1 2 3 Previous Next 30 Replies Latest reply: Sep 27, 2012 4:39 PM by Orionzx Go to original post
  • 15. Re: How safe is Safari from spyware?
    MadMacs0 Level 4 Level 4 (3,735 points)

    WZZZ wrote:

     

    But that's just for WebKit. There are many more vulnerabilities patched in the new Safari 6. (It may be some of these were included in the 5.1.7 update, if that was released around the same time.)

    But look at the Apple Security announcement for Safar 6.0, only 4 of the 121 patches were for Safari, the rest were all WebKit. The ratio for 6.0.1 would appear to be similar. I would have to agree that the 5.1.7 WebKit update covers considerably fewer issues and fully accept the premise that it's much more vulnerable than Safari 6.0.x.

  • 16. Re: How safe is Safari from spyware?
    seventy one Level 6 Level 6 (8,990 points)

    Nor should we forget that Snow Leopard has been excluded.   Big shame, but I suppose there are aspects that won't fit the Snow Leopard make up.

  • 17. Re: How safe is Safari from spyware?
    WZZZ Level 6 Level 6 (12,225 points)

    MadMacs0 wrote:

     

    WZZZ wrote:

     

    Many browser exploits are delivered via JavaScript.

    Admittedly JavaScript is responsible for a lot of annoying features (e.g. redirects, obscured url's, pop-ups, pop-unders, assorted adware), I am not aware of any malware-like exploitation that can impact OS X or any of it's applications. ClamAV currently has definitions for 1369 JS exploits and none of them are marked as OSX. Clearly it could be done, just that as far as we know it hasn't yet.

     

    I've used NoScript for years, but only because it's so good at at removing annoying content.

    It may be that OS X is less or not vulnerable to these kinds of attacks. You know more about this than I. But what about ClickJacking, Cross site scripting (XSS) IFRAME attacks, Flash based XSS attacks and ordinary Flash based attacks (of course any Flash blocker for any browser will defend against that, at least up to the point Flash is allowed)? (NoScript disables all Plug-ins by default.) Then there are numerous security features like NoScript's ABE and many under the hood features not mentioned anywhere on the NoScript site, not the least of which is that Google link tracking on mousedown is sanitized, even with JavaScript enabled -- has to be considered a privacy feature, I suppose.

     

    And, for privacy, there is the ability to run without  third party tracking scripts or any unnecessary third-party scripts at all. And some of these may be malicious, no?

     

    As far as I know, simply removing annoying content by default is only one of the benefits of running with NS.

  • 18. Re: How safe is Safari from spyware?
    ds store Level 7 Level 7 (30,305 points)

    Also don't use Java in your browser and use Flash and other plug-ins sparingly. NoScript on Firefox is the best browser security.

     

    Make bootable clones, timed back and dated, this way you can always use the 10.6 disk and erase, the boot from one of the clones and reverse clone.

     

    Harden your Mac against malware attacks

  • 19. Re: How safe is Safari from spyware?
    Kurt Lang Level 7 Level 7 (31,995 points)

    But that's just for WebKit.

    Yes, that particular link showed the Webkit security changes for 5.1.7. But there are many more in the first page I linked to. All you need to do is search for 10.6 and follow them. Lots of other changes for Snow Leopard. Some of which are also for Safari in SL, or related to it, like Java.

     

    http://support.apple.com/kb/HT5501

    http://support.apple.com/kb/HT5473

     

    I do grant you that the list is a compilation of security updates, since each release also includes all previous patches, but these two were part of the last release.

  • 20. Re: How safe is Safari from spyware?
    seventy one Level 6 Level 6 (8,990 points)

    Can I intrude?   I believe I have read that Safari 6 cannot be downloaded to Snow Leopard.   Security update 2012 004 can, and I have downloaded it.

     

    I have to admit to blissful ignorance of webkit and exactly what it means but could you confirm in layman's terms if I have misunderstood about Safari 6.

     

    Thank you in advance.

  • 21. Re: How safe is Safari from spyware?
    WZZZ Level 6 Level 6 (12,225 points)

    http://en.wikipedia.org/wiki/WebKit

     

    It's the rendering engine for Safari. Also used in Mail.

  • 22. Re: How safe is Safari from spyware?
    seventy one Level 6 Level 6 (8,990 points)

    Thanks, Wzzz,

     

    But (at the risk of looking silly) is there a version of Safari 6 for my iMac with 10.6.8 Snow Leopard?

     

    Regards  71.

  • 23. Re: How safe is Safari from spyware?
    WZZZ Level 6 Level 6 (12,225 points)

    Nope, it stops at 5.1.7 and that's the point I was making. I don't much care, since I don't use Safari, but for those who do, it's something to take into consideration. Firefox, Chrome (if you can put up with Google's intrusiveness) and Camino will continue to get updates. Probably some others I don't usually follow like iCab and Opera.

  • 24. Re: How safe is Safari from spyware?
    seventy one Level 6 Level 6 (8,990 points)

    Thanks again,

     

    I do use Safari and Firefox but won't go anywhere near Chrome.  So 5.1.7 it is ... until?

     

    Regards,  71.

  • 25. Re: How safe is Safari from spyware?
    WZZZ Level 6 Level 6 (12,225 points)

    Until you decide to use Firefox exclusively. With NoScript and a few other Add-ons, nothing even comes close for security and privacy.

  • 26. Re: How safe is Safari from spyware?
    Kurt Lang Level 7 Level 7 (31,995 points)

    I don't much care, since I don't use Safari

    Unless Apple gets over this recent idea that some changes they make are so great that they won't give you an option to turn things off, I won't be using Safari 6. I flat out hate the unified URL/Google bar. To avoid having tons of bookmarks, there are many pages I can get to by simply going to the URL and typing one letter. Since Safari remembers previous visited pages for the time you set, it automatically fills in the rest. You can't do that in Mountain Lion. Would have killed Apple to give you the option to separate the URL and Google fields if you wanted to? For now, it looks like I'll be switching to Firefox once I fully move to ML.

  • 27. Re: How safe is Safari from spyware?
    WZZZ Level 6 Level 6 (12,225 points)

    Unless Firefox gets the same disease. I really and truly hope not. But they've been emulating Chrome in the release schedule and I may have heard some talk about them going to that inane unified address and search bar, or whatever Chrome calls it.

  • 28. Re: How safe is Safari from spyware?
    seventy one Level 6 Level 6 (8,990 points)

    Okay, I'm persuaded.

  • 29. Re: How safe is Safari from spyware?
    Network 23 Level 6 Level 6 (11,695 points)

    WZZZ wrote:

     

    http://en.wikipedia.org/wiki/WebKit

     

    It's the rendering engine for Safari. Also used in Mail.

    I'd call it more generally than that. WebKit is a web browser engine that can be used to display web content anywhere in OS X, by any application that wants to use it.

     

    In the Finder, if you QuickLook a URL, you see a preview of the current web page. WebKit provides that too.