Any input from the community on the safety of Safari with Mac OSX 10.6 from spyware would be appreciated. Also, the feeling of any additional protection needed.
MacBook Air, Mac OS X (10.5.8)
Nor should we forget that Snow Leopard has been excluded. Big shame, but I suppose there are aspects that won't fit the Snow Leopard make up.
MadMacs0 wrote:
WZZZ wrote:
Many browser exploits are delivered via JavaScript.
Admittedly JavaScript is responsible for a lot of annoying features (e.g. redirects, obscured url's, pop-ups, pop-unders, assorted adware), I am not aware of any malware-like exploitation that can impact OS X or any of it's applications. ClamAV currently has definitions for 1369 JS exploits and none of them are marked as OSX. Clearly it could be done, just that as far as we know it hasn't yet.
I've used NoScript for years, but only because it's so good at at removing annoying content.
It may be that OS X is less or not vulnerable to these kinds of attacks. You know more about this than I. But what about ClickJacking, Cross site scripting (XSS) IFRAME attacks, Flash based XSS attacks and ordinary Flash based attacks (of course any Flash blocker for any browser will defend against that, at least up to the point Flash is allowed)? (NoScript disables all Plug-ins by default.) Then there are numerous security features like NoScript's ABE and many under the hood features not mentioned anywhere on the NoScript site, not the least of which is that Google link tracking on mousedown is sanitized, even with JavaScript enabled -- has to be considered a privacy feature, I suppose.
And, for privacy, there is the ability to run without third party tracking scripts or any unnecessary third-party scripts at all. And some of these may be malicious, no?
As far as I know, simply removing annoying content by default is only one of the benefits of running with NS.
Also don't use Java in your browser and use Flash and other plug-ins sparingly. NoScript on Firefox is the best browser security.
Make bootable clones, timed back and dated, this way you can always use the 10.6 disk and erase, the boot from one of the clones and reverse clone.
But that's just for WebKit.
Yes, that particular link showed the Webkit security changes for 5.1.7. But there are many more in the first page I linked to. All you need to do is search for 10.6 and follow them. Lots of other changes for Snow Leopard. Some of which are also for Safari in SL, or related to it, like Java.
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT5473
I do grant you that the list is a compilation of security updates, since each release also includes all previous patches, but these two were part of the last release.
Can I intrude? I believe I have read that Safari 6 cannot be downloaded to Snow Leopard. Security update 2012 004 can, and I have downloaded it.
I have to admit to blissful ignorance of webkit and exactly what it means but could you confirm in layman's terms if I have misunderstood about Safari 6.
Thank you in advance.
Thanks, Wzzz,
But (at the risk of looking silly) is there a version of Safari 6 for my iMac with 10.6.8 Snow Leopard?
Regards 71.
Nope, it stops at 5.1.7 and that's the point I was making. I don't much care, since I don't use Safari, but for those who do, it's something to take into consideration. Firefox, Chrome (if you can put up with Google's intrusiveness) and Camino will continue to get updates. Probably some others I don't usually follow like iCab and Opera.
Thanks again,
I do use Safari and Firefox but won't go anywhere near Chrome. So 5.1.7 it is ... until?
Regards, 71.
Until you decide to use Firefox exclusively. With NoScript and a few other Add-ons, nothing even comes close for security and privacy.
I don't much care, since I don't use Safari
Unless Apple gets over this recent idea that some changes they make are so great that they won't give you an option to turn things off, I won't be using Safari 6. I flat out hate the unified URL/Google bar. To avoid having tons of bookmarks, there are many pages I can get to by simply going to the URL and typing one letter. Since Safari remembers previous visited pages for the time you set, it automatically fills in the rest. You can't do that in Mountain Lion. Would have killed Apple to give you the option to separate the URL and Google fields if you wanted to? For now, it looks like I'll be switching to Firefox once I fully move to ML.
Unless Firefox gets the same disease. I really and truly hope not. But they've been emulating Chrome in the release schedule and I may have heard some talk about them going to that inane unified address and search bar, or whatever Chrome calls it.
Okay, I'm persuaded.
WZZZ wrote:
http://en.wikipedia.org/wiki/WebKit
It's the rendering engine for Safari. Also used in Mail.
I'd call it more generally than that. WebKit is a web browser engine that can be used to display web content anywhere in OS X, by any application that wants to use it.
In the Finder, if you QuickLook a URL, you see a preview of the current web page. WebKit provides that too.
I do appreciate all the discussion on Apple/Browsers/Spyware, etc.
Long-term Mac user – my first (Aug ’84) still runs – not far, or fast, but runs. After nine Macs I have always trusted Apple’s system and it hasn’t failed me yet (far as I know). But times are changing.
I use the precautions many of you mentioned, but seems there needs to be some constant monitoring to back-up self discipline.
With Apple’s new popularity, I have run Norton AV 11.1.2 for past two years with (currently) OSX 10.6.8 on a Core 2 Duo with no problems. History indicates it has only stopped one attack. Not sure if Mac, me, or Norton contributes the most to security.
Getting ready to go to ML and collecting info from those of you far more technical than I and those who have gone before (to ML) to try to avoid any problems – and to maintain as much security as possible.
I have used Firefox, but tended to feel Apple was OK with Safari or they wouldn’t ship it. Will re-consider Firefox.
Thanks again for all the input.
P.S. With all the responses, seems I opened an issue with no real or single answer – seems like an opportunity for someone to sell something.
How safe is Safari from spyware?
