Wednesday, August 6, 2008

Don't use Safari Browser?

So says Consumer Reports. Now, they're not usually my first stop for security news, but this sounded interesting and I took a look. The article is fairly basic, but has mostly good old fashioned common sense, and is worth a read. They recommend:
  1. Make sure your antivirus is up to date. It's sold as a one-year subscription, so if you haven't paid, it probably isn't. While antivirus is increasingly lame (topic for future post), you still should have it.
  2. Never access a bank account or other financial site by clicking a link in an email. Come on, folks, this is the equivalent of "click here to open your mouth and close your eyes." If there's a problem with your bank account, they won't ever email you asking you for your password. Duh.
  3. Don't use the same password for all your different online accounts. Again, duh. If somehow the password gets out, only one of your accounts would be at risk, not all of them.
  4. Downloading free software = downloading free spyware. Once again, unless you know where this is coming from (say, downloading Firefox from Mozilla.org), this is another version of "open your mouth and close your eyes."
  5. Don't click a popup ad that says you're insecure. Doesn't even rate a "duh." H3y! D00d, l1k3 ur t0tally pwnd. Clik h3r3 2 haz ch33zburger!!!lol
  6. Always use one credit card for all online transactions (and use Opera as your browser when you shop). Limits damage, since there's only one card that they might steal.
Hmmm. Reading this back, not only do I count multiple instances of "duh", but I sound a bit like your mother. Remember your umbrella. Get back before dark. Don't talk to strangers. Common sense can take you a fair ways.

The most interesting bit from Consumer Reports basically says, don't be a Macintosh fanboy, they're not as hot on security as you might think. This is also true, although El Reg puts it in much plainer language:
Consumer Reports has become the latest in a growing string of organisations to take Apple to task over its handling of security issues. For example, the consumer electronics giant has been lambasted for its slow response to a cross-industry DNS spoofing flaw, force-feeding Windows users its Safari browser under the guise of a security update and mismanaging the noteworthy Safari carpet-bombing flaw over recent weeks. A planned security talk by Apple's security team at the Black Hat conference this week was cancelled at short notice after its marketing department objected.

Unpatched security holes have occasionally prompted security watchers, such as US CERT, to advise against using IE. Consumer Reports is one of the first organisations to advise against using Safari, but is unlikely to be the last unless security, rather than simply great design and being cool, becomes more entrenched at Apple.
Note to Apple Marketroids: when the security guys name the exploit "Safari Carpet Bomb", you fix it. Just sayin'.

I'd like to remind everyone to remember the two simple rules of safer browsing.

No comments: