Yes, I've just read that and personally I think the jury is out still.
Thor's research does show an exploit but there's a number of reasons why it's possible. The exploit is an old one where you pass off a command line to a URL helper for things like gopher: or telnet:
On OSX, URL helpers run through Launch Services which is where I suspect Apple places it's security checks. Safari I'd think itself isn't responsible for the security.
On Windows there's no such thing so the program that passes off the URL or gets the URL has to filter it. It would seem that the Safari team overlooked the fact that Windows sucks ass for security and will have to do their own filtering. Also implicated is Firefox I'd say since it appears you can pass it an exploit on the command line and it'll happily suck it right up.
Perhaps I'm wrong here but the upshot is that browsers on Windows need to do a lot more checking than they'd do on MacOSX.
Yes, I've just read that and personally I think the jury is out still.
Thor's research does show an exploit but there's a number of reasons why it's possible. The exploit is an old one where you pass off a command line to a URL helper for things like gopher: or telnet:
On OSX, URL helpers run through Launch Services which is where I suspect Apple places it's security checks. Safari I'd think itself isn't responsible for the security.
On Windows there's no such thing so the program that passes off the URL or gets the URL has to filter it. It would seem that the Safari team overlooked the fact that Windows sucks ass for security and will have to do their own filtering. Also implicated is Firefox I'd say since it appears you can pass it an exploit on the command line and it'll happily suck it right up.
Perhaps I'm wrong here but the upshot is that browsers on Windows need to do a lot more checking than they'd do on MacOSX.
That's my impression as well; still, it doesn't change the fact that Safari for Windows is getting hit with the "not very secure" hammer right out of the gate, and that's bad for mind share.
Surely the team that ported Safari didn't just make assumptions about Windows security routines?
That's my impression as well; still, it doesn't change the fact that Safari for Windows is getting hit with the "not very secure" hammer right out of the gate, and that's bad for mind share.
Surely the team that ported Safari didn't just make assumptions about Windows security routines?
I don't know Windows' security architecture well enough to presume they assumed but I'm pretty sure the excuse of 'but Windows should be looking after url helpers like we do on OSX with a central secure method at a deeper OS level' isn't going to wash with the security guys.
It also shows you why Windows has so many exploits if it's up to the apps themselves to filter command lines and URLs.
I am using Safari under Windows 2000 and OS 10.4. So far, I haven't had any crashes or weird rendering.
Edit: I did get one Safari 3 lock-up, after I resized a text box in PayPal when trying to make a shipping label. Text box resizing seems to work for AppleInsider's forums. It might be a nice feature, though I think it may only be a fix for poor form design.
It still has a little seemingly inconsistent behavior about new tab generation, and Safari 2 was the same way. If I middle click a link, it opens the link in a new tab. If I middle click a bookmark on the bookmark bar, it opens the bookmark in a new tab. If I middle click a bookmark in a folder on the bookmark bar, it opens the bookmark in the current tab.
Safari 3.0.1 for Windows just released btw to fix the vulnerabilities above, or at least the ones that have been reported to Apple (ie. not David 'spoilt brat' Maynor's vulnerabilities)
I'm not sure those are bugs. Some of them are just things you don't like working that way whereas I'm quite fine with them working that way and others I don't have (like issues with urls beginning irc...)
Perhaps you've a corrupt prefs file for your internet helpers. John Gruber had a similar problem...
That doesn't seem to be the problem. I also don't use helpers. The plug-ins I do use are for video, and image file showing, but nothing for internet settings, etc.
The bugs are certainly bugs in the way Apple implemented drawing and frames. I don't have those problems with other browsers, and it works the same on all of the machines here. Improper page display isn' something that was intentional. But Apple sometimes ignore problems for years.
Comments
Not just Maynor.
Yes, I've just read that and personally I think the jury is out still.
Thor's research does show an exploit but there's a number of reasons why it's possible. The exploit is an old one where you pass off a command line to a URL helper for things like gopher: or telnet:
On OSX, URL helpers run through Launch Services which is where I suspect Apple places it's security checks. Safari I'd think itself isn't responsible for the security.
On Windows there's no such thing so the program that passes off the URL or gets the URL has to filter it. It would seem that the Safari team overlooked the fact that Windows sucks ass for security and will have to do their own filtering. Also implicated is Firefox I'd say since it appears you can pass it an exploit on the command line and it'll happily suck it right up.
Perhaps I'm wrong here but the upshot is that browsers on Windows need to do a lot more checking than they'd do on MacOSX.
Yes, I've just read that and personally I think the jury is out still.
Thor's research does show an exploit but there's a number of reasons why it's possible. The exploit is an old one where you pass off a command line to a URL helper for things like gopher: or telnet:
On OSX, URL helpers run through Launch Services which is where I suspect Apple places it's security checks. Safari I'd think itself isn't responsible for the security.
On Windows there's no such thing so the program that passes off the URL or gets the URL has to filter it. It would seem that the Safari team overlooked the fact that Windows sucks ass for security and will have to do their own filtering. Also implicated is Firefox I'd say since it appears you can pass it an exploit on the command line and it'll happily suck it right up.
Perhaps I'm wrong here but the upshot is that browsers on Windows need to do a lot more checking than they'd do on MacOSX.
That's my impression as well; still, it doesn't change the fact that Safari for Windows is getting hit with the "not very secure" hammer right out of the gate, and that's bad for mind share.
Surely the team that ported Safari didn't just make assumptions about Windows security routines?
That's my impression as well; still, it doesn't change the fact that Safari for Windows is getting hit with the "not very secure" hammer right out of the gate, and that's bad for mind share.
Surely the team that ported Safari didn't just make assumptions about Windows security routines?
I don't know Windows' security architecture well enough to presume they assumed but I'm pretty sure the excuse of 'but Windows should be looking after url helpers like we do on OSX with a central secure method at a deeper OS level' isn't going to wash with the security guys.
It also shows you why Windows has so many exploits if it's up to the apps themselves to filter command lines and URLs.
I'm having the most bizarre problem and I've searched everywhere and found no solution.
This isn't my screenshot, but I'm having the same problem in XP:
http://www.imagespar.com/img/40bf6c9...8cd669/wtf.PNG
Anyone know how to remedy this? It looks to be a font issue. Thanks!
http://www.digi-comic.com/index.php?...d=133#news_294
In regards to font smoothing see
http://joelonsoftware.com/items/2007/06/12.html
(also Joel had the "slow Safari" issue, see past entries)
Edit: I did get one Safari 3 lock-up, after I resized a text box in PayPal when trying to make a shipping label. Text box resizing seems to work for AppleInsider's forums. It might be a nice feature, though I think it may only be a fix for poor form design.
It still has a little seemingly inconsistent behavior about new tab generation, and Safari 2 was the same way. If I middle click a link, it opens the link in a new tab. If I middle click a bookmark on the bookmark bar, it opens the bookmark in a new tab. If I middle click a bookmark in a folder on the bookmark bar, it opens the bookmark in the current tab.
http://www.apple.com/safari/
I'm not sure those are bugs. Some of them are just things you don't like working that way whereas I'm quite fine with them working that way and others I don't have (like issues with urls beginning irc...)
Perhaps you've a corrupt prefs file for your internet helpers. John Gruber had a similar problem...
http://daringfireball.net/2004/05/internet_helper
That doesn't seem to be the problem. I also don't use helpers. The plug-ins I do use are for video, and image file showing, but nothing for internet settings, etc.
The bugs are certainly bugs in the way Apple implemented drawing and frames. I don't have those problems with other browsers, and it works the same on all of the machines here. Improper page display isn' something that was intentional. But Apple sometimes ignore problems for years.