Is Safari Safe? What is your browser of choice?

Hi,

I using Safari since it came out for the first time an hat never any issues about security. I using Safari for ALL bank-payments, even my bank is supporting Safari.

Dimaxum

There have been loads of reports from different security agencies, that Safari would be unsafe. But loads of these stories are proof of concepts and your unlikely to encounter. Some of these 'exploits' are no actual exploits. Microsoft issued a warning to Safari users to avoid using the browser, since Safari starts downloading files from the internet without permission from the user, instead it asks permission when you open it after the download. An other example is an exploit that a DirectX element in Internet Explorer can activate a by Safari downloaded file. Though, you have to visit the same site, with both browsers, at the same time...

Safari is quite a young browser, but does meet all industry standards. This can be read here. http://www.apple.com/safari/. There are still points which have to be improved, though. Personally I hope the spread of Safari will continue, since it uses the WebKit rendering engine and looks lovely. On a Mac, PC or iPhone.

Mulderscully wrote:
One of the things that got me thinking was when PayPal recommended that users of its site not use Safari because it does not have the proper security.

PayPal's recommendation to not use Safari was based on Safari's lack of protection against phishing. They didn't make any comments on any other Safari security problems.

While it would probably be best to add measures to protect against phishing to help less-informed internet users, lack of anti-phishing measures isn't something that would keep me from using a web browser. The best protection against phishing is simply to +not click on links in unsolicited emails+ and +not enter sensitive information when you don't know what web site you are visiting+. In other words, type in URLs yourself rather than clicking on links to visit sites where you will enter your sensitive logins, bank information, etc.

MacWorld has an article on this with good comments from readers: PayPal: Steer clear of Safari.

Exactly. As a IT Security Pro, Safari is no less secure than other browsers.

Phishing is a method of exploiting "User Error". With phishing, the URL is faked and the user does not check that the URL is correct.

Another interesting trick was the Monster 'Tool Download'. E-mails were sent out telling monster users that this 'Tool' was required for future Monster features. It was a fake.

I am more concerned with hacks into the databases of the websites that are legitimate. Those are the real security problems. Most companies have to deal with this.

Hi Rachel,

Is there a Anti-phishing protection to use on a Mac.

I ask this because 3 days ago I hat a strange e-mail from Luxembourg an it said that I payed € 0981,00 for ??????? via PayPal.I not even have a PayPal account.

I don't do anything on the web for payments ... to get more information about my account they said "please open this document" I didn't open it an just trash it.

Next day I went to my bank an they canceled my account an provided my with a new account number 2 credit cards an everything you need. A lot of work maybe for nothing, but I wouldn't take the risk.

Dimaxum

It should get spotted by Apple Mail if you have your Junk email filter in place and configured.

Intego AntiVirus says it does a better job on email, as long as you are on the net, someone could send email to every possible name on a domain like ".Mac" or an ISP or harvest your email by posting it somewhere like on these forums even which is why you should not (and will be edit out if someone comes along and notices it).

Most "emial" is junk, spam, etc. If you visit a web page, your IP number is captured, and if there is a paypal link, the web page loads from paypal - you could block and filter 'paypal' from router or firewall and prevent even paypal links from being loaded.

You might want to look at Intego NetBarrier as well to do more.

Dimaxum wrote:
I ask this because 3 days ago I hat a strange e-mail from Luxembourg an it said that I payed € 0981,00 for ??????? via PayPal.I not even have a PayPal account.

If you don't have a PayPal account, I really don't see how this can be anything but a phishing attempt.

Phishing can only affect you if you click on the links in the phishing email. They're trying to get people to go to their own web site (usually a site made to look like PayPal's or whatever business they're masquerading as) and enter sensitive information, such as ones PayPal username and password, bank account numbers, social security numbers, and so on. If you don't do that, the email doesn't hurt you in the slightest. Just throw it away and you're fine.

Message was edited by: Rachel R

Hi Rachel,

Thanks, I did trash the e-mail without opening the the included document.

They capture one of my e-mail addresses via a website I have. This website is now for a longtime 'under construction' still you can sent me a e-mail for information about a product that I' am offering. Thats why it capturing my attention.

Dimaxum