For those who think Apple write highly secure software and use it as a reason to bash Microsoft.... See this Microsoft Security Advisory. Microsoft have been made aware of a security problem with Apple Safari on Windows, and have released a security advisory about it with a possible work-around. Note that the problem is with Safari, not Windows, yet Microsoft have released the information. The blog of the person who discovered it, with more information, is here. An interesting point is that Apple 'consider this as an "enhancement request" and will not bother to fix this issue any time soon.' There is nothing on Apple's website and the download version has not been updated. So to fix something that Microsoft regard as a security risk worthy of publishing a security advisory about, is regarded by Apple as a product enhancement and not a requirement needing urgent attention... OK, so Microsoft are not that quick to fix security problems either, but they do acknowledge them and do sort them out. They don't bury their heads in the sand and ignore them like Apple are doing with this one. Fortunately the number of people using Safari on Windows is minimal. It comes in as a fraction of a percent on the web stats on my websites. So from that point of view the risk is small. But I still do not like Apple's approach to it.
Actually, Apple users say that Mac OSX is more secure than windows. We still have the upper hand on that front
Doesnt all people thats just a little bit geeky know that windows is actually the most secure system, but because it is the most used it is also the most attacked? and Firefox or Opera ftw. Safari is unsafe, and IE runs like an old granny.
I had Firefox but it was REALLY slow so I switched to Safari. I'm using IE now and I'm not very happy with it. I might get Firefox soon.
Not that I'm denying Apple isn't rather nonchalant about security issues at times, but comparing them to Microsoft as if Microsoft is any better is... well, like comparing apples and apples.
I found this article somewhere on the web comparing the various vulnerabilities of each OS, and I found out that Mac's OS X is much more unsecured compared to Vista. But yeah, you know you're right. Some people, I guess, won't bother with creating Viruses for Macs anymore because everyone else is using a Windows-based OS anyway. Why harm the already small population of Mac users when you can terrorize the rest of the known world with autorun.inf viruses and such : o
What "Apple users say" isn't a very reliable source. The problem is Apple is very nonchalant about security problems, not just for their web browser, but all their products.
They really dont have any protection, so far they have relied on the fact that not many people use Apple, which is why Windows is actually the safest OS if you take the skill required to do something.
As far as no protection, by default you run as a limited privilege user and it will prompt you for a password if it needs admin rights (a la Vista's UAC, and every Linux distro known to man). That in theory should make it harder for drive-by malicious software to unknowingly mess with system files. Though I get a kick out of the Apple commercials making fun of Vista's UAC. When I downloaded and installed software on a Mac, it prompted me more than Vista ever did. "Warning the file you're downloading might contain an executable" Well no shit sherlock, that's why I'm downloading it. It's even funnier because it will still warn you if you're downloading PC executables.
Well Vista's UAC is a joke for experienced Windows users, it's only there to annoy you so i have always turned it off whenever i used Vista. And of course they have protection but i dont think it goes to anywhere near the same level that Microsoft have had to do with Windows.
It's not really a joke, once you have everything configured, it will only pop up when you go to install software, or change system settings. Experienced Linux users don't run as root, and "sudo" and equivalent aren't a joke, they are part of what make the system secure. As an XP user I "do the same thing" by having my normal account a limited access account then for software installation or configuration changes I "Runas" an administrator account. By running as an administrator (or disabling UAC and running as an administrator) Windows is very insecure as there's no prompts when something goes and modifies system settings. Windows XP by default creates Administrator access accounts, and many Vista users disable UAC, which leaves a huge gaping tractor trailer sized hole that it really doesn't matter what other security features there are. As far as other security features, Starting with Win2K there's Windows File Protection, which initially was intended to prevent DLL hell and help protect against system files becoming corrupt. Windows comes with many services enabled that shouldn't be, Windows firewall wasn't defaulted to being on until SP2, Data Execution Prevention didn't exist till SP2. But none of this matters if users run will administrator privileges.
Not really. OSX is based on BSD, and it's secure because of this architecture. Viruses can't get easy access on systems like this.
based on this article, which is based on vulnerability statistics from an impartial third party vendor Secunia, :eek:
UAC in Vista should NOT be turned off. Microsoft have followed the sensible approach that Linux has had forever of not allowing normal users to run as root/administrator because you don't need to and it is much more secure that way. By turning it off you are defeating one of the important security improvements in Vista and making your system much less secure. When you turned UAC off you probably also turned off the notifications. This means you also won't get notifications about security updates, anti-virus being out of date or disabled, or any other security issues that Windows detects. It should only bother you when installing software, which is relatively rare once the system is set up. Just accept the occasional message as proof that it is working, and if you see one when you weren't expecting it then you know something is doing something it shouldn't and can deny it. If you have the odd bit of old software (from the Windows 98 era probably) that won't run properly with UAC enabled then run that program as administrator, which you can do by reconfiguring its shortcut. You'll get the message once each time the program is started, but it should then be fine. The only one I have had to do that with is Dreamweaver 4 (which I no longer use).
You can mess around with about:config to make Firefox a lot faster. Just google how to hack Firefox to increase the speed.
Apple have now (on 2nd July) released a security bulletin and an updated version 3.1.2 of Safari for Windows.
