Chicago (IL) – Apple is finally catching up with other browser makers in terms of security and has released a Safari web browser with
anti-phishing protection. But first look left us wanting more, since we
found that the new anti-phishing tools in Safari 3.2 are unreliable and
half-baked, to say the least. It appears that Apple rushed the update
without the necessary thorough testing. If you ask us, an average
user's idea of online security goes far beyond Apple's "preference
checkbox" implementation.
The anti-phishing feature comes as part of a software update for Safari, which fixes a range of security-related issues that resulted unexpected application shutdowns and public disclosure of personal information, and addressed various vulnerabilities such as arbitrary code execution and denial of service. A full list of security updates included in Safari 3.2 update is available on Apple’s Support site.
However, the biggest change in Safari 3.2 is the inclusion of an anti-phishing feature, for the first time ever in Safari. Apple says the update "is recommended for all Safari users and features protection from fraudulent phishing websites and better identification of online businesses." We took the new software for a test drive and found that Apple may be promising a bit too much here.
There are no options to control granularity of the feature beyond a single checkbox in the Security tab of the Preferences window to turn anti-phishing protection on and off. You can't choose a database of fraudulent sites for site ID check either. In fact, you cannot get any idea about the actual implementation of this feature and Apple isn't helping either: Safari 3.2 help files and online documentation on Apple Support site do not provide any further information.
We could live with that, if the anti-phishing feature actually worked. But taking Safari 3.2 through a series of test sites shows that the anti-phishing may not work as well as promised. For instance, the browser does not react to Mozilla's phishing and malware test sites, unlike Firefox which prominently displays security warnings. The same thing happened in several other sites specifically created for testing anti-phishing features in web browsers.
Could it be that Apple rushed this feature out too fast? Some readers may remember that, some time ago, PayPal recommended to avoid using Safari when accessing its site and even said it would be blocking the browser. The company later backtracked and said it would not block the browser after all, but still considered Safari unsafe, namely for the lack of basic anti-phishing measures.
Besides issues with the anti-phishing feature, we have also found the Windows version of Safari 3.2 to suffer from the same annoying issues in Google Docs as previous versions. For example, the document rendering inside a browser window is quirky, editing does not properly react to paragraph marks and some shortcuts do not work. For example, when you apply sub-heading formatting (CTRL + 2) to a paragraph in Google Docs, Safari still fails to apply the request to the first letter of a paragraph.
You can update the existing Safari installation automatically, using Software Update mechanism in OS X or, if you run Windows, running the Apple Software Update tool available in Windows Start menu. You can also download full Safari 3.2 installation for Mac OS X Leopard (39 MB download), Tiger (26 MB) or Windows Vista/XP (19 MB).
The anti-phishing feature comes as part of a software update for Safari, which fixes a range of security-related issues that resulted unexpected application shutdowns and public disclosure of personal information, and addressed various vulnerabilities such as arbitrary code execution and denial of service. A full list of security updates included in Safari 3.2 update is available on Apple’s Support site.
However, the biggest change in Safari 3.2 is the inclusion of an anti-phishing feature, for the first time ever in Safari. Apple says the update "is recommended for all Safari users and features protection from fraudulent phishing websites and better identification of online businesses." We took the new software for a test drive and found that Apple may be promising a bit too much here.
There are no options to control granularity of the feature beyond a single checkbox in the Security tab of the Preferences window to turn anti-phishing protection on and off. You can't choose a database of fraudulent sites for site ID check either. In fact, you cannot get any idea about the actual implementation of this feature and Apple isn't helping either: Safari 3.2 help files and online documentation on Apple Support site do not provide any further information.
We could live with that, if the anti-phishing feature actually worked. But taking Safari 3.2 through a series of test sites shows that the anti-phishing may not work as well as promised. For instance, the browser does not react to Mozilla's phishing and malware test sites, unlike Firefox which prominently displays security warnings. The same thing happened in several other sites specifically created for testing anti-phishing features in web browsers.
Could it be that Apple rushed this feature out too fast? Some readers may remember that, some time ago, PayPal recommended to avoid using Safari when accessing its site and even said it would be blocking the browser. The company later backtracked and said it would not block the browser after all, but still considered Safari unsafe, namely for the lack of basic anti-phishing measures.
Besides issues with the anti-phishing feature, we have also found the Windows version of Safari 3.2 to suffer from the same annoying issues in Google Docs as previous versions. For example, the document rendering inside a browser window is quirky, editing does not properly react to paragraph marks and some shortcuts do not work. For example, when you apply sub-heading formatting (CTRL + 2) to a paragraph in Google Docs, Safari still fails to apply the request to the first letter of a paragraph.
You can update the existing Safari installation automatically, using Software Update mechanism in OS X or, if you run Windows, running the Apple Software Update tool available in Windows Start menu. You can also download full Safari 3.2 installation for Mac OS X Leopard (39 MB download), Tiger (26 MB) or Windows Vista/XP (19 MB).