesn't mean it's the most compatible. FireFox holds that crown, but at the expense of an astoundingly huge legacy code base and the problems that brings. I long for the days when everybody codes to web standards, it'll make life better for everyone.) It also has the best text smoothing I've seen in any browser. The internet looks pretty.

From what I've heard, the Windows beta is far from rock-solid, the jury's out on speed (some say yes, some say it's dog slow); the rendering's still great, and so's the text smoothing (quite an achievement) - but it seems some people actually prefer the internet ugly? :-/

Neutral

bluemonq @ Jun 12th 2007 2:37PM

@Hawkman - I have ClearType already. The Safari font-smoothing on top of that blurs it all. It oughta have an option to turn it off...or am I missing something?

Neutral

mvn @ Jun 12th 2007 6:57AM

Looked forward to trying it on Windows XP as majority of apple products have been a good experience, but this is barely a beta release, it should have been labelled as an alpha release and tested internally first!

Numerous crashes on WinXP resulted, does not give the advertised speed increase on the majority of daily surfing. Also some reports of security flaws which is a worry for windows users. Was this rushed out to fill a gap in the Keynote or has it some hidden agenda! Bit of a PR blunder for the normally PR savy apple!

Neutral

Leo @ Jun 12th 2007 7:12AM

I tried it. It sucks.

It's just like Safari for Mac but sucks more.

Neutral

brendan Sheehan jnr @ Jun 12th 2007 8:12AM

Safari for Mac is an amazing browser! This is a Beta, bin it if you will, but in October give the gold version a go before you make your final judgments.

Highly Ranked

tomijlahtinen @ Jun 12th 2007 7:14AM

Seems it's not even close to the finished product, but I guess that's just why it's called beta. After testing it for seven or so minutes I had to return to my beloved Firefox. Looking forward for more mature version of Safari for Windows even though I rarely use it even on my Macs...

Highly Ranked

Scooter @ Jun 12th 2007 7:18AM

reminds me of iTunes 6.0 which was released with a blow of trumpets, only to need an urgent quick fix when it didn't quite work right on PCs.

I'll give Safari more time to be fair, but for now it is buggier than should be expected of a public beta - crashing, hogging CPU, taking forever to load pages and failing to interact with e.g. the most popular online email (yahoo).

This one was rushed out of the dressing room without getting zipped up.

I expect the people most likely to try Safari will be Firefox users, not IE7 users, which is a shame if that fails to drop IE7's market share or make it more innovative and competitive (and please - less resource intensive).

Neutral

Wotan @ Jun 12th 2007 7:23AM

I'm reading this with safari now (on Win 2k3 server). It seems stable in the way an Abrams tank is stable. It hasn't crashed yet, but it is very slow in getting pages and the UI is clunky. For two tabs, engadget and google, it is using 80MB of RAM and 69MB of paging. Compare that to fFirefox is using just about the same (70MB of paging). I wouldn't want to use this on a machine with anything below 512MB of RAM.

Neutral

jihuiwen @ Jun 12th 2007 7:34AM

and it handles pages that cantains chinese characters poorly.

Neutral

gaz.williams @ Jun 12th 2007 7:36AM

Chuck norris hates safari, would you argue with chuck? i know i wouldn't...

but seriously firefox is already there with the 'amazing new features' they're touting for safari on windows. beta or not, it blows.

Neutral

brutha @ Jun 12th 2007 7:42AM

safari is a virus....avoid

Neutral

007baf @ Jun 12th 2007 7:45AM

I installed Safari on Vista Premium. It seems faster. It is definitely buggy. I cannot get some mozilla add-ons to work (primarily an IE converter to allow iGoogle's gadget for reading Outlook and displaying its contents on my iGoogle homepage). I did get it to read YouTube correctly. It won't display across two monitor. You can open up a new window, slide it over to the other monitor, but if you maximize the window, it disappears behind the window on the left monitor and cannot be reopened.

Don't take this as negative, it's a beta and stuff isn't going to work right. I personally think IE7 is great, but I'm all for competition. The security issues are a concern. I know the government doesn't allow the use of QuickTime because of its security holes. Hopefully Apple will overcome these shortfalls. There willingness to take on Microsoft keeps the market fair and competition urges refinement and innovation.

Neutral

Ryan @ Jun 14th 2007 5:02AM

It depends upon which monitor is the primary and which is the secondary. I believe this problem comes from making the "Maximize" button behave like the Mac. If you right click on the maximized and now missing window, you will see that restore isn't an option, it hasn't actually maximized only rescaled. You can then select move, press and arrow key, and then use the mouse to bring the windows back to a usable place. This single bug is really curtailing my use of Safari at work. :/

Neutral

007baf @ Jun 14th 2007 7:56AM

Ryan,

Thanks. I guess they'll (the Apple guys) might want to make this a little more intuitive. We complain about Windows, etc..., but I've always found it more intuitive than Mac (waiting for the wave of character assasinations). thanks for the insight!

Low Ranked

Luis Menendez @ Jun 12th 2007 7:53AM

Same version, two platforms, yet the Windows one have security issues? That is why I own a Mac.

Highly Ranked

Happy @ Jun 12th 2007 11:54AM

Going by Secunia (.com), Opera is the only browser that has 0 unpatched security holes. Maybe Safari isn't as secure as you think. Anyways, having a choice is always good but I don't think most people know other browsers even exist. Maybe Safari can help change this.

Low Ranked

Kimberly @ Jun 12th 2007 8:04AM

Unfortunately Safari on Windows will crash and burn. Apple can't muster the support crew that would be necessary to fix the bugs and security issues that is inherent with Windows type OSes.

Neutral

Dav @ Jun 12th 2007 8:20AM

Oh once again apple release buggy software, Don't get me wrong, I know this is a beta.

Though how long till we see Apple become more dominant, hackers turn their targets towards OS X and then reveal how much poorer Apple code their apps compared to Microsoft.

Time will tell.

Neutral

Jason @ Jun 12th 2007 8:24AM

THE ONLY REASON SAFARI IS ON WINDOWS IS BECAUSE OF THE IPHONE.

As much as Apple makes fun of Windows THEY NEED IT if they ever want any of their products to be a success... If you needed an Apple to use an iPod NO ONE WOULD USE ON.

Now with the iPhone on the way and its embeded Safari browser Windows users will need to be able to use it on their computer so the "3rd Party Apps" they make for the phone will also work on a Windows computer.

Neutral

peshue @ Jun 12th 2007 8:32AM

Meh, who cares. Why use safari when you have other already stable options in the form of firefox and opera.

Highly Ranked

Ayle @ Jun 12th 2007 8:32AM

This feel really rushed....

Highly Ranked

treetrunk @ Jun 12th 2007 8:48AM

I downloaded this, had a play around with it. I've concluded that its rubbish.

There are a few annoying bugs which I'll let slip seeing as it's a beta, though if I can find them in 30 seconds use I don't see why Apple couldn't. You can't minimise by clicking the taskbar icon, if you minimise a maximised windows it comes back non-maximised and neither process uses Vista's "disappearing/reappearing to/from the taskbar" eye-candy.

Other annoyances are that the address bar's default action is to edit the current address instead of selecting all of it to type a new one. Nobody navigates websites by editing the address- if you click the address bar, you want to type a new one. To do this in Safari you have to click a tiny little button instead! CTRL+ENTER doesn't work, and the automatic fill-in addresses are just dumb (typing engadget tries to go to FEED://www.engadget.com, which doesn't exist, giving a "failed to open page". (Firefox puts the correct protocol, and even when the incorrect one is manually entered automatically corrects it to http://).

I don't like the interface either. The font smoothing is too much, on top of Vista's cleartype which is just fine. You can't move things around on the toolbars like you can in Firefox (Safari only lets you edit the action buttons. Firefox basically lets you move anything, such as the address bar, search box, bookmarks toolbar etc.) And why can't you resize the window from all sides?

Lastly, I just don't like the look of it. All that grey is actually pretty ugly- it's like Windows 95 with rounded corners! There's no consistency either- why does the search box have semi-circular rounded ends, but the address box is a rectangle? Why is the window title aligned centre, but everything else aligned left? Why is the title text bigger than the rest? Why are they still using old-school minimise/maximise/close buttons? How does the blue jelly-bean scrollbar go with anything?!

Neutral

Ryan @ Jun 14th 2007 5:11AM

The minimize/maximize bugs you are talking about are actually features.

Seriously.

If you look at the behavior, it is acting like a Mac application on a Mac. I guess the thinking is that Safari for Windows should act as close to Safari for Mac as possible. Personally I think that is a gross assumption to make because you are forcing someone unfamiliar with the Macintosh platform to understand that it will behave differently, but there you go.

Neutral

Jon @ Jun 12th 2007 8:52AM

I DL'd and installed it , pretty excited actually .. But knowing i am a die hard Firefox user i dint know if i would change over .. Well after installing it and playing around with it , i went back to Firefox and .. Firefox had Slowed down a ton .. almost to a crawl .. so i uninstalled Safari and bam ! firefox was back to lighting quick , Using Vista ultimate . just my experience

| 1 | 2 | Most Recent | Next 50 Comments