As you’ve probably heard, Apple has released a version of their Safari web browser for Windows. A lot has been said about why Apple would do this (my bet is that Jon Gruber is right and it’s about the $$$ that Apple will generate from Google searches), about how fast it truly is, and about why on earth anyone would want to run Safari on Windows. These are interesting topics of discussion, but I think the most important issue is what this release will do for Apple’s security. I think that releasing Safari on Windows presents a risk not only to Windows users but also to Mac OS X and iPhone users. Here are a few thoughts that came to mind when I heard the Safari on Windows announcement.
This puts Safari in the territory of the bad guys
With the release of Safari for Windows, Steve Jobs has placed key Apple software squarely in the sights of the world’s black hat hackers and script kiddies. Security researchers and hackers, who have always been annoyed with Apple’s arrogant claims of security, now have direct access to pound on Apple software on their own turf. Within hours of the release, security researchers are already finding vulnerabilities “popping out like hotcakes“. Some of these vulnerabilities are reported to also work on the production version of Safari for OS X.
Safari on Windows becomes a huge attack surface
If Jobs and company manage to get just a tiny percentage of the current iTunes users to switch to Safari, we could soon have millions of people surfing the web with Safari on Windows. With iTunes, Apple has seen its share of vulnerabilities, but iTunes is not on the front lines when it comes to the virus/malware wars. The browser is the front line of defense against internet vulnerabilities, after all it’s the thing you use to browse the internet! Just ask Microsoft and Mozilla, securing a browser is no easy business and requires constant patches and vigilance. So far, Safari has not been much of a target for hackers, but if Apple successfully doubles or triples its market share, Safari will become a much more appealing target - no more “security by obscurity.”
This move could compromise Mac OS X and iPhone security
The core rendering engine for Safari is called Webkit. Webkit was originally taken from the open source KHTML browser engine and is now used as the core HTML and JavaScript rendering engine not only for Safari but for Dashboard, Mail, and many other OS X applications. Safari and Webkit are also central to the iPhone. Apple is even telling developers to develop for the iPhone with Safari. I’m afraid the bad guys will soon be targeting OS X software and possibly the iPhone from the comfortable surroundings of their Windows machine. It’s entirely possible that an exploit found in Webkit on Windows could be exploited in OS X Mail or the iPhone.
Apple can be very slow at releasing bug fixes
Traditionally, Apple has very slow turnaround times for fixing bugs. Symantec recently reported that in the second half of 2006 “there were 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes.” This slow response time for releasing security fixes is simply unacceptable in the current, often hostile, Internet age. Microsoft has addressed this problem over the last few years by throwing more developers and money at Internet Explorer. Apple most likely does not have as much money to throw at Safari development as Microsoft and it may prove difficult for a handful of developers to track down and quickly fix Safari for Windows bugs. Mozilla generally gets patches out much quicker due to its strong open source community. While Apple has made a small attempt to lure developers to Webkit, it seems only half heartedly open source. One gets the feeling that it’s only open source because it has to be, not because Apple really wants community support and involvement.
Safari for Windows could damage Apple’s reputation
Talk of security vulnerabilities in Apple products will only damage Apple’s image of being secure. These days, many people assume that Apple is more secure than Windows. If the news is suddenly (and consistently) filled with news of Safari security problems, this assumption could quickly change. In short, Apple is opening themselves up to a lot of potentially very bad press.
Apple’s track record with iTunes and Quicktime does not give me hope
Apple has a practice of developing new iTunes and Quicktime releases in complete secrecy (sometimes even keeping information from their own support staff). They generally release applications immediately after some keynote by Steve Jobs. In the past year, there have been many problems with iTunes upgrades crashing computers and iPods. Customers are often left out in the cold as even Apple tech support has yet to see the new version. I can tell you that it’s annoying when your iPod crashes, but if this practice is carried over into Safari releases, it could prove much worse than annoying.
This is BETA software but is being pushed like the final product
Steve was quite clear when he said that Safari 3 is a beta right now. Beta generally means that it’s not ready for production use and should be used with caution. Recently, the word “beta” has been attached to every piece of software that people want to push to the mainstream but where they want an easy excuse when things go wrong (Gmail for example). Apple is not treating Safari 3 like beta software! It has placed Safari 3 in prominent locations all over the Apple website including the home page. Pushing buggy software out the door to millions of users is just not a good idea and increases the chances that the bad guys will find holes.
These are just some ideas that came to my mind. Hopefully Apple will figure everything out and all my security fears will be proven wrong. Well, I guess we can hope.
June 14, 2007 Update:
Looks like Apple is staying on top of the bugs. They’ve already released Safari for Windows 3.0.1. Keep up the good work Apple!
While Parallels may have got the jump on VMWare in the Mac virtualization market, VMWare Fusion is looking better all the time. I first tried Fusion out of frustration over not being able to install the latest versions of Linux on Parallels. VMWare has a much longer history in the VM market and their support for Linux is first class. Today, I found this video via TUAW that shows off some of the new features coming in the final Fusion release. The “Unity” feature of Fusion is similar to Parallel’s “Coherence” but looks much more impressive. Watch this video and check it out for yourself.
The internet is buzzing today with people raving about the new Microsoft Surface technology announcement. Hopefully people will soon get over the initial hype generated by the fantasy videos on Microsoft’s website and take a more practical look at this MS announcement. Come on people, multi-touch technology is nothing new! According to Wikipedia, “Multi-touch has at least a 25 year history, beginning in 1982, with pioneering work being done at the University of Toronto (multi-touch tablets) and Bell Labs (multi-touch screens).” Microsoft would like us all to think that they’ve just “innovated” the future, but in reality, they haven’t released a single multi-touch consumer device and will only (possibly) have these tables available for hotels and restaurants by the end of the year.
The other thing I just can’t understand is why a table? Multi-touch whiteboard? That’d be cool! Multi-touch refrigerator? Well, OK. Multi-touch phone? That’d be amazing (oh wait, someone is already doing that)! Multi-touch tablet PC? This sounds more reasonable. But no, MS decides to release a TABLE! Tables are things we work on, eat on and lay things on. I personally don’t want to have to clear off my table so I can transfer songs to my music player, or move my plate in order to pay my bill at the restaurant.
The rest of the technology world is focused on making computers smaller and easier to use. Apple is releasing its iPhone and putting the power of OS X in your pocket. And what is Microsoft doing? They’re getting ready to change the world with their $10,000 table! I think this about sums up the current situation in the computer industry. Microsoft has lost its mind.
I finally got my Nokia N800 today. I was amazed at how easily it connected to the internet with WiFi and with my mobile phone. One thing I found useful so far was being able to access Google Maps on the run. It’s a little small on the screen, but I found it useable, and it sure would be nice if you were lost somewhere (because I know you wouldn’t stop and ask for directions).
I captured this short screencast of the N800 in action using Google Maps. The video was captured using VNC on the N800 along with Chicken of the VNC and iShowU on my Mac, so there was some overhead in both processing power and network speed that caused the video to be slightly jerkier than it usually is. The AJAX maps also rendered slower when running VNC and you see a funny looking cursor instead of the regular N800 cursor … but as far as I know, using VNC is the only way to capture video from the N800.
The latest version of Ubuntu, Feisty Fawn, has been getting a lot of press recently. With news that Dell will soon be pre-installing Ubuntu on some of its systems, it’s almost certain that Ubuntu will only become more popular in the coming months. If you have an Intel Mac and would like to experiment with Ubuntu’s newest release what is the easiest way?
It seems there are 3 possible ways to try Ubuntu 7.04 on your Mac.
Installing Ubuntu directly to your hard drive might be a good idea if you have a spare drive that you can use. From the instructions I’ve seen online, installing Ubuntu on a partition alongside OS X is not for the faint of heart. Personally, I’m not willing to risk all of my data and my OS X install on an experiment to see if I can install Ubuntu.
Installing Ubuntu 7.04 in Parallels is not such a walk in the park either. There seem to be some problems with the latest Linux kernels and Parallels. When trying to install, Ubuntu will not be able to properly load the cd-rom driver and will fail to install. There are some (rather odd) workarounds for this, such as telling Parallels that you’re using Solaris during the install process. The guys at SimpleHelp have a tutorial that will help you get Ubuntu 7.04 installed in Parallels. Don’t expect things to work perfectly once it’s installed. I still experienced problems with the video drivers and screen resolution as well intermittent problems getting cd-roms to mount. The Ubuntu startup and shutdown screens also fail to display in Parallels. You’re left with a black screen wondering if anything is happening during the boot process. There are other annoyances such as the virtual machine failing to full shut itself down, a bug that causes most progress bars to be transparent, and the constant need to hit a key combination to release the cursor from Ubuntu and get back to Mac OS. Features such as Coherence and dragging files between Parallels and Mac OS are also not supported.
Because of all the problems with Parallels, I decided to give the VMware Fusion Beta a try. While Parallels may have beat everyone else to the Intel Mac virtualization market, VMware have been doing virtualization for much longer. With the Fusion Beta, they bring their years of experience to the Mac platform. Does it work any better with Ubuntu? The short answer is YES!
I was able to install Ubuntu 7.04 in VMware Fusion Beta with no problems. The only thing that was a small problem was installing the VMware Tools package, which I had to mess around with for a few minutes. Once those tools are installed, VMware really starts to shine. Fusion supports features such as file drag and drop between Mac OS and Ubuntu, clipboard synchronization, automatic cursor focus as you move in and out of the VMware window, and easy screen resolution resizing (it even works with the widescreen Macbook monitor). Fusion still needs some polish (like, seriously, those huge buttons at the top of the window are UGLY), but I’m sure VMware will work these things out before the final release this summer.
So far, I couldn’t be more happy with VMware Fusion, and highly recommend you download and try out the free beta evaluation (or buy it at Amazon).
Here’s a screencast I put together to show some of the features of VMware Fusion running Ubuntu 7.04.
As you’ve probably heard, Apple has released a version of their Safari web browser for Windows. A lot has been said about why Apple would do this (my bet is that Jon Gruber is right and it’s about the $$$ that Apple will generate from Google searches), about how fast it truly is, and about why on earth anyone would want to run Safari on Windows. These are interesting topics of discussion, but I think the most important issue is what this release will do for Apple’s security. I think that releasing Safari on Windows presents a risk not only to Windows users but also to Mac OS X and iPhone users. Here are a few thoughts that came to mind when I heard the Safari on Windows announcement.
Traditionally, Apple has very slow turnaround times for fixing bugs. Symantec recently reported that in the second half of 2006 “there were 43 vulnerabilities in Mac OS X and a 66 day turnaround on fixes.” This slow response time for releasing security fixes is simply unacceptable in the current, often hostile, Internet age. Microsoft has addressed this problem over the last few years by throwing more developers and money at Internet Explorer. Apple most likely does not have as much money to throw at Safari development as Microsoft and it may prove difficult for a handful of developers to track down and quickly fix Safari for Windows bugs. Mozilla generally gets patches out much quicker due to its strong open source community. While Apple has made a small attempt to lure developers to Webkit, it seems only half heartedly open source. One gets the feeling that it’s only open source because it has to be, not because Apple really wants community support and involvement.
The internet is buzzing today with people raving about the new Microsoft 
.
).
