http://blogs.business2.com/apple/2007/06/hackers_break_a.html


Hackers Break Apple's Safari for Windows on First Day

Apple (AAPL) may live to regret its claim that Safari for Windows is "secure from day one."

It probably regrets it already. The computer security blogs this morning are lit up like Christmas trees with reports of exploits, vulnerabilities and denial of service (DoS) attacks. Thor Larhom claims that it took him only two hours to find "a fully functional command execution vulnerability." Dave Maynor provides a running commentary of his exploits:

Using publicly available tools we had a DoS in no time...Whoops, sorry, thats not a DoS, its memory corruption.... a new bug. These are popping out like hotcakes....I'd like to note that we found a totl of 6 bugs in an afternoon, 4 DoS and 2 remote code execution bugs. We have weaponized one of those to be reliable and its diffrent that what Thor has found. (link; spelling is original, to say the least)

In Apple's defense, what they have released is a beta version of Safari, and betas are made for bug detection. But by creating a version that runs on Windows, it has left the relatively safe harbor of 5% market share and exposed itself to the winds of malware that blow fierce in the Microsoft (MSFT) Windows environment.

lol

It cracks me up how people are ruthlessly attacking a Beta version for having *gasp* bugs and flaws.

Who knew?

It cracks me up how people are ruthlessly attacking a Beta version for having *gasp* bugs and flaws.

Who knew?

They must have missed the word BETA?

They must have missed the word BETA?
Or they're just asshats. /shrug/

Why did apple put so much marketing hype into a beta that's full of bugs and security wholes?
best browser in the world? I know that its rendering engine is top notch, because it's Konquerors rendering engine. But the rest of it.. well.. just more empty hype from some company who'se desparately trying to get people onto its proprietary and overpriced platform.

Why did apple put so much marketing hype into a beta that's full of bugs and security wholes?
best browser in the world? I know that its rendering engine is top notch, because it's Konquerors rendering engine. But the rest of it.. well.. just more empty hype from some company who'se desparately trying to get people onto its proprietary and overpriced platform.

The buzz and the news coverage is worth millions. They are marketing geniuses.

Why did apple put so much marketing hype into a beta that's full of bugs and security wholes?
best browser in the world? I know that its rendering engine is top notch, because it's Konquerors rendering engine. But the rest of it.. well.. just more empty hype from some company who'se desparately trying to get people onto its proprietary and overpriced platform.
RAVTUX is right. It's all marketing.

By making lots of noise about it _now_, they get the advantage of Word of Mouth. People know and love iTunes. When Apple gives them Safari, they'll want to try it because they know Apple products are quality.

When Safari on Windows is rid of these bugs, expect Safari adoption to go up a fair bit.

It is a very solid browser. And the rendering engine simply can't be beat.

RAVTUX is right. It's all marketing.

By making lots of noise about it _now_, they get the advantage of Word of Mouth. People know and love iTunes. When Apple gives them Safari, they'll want to try it because they know Apple products are quality.

When Safari on Windows is rid of these bugs, expect Safari adoption to go up a fair bit.

It is a very solid browser. And the rendering engine simply can't be beat.

I know that their rendering engine is great, I used to use it on Solaris Unix and occasionally use it on Ubuntu Linux. Too bad that I can't try out their buggy fronted for the konqueror rendering engine to run on any other Unixes.I'm sure that I would love iTunes too but I can't seem to run that either.

Until Apple stops treating me like a second class citizen for running a non-proprietary operating system then I'll just assume their products are not "quality" but rather are all hype.

No biggie. It's Beta.

Talk about a storm in a tea cup! :roll:

Until Apple stops treating me like a second class citizen for running a non-proprietary operating system then I'll just assume their products are not "quality" but rather are all hype.

Amen. I'm just waiting for the iPhone to crush people's dreams... the Oceans full of hype that thing has been getting blow my mind. When Apple finally gets bitten in the butt for all this misleading advertising, they'll feel a storm they never expected and I will laugh.

As for the topic the OP raised. Bleh. I have Firefox and since this is only a Windows browser why do we all care that much at all? Apple will not be opening up for Linux/Unix/BSD/Any other OS so it doesn't apply to us really. And even if they did, I won't support a company that crams DRM/Hardware Lock In down its users throats.

I know that their rendering engine is great, I used to use it on Solaris Unix and occasionally use it on Ubuntu Linux. Too bad that I can't try out their buggy fronted for the konqueror rendering engine to run on any other Unixes.I'm sure that I would love iTunes too but I can't seem to run that either.

Until Apple stops treating me like a second class citizen for running a non-proprietary operating system then I'll just assume their products are not "quality" but rather are all hype.
Actually, Safari's rendering engine is only _based_ on KHTML. There are many enhancements in Safari's rendering engine that due to licensing cannot be backported to KHTML upstream.

Why did apple put so much marketing hype into a beta that's full of bugs and security wholes?

Despite what the Mac fanboys will claim, Apple is an arrogant company led by an arrogant leader, who are on a roll at the moment. They probably thought it'd "just work", even if it was a beta, never thinking that much work would be necessary. The problem isn't that it's a beta, but that it was given a fanfare as if it were a finished product. You don't put a beta product (some claim it's really an alpha build) on the main page of a major portal such as apple.com, with big fonts, asking for anyone to download and run it. Doing so will mean you just don't get advanced and intermediate users downloading the beta release to test it, you'll get newbies and the like, too, who'll soon complain about bugs and things, giving Apple a bad name from the very Windows users who they're trying to attract. No, you release such beta builds in the background, accessible via footnotes or other pages. That's what happens with Opera and Firefox, as well as other applications. No, I just see this as a continuation of the arrogant mentality of Apple, who I see as no better than the bigger Microsoft when it comes to things concerning computers.

Saying all that above, though, it's not proven that there are exploits. The one who claims exploits has, according to reports, refused to disclose the exploits to Apple as well as other security experts (at least from what I read some hours ago), which I find a bit dubious.

best browser in the world? I know that its rendering engine is top notch, because it's Konquerors rendering engine. But the rest of it.. well.. just more empty hype from some company who'se desparately trying to get people onto its proprietary and overpriced platform.

True, but, you know, it's a beta. Maybe Apple.com will go into meltdown when beta 2 comes about. ;)

all the marketing in the world doesnt change the fact that safari adds nothing new, and there are far better browsers out there then safari

safari holds its place as the default web browser installed on mac os x.... and thats about it.

I thought all Linux zealots liked the idea of choice (you know, 50 music players for Linux, that sort of thing), but now that there's yet another new browser in Windows, they go off and complain that Windows has too many browsers now?

In any case, it's a first release. I highly doubt any browser has been truly robust on its initial release, particularly after a port.

I thought all Linux zealots liked the idea of choice (you know, 50 music players for Linux, that sort of thing), but now that there's yet another new browser in Windows, they go off and complain that Windows has too many browsers now?

I don't think its us being biased. Windows already has two proprietary browsers IE (installed by default) and Opera (easily gotten). It also has dozens (maybe even hundreds) of other browsers, many derived from Firefox/Mozilla work. Flock, Netscape (ya it still around) and Epiphany (I think its on windows) are all nice options. I just don't see a market for it except for Mac users on windows (and people getting tricked into it bundled with iTunes).

On a side note, look at this cool diagram. (http://upload.wikimedia.org/wikipedia/commons/7/74/Timeline_of_web_browsers.svg) Awesome how much the Mozilla//Firefox project has given back and created from its work.

No biggie. It's Beta.

Talk about a storm in a tea cup! :roll:

Yes, Safari for Windows is a beta. However, a number of years after Safari shipped for Mac OS X, a huge security flaw was discovered that causes Safari and Mac OS X to automatically extract downloaded Zip archives and run shell scripts contained in them (default behaviour):

http://www.heise.de/english/newsticker/news/69862

As far as I'm concerned, after a security flaw as large as the Goatse man's crack, anything Apple does with Safari is simply turd-polishing (http://www.urbandictionary.com/define.php?term=turd+polishing).

Yes, Safari for Windows is a beta. However, a number of years after Safari shipped for Mac OS X, a huge security flaw was discovered that causes Safari and Mac OS X to automatically extract downloaded Zip archives and run shell scripts contained in them (default behaviour):

http://www.heise.de/english/newsticker/news/69862

As far as I'm concerned, after a security flaw as large as the Goatse man's crack, anything Apple does with Safari is simply turd-polishing (http://www.urbandictionary.com/define.php?term=turd+polishing).

So, by your logic if any piece of software at some time displays a security flaw, then the software is crap for life?

Linux must be **** then! :popcorn:

My take on this is that conventional wisdom attributes Apple's apparent lack of security problems to it high quality, but in fact this suggests it may also be due to its lack of exposure & small market penetration. With this venture into the "big leagues", we see it may suffer from security problems just like Windows does.

I say that one should not judge this based on a beta and a few claims... that said I think it is silly that Apple is releasing Safari for Windows.

I say that one should not judge this based on a beta and a few claims... that said I think it is silly that Apple is releasing Safari for Windows.

maybe they are trying to attract more windows users...something like
"look, I've used this new browser, safari, I found it nice. take a look...
ok. a...I like it. Who's making it?
apple...they make itunes too. and ipod. and soon, iphone. and their own os...
hmm....sounds interesting. this tight integration. maybe I'll give them a try"
:)

Apple reports 1 million Safari for Windows downloads

http://www.macworld.com/news/2007/06/14/safaridl/index.php

Cute

Oh well...