Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection

Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection

Summary: The 2008 edition of Consumer Reports' "State of the Net" report, advises that a common security mistake is "thinking your Mac shields you from all...

SHARE:
16

The 2008 edition of Consumer Reports' "State of the Net" report, advises that a common security mistake is "thinkingSafari Phishing Email your Mac shields you from all risks", and that due to Safari's lack of built-in phishing protection Mac users are urged to switch to Firefox or Opera :

"According to this year’s State of the Net survey, Mac users fall prey to phishing scams at about the same rate as Windows users, yet far fewer of them protect themselves with an anti-phishing toolbar. To make matters worse, the browser of choice for most Mac users, Apple’s Safari, has no phishing protection. We think it should. What you can do : Until Apple beefs up Safari, use a browser with phishing protection, such as the latest version of Firefox (shown at right) or Opera. Also try a free anti-phishing toolbar such as McAfee Site Advisor or FirePhish."

This is not the first time Apple's Safari has been criticized for lacking built-in phishing protection, and definitely not the last. Earlier this year, PayPal's Chief Information Security Officer Michael Barrett, said that :

"Apple, unfortunately, is lagging behind what they need to do, to protect their customers. Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

For the time being, Safari is still not considered a "Safe Browser" by PayPal, where safer browser for them means one thatSafebrowsing Safari has built-in phishing protection. Whatsoever, the situation always repeats itself. Just like the moment in time when the rest of the now considered "safe browsers" were also lacking phishing protection, third-party plugins were filling in the gaps. The same adaptive approach fully applies to Safari with the help of 1Password's integration of the Phishtank.com's database, and also, through the Saft extension integrating Stopbadware's database next to the rest of the security features it offers.

Related posts:

Topics: Malware, Apple, Browser, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • When a feature is not a feature

    If a feature is too hard to use then it is not a feature. Jobs did extensive case studies and found that warnings about phishing simply confused people and that in the end, Apple users would rather have someone steal their identity than get confused by a feature they don't understand. Apple is all about the [b]USER EXPERIENCE[/b] (baaaaaaa) which is something that Mozilla, Opera, and Microsoft don't understand when they show [b]SCARY[/b] messages about phishers.

    Safari is great because it doesn't take away from the Apple experience of uninterrupted computing. As the PWN2OWN contest showed, Apple users don't even like to be interrupted while their computer gets hacked! :)
    NonZealot
    • *snicker*

      Hey now, apple is dedicated to that uninterrupted computer experience. I remember sitting there all day watching those mind blowingly consistent load bars, reminiscing fondly of a time when barber poles were as commonplace as handlebar moustaches.

      Windows sucks, everything happens instantly, and there is no waiting. Some would say the sluggish apple read/write and compile times are interruptions themselves, to which I say, poppycock, they're *part* of the experience. Uninterruptable load time... hey, wait a minute, get your hand off that force quit damn you! This is supposed to be uninterrupted computing!

      Either way, to that end, I have it via a good source that apple will release the iWife. iWife will place your real wife in a state of deep slumber every time you get onto your apple, and replace her with a robotic iWife for the duration of your computing experience. Steve Jobs proved through conclusive circumstantial evidence that wives are the leading cause of interruption of the apple experience. iWife will change the world, and swell the population of the World of Warcraft!
      Spiritusindomit@...
  • Consumer Reports is obviously a M$ shill.

    Consumer Reports is obviously a M$ shill. Directed by the GOR (Gods-Of-Redmond) to attack poor Apple.
    Scubajrr
    • By promoting FF and Opera?

      I hope your post was sarcasm and I just missed it?

      TripleII
      TripleII-21189418044173169409978279405827
    • Good joke - that's funny - LOL nt

      nt
      TheBottomLineIsAllThatMatters
  • CR cares about the consumer, Apple doesn't.

    I think it's great. All users that Apple is trying to convert from the PC should know what they are getting into.

    Aapple is slow on the patches. If they work.
    bjbrock
  • RE: Consumer Reports urges Mac users to dump Safari, cites lack of phishing

    Phishing-About 6.5 million consumers, or roughly 1 in 13 online households, gave such scammers personal information over the past two years.

    It is education not a browser people need.
    fairuse09
    • Rubbish

      What they need is a nice green URL at the top that says the site is not a phishing site.

      Now that IE has it, I admit I check it every time I'm on a financial web site.
      tonymcs@...
      • And FireFox. And Opera...

        {NT}
        Sleeper Service
      • Blindly going..

        .. where the browser says is safe.

        And never thinking yourself ? I certainly agree with the notion
        that internet users need educating in common sense much
        more than any anti phishing tools. If someone calls you and
        says: "Hello this is the police. We found your credit card and
        need the pin code to verify it is in fact yours". Do you give
        that pin code ? No... of course not. Common sense.
        vmaatta
    • Education

      Yeah. You're right. And the education they get is the browser telling them "HEY! This is a phishing site."
      laura.b
  • RE: Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection

    Consumer Reports should have rated Safari "Not Acceptable.
    M.R. Kennedy
  • RE: Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection

    Consumer reports thinks Sony makes good laptops too!
    Those of us in the trenches know better.
    pgm554
    • Sony does make good laptops...

      But keep in mind, consumer reports reviews products from the point of the average pleb. On top of that, there is nothing wrong with sony's laptops. Blow away the preinstall and reload the operating system (which is any experienced user's 101 step for new laptops) and it works perfectly.

      Can we get better from clevo, sager or falcon northwest? Yes. Do most people want or need to exceed 1500 USD on a laptop? Probably not.
      Spiritusindomit@...
  • Safari is not a browser

    It doesn't even support frames properly!
    joemartn
  • Phishing is not a security issue, folks

    There is nothing in common between phishing and viruses, adware, spyware, or other malware. Phishing is just an old-fashioned scam dressed up in new HTML clothing. Consumers need to be educated about it, and no anti-phishing technology is going to save them. For one thing, most phishing schemes come to consumers through their email client, not their browsers.

    Oh, and 6 or 7 years ago, why didn't Consumer Reports advise Windows users to ditch IE? That would have been the single best way for them to avoid Internet malware, but I never heard them do such a thing. The phishing problem pales in comparison to the security nightmares we experienced after IE6 was released (and before SP2), and which millions of Windows users continue to experience today. Active/X is the most dangerous technology out there as far as security is concerned, but is MS being pressured to remove it from IE?
    Leland Scott