digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

'Day One' for Safari for Windows Becomes Zero-Day Nightmare

betanews.com — It took security engineers perhaps less than two hours yesterday to introduce Apple's surprise entry in the field of Windows browsers to the big, cruel world of exploits and vulnerabilities, following its introduction yesterday morning at WWDC. As a result, much of the clout Safari had received as the secure browsing alternative is lost

Bury
show profanity settings
expand all
  • davin510, on 10/11/2007, -471/+20what's sad is that this article (or the dozens of similar articles) will never make it to the front page. and people still claim that digg isn't biased
    • maxlew, on 10/11/2007, -23/+234I dunno about that i love macs, but safari 3.0 is pretty crap.
      also the beta tag is losing its charm as an excuse now that everything seems to come out in beta. People seem to expect that beta means pretty much finished
    • Scyth3, on 10/11/2007, -28/+65As it hits 51+ diggs...?
    • RossTizma, on 10/11/2007, -97/+67Slow, ugly and bloated... just like most Mac users.
    • UGM2099, on 10/11/2007, -65/+15It's beta so they can't start fixing some of these problems before the final release.
    • Omicron, on 10/11/2007, -39/+317I predict in the comments, that somehow this is going to be Microsoft's fault
    • Cwo655321, on 10/11/2007, -46/+376mac software finally has a user base larger than the margin of error.
    • aeproberts, on 10/11/2007, -41/+24@Davin510
      Someone feels stupid!
    • byronm, on 10/11/2007, -42/+99@ maxlew

      Beta does mean "pretty much finished" - aka "we're about to ship a final product, hammer away and notify us of any bugs"

      What Apple shipped is "Alpha" - we're not done developing it, try and your own risk - may not work. HUGE difference. When i beta test Windows Software, Xbox 360 Games, MMO's, RPG's and other goodies i get my hand on we're working on a polished product - trying to polish it off more. Why would Apple get to be respected any differently? Not like the wintel platform is anything NEW to them (or anyone for that matter)
    • timusca, on 10/11/2007, -59/+21Holy hell, people! ITS A BETA!
    • Gunslinger99, on 10/11/2007, -31/+11Well considering this was the 2nd article on the front page, Digg isn't that biased
    • rderveloy, on 10/11/2007, -12/+157@maxlew
      "Also, the beta tag is losing its charm as an excuse now that everything seems to come out in beta. People seem to expect that beta means pretty much finished."

      I blame Google's abuse of beta. Don’t get me wrong, I love Google. However, the search giant has routinely come out with excellent and extremely polished software and slapped the beta tag on it. And, since millions of people use new Google software, your average computer users all think that beta means to expect a nearly fully functional bug-free piece of software. In the same manner that Google has changed search, Google will change beta, but not in a good way.
    • SVPirate, on 10/11/2007, -42/+14It's a beta - this is not news...
    • pauleric, on 10/11/2007, -6/+40@rderveloy, I agree, google's beta is not what beta has traditionally meant. But it also doesn't fit into any other category. Google constantly adds new features, so they really should say 'alpha'. Except it's pretty stable so it should be a release candidate. It's closer to the open source development model. Anyway, a buggy (but feature complete) Safari is just what 'beta' means.
    • Cl1mh4224rd, on 10/11/2007, -30/+15paulric said: "I agree, google's beta is not what beta has traditionally meant. But it also doesn't fit into any other category. Google constantly adds new features, so they really should say 'alpha'. Except it's pretty stable so it should be a release candidate. It's closer to the open source development model."

      I like Google, but their abuse of "beta" is insane. A perpetual beta says to me that they haven't set any milestones (e.g. "Google Calendar 1.0 will have *these* features. We'll add this feature, this feature, and this feature for Google Calendar 1.1," etc...).

      Madness...

      "Madness? THIS. IS. GOOGLE!!!"
    • kheldorin, on 10/11/2007, -6/+136The problem is besides the 'beta' tag, it's not treated as one. You have a link on Apple's main page with caption that reads "The World's Best Browser. Now, for Windows too". And in the next page, they advertise the 12 reasons why I would love Safari and provide the performance charts. Who the hell does that for a beta? Where are the warning signs?
    • TheMacThinker, on 10/11/2007, -40/+7Honestly guys what do you expect from a beta release. You reaction is exactly what Apple expects as they need to refine it before the final release.
      Also you have no proof that this actually would happen on Mac OS X.
      Even running the best piece of software on a crappy OS (Windows) would lead to some issues...
      http://www.mostofmymac.com
    • ggbs, on 10/11/2007, -19/+1http://duggmirror.com/software/Day_One_for_Safari_for_Windows_Becomes_Zero_Day_Nightmare/
    • DollaDollaBill, on 10/11/2007, -13/+38I don't think the beta tag is to blame. I blame another unneeded poorly made browser. Seriously, what do we need it for? Other than testing on a PC if you don't have a mac, it serves no purpose other than making one more thing devs and designers have to test for.

      What we all really need is a universal rendering engine, required to be used by all browsers, some please think of the developers!
    • zybch, on 10/11/2007, -12/+77Good for a laugh :)
      www.apple.com/safari
      http://i35.photobucket.com/albums/d165/zybch/hahaha.jpg
    • LegendOfLink, on 10/11/2007, -11/+3I'd say that your comment is ironic; however, I'm not entirely sure I would be using that term correctly. So instead I'll just say that you are very wrong as you imagine Nelson Muntz doing a "Ha ha" right now.
    • Speed, on 10/11/2007, -15/+4@byronm, beta doesn't actually mean pretty much finished. That's Release Candidate that does. Beta means still pretty glitchy, but more complete than alpha. It's common for betas to not have all the features, to have a bunch of bugs and stuff.
    • goffy59, on 10/11/2007, -20/+16Maybe mac is great in their "little" world, but as soon as they try to be apart of the PC world, all the problems come to their door steps, just like they come to ours. I think its funny to see mac users talk about how much better they are and what not. I'm sure if mac had 95% of the market, they would fail just like PC, hackers could just give a ***** less about mac. More people to harm on PC. As long as your not a moron, you wont have to deal with viruses/spy ware. And as long as you know how to fix a computer, windows is pretty easy to handle. Not everyone knows this though. I always wonder why mac users claim that their GUI looks better. Its all about personal preference... and I can make windows look however I want. So whatever, I'll stick with windows xp pro thank you very much. I know I will be dugg down ONLY because Digg is full of a bunch of stupid fan boys always trying to start a revolution with mac; most of the time they are biased stuck up snobs. I tried to block out the apple category. Why not have a Microsoft category? I don't like apple or Microsoft because they are both out to ***** you in the ass. But why is digg such a biased piece of *****? I like everything NOT about Microsoft or apple. Because every article is some jackass trying to say why Microsoft will fail and apple will succeed, even though they are BOTH full of *****. Because nothing any of those morons have ever said has come true. Funny huh? That is why I ignore both articles... hell I didn't even read this article, I just called it lame. Is Safari suppose to be the ULTRA BEST SUPER DUPER browser in the world because why... its MAC? Go to hell. Id say IE is just as bad as Safari because they both come with their companies operating system, and they they appear to both have bad security flaws. Mac users are just full of *****. Every article Ive seen about why mac will take over HASN'T COME TRUE. Why, because its just a bunch of dumb asses sitting around complaining about the same ***** non stop.
    • Topher06, on 10/11/2007, -9/+35@ byronm

      http://www.apple.com/safari/ "read the title"

      Also, this is a beta of an existing product. I mean, why should it be less secure then Safari 2.0? I mean, what did Apple do, strip out all the security features and call it 3.0?

      I agree, Beta does not mean ready to release (release candidate does), so the negative feedback is a little pre-mature, but still, if this was Microsoft they would be lambasted, but people seem to feel they need to defend Apple for putting out something that should never have hit the public yet.

      However, I do have to say that Apple's reputation for developing Windows software is a little weak. I know they can do a better job, its almost like they purposely make their Windows software buggy and less efficient just to say "See, get a Mac and these issues go away". iTunes on Vista is still crap, and every now and then if I click on a quicktime link in IE, it takes out IE. Apple has to do better if they want to convince PC users they can actually make better products by making their Windows software actually better on Windows.
    • Seidoger, on 10/11/2007, -35/+4If you guys would RTFA, you'd find out that well it IS actually part of Microsoft's fault in the way that Safari for Mac is based heavily upon the security layers of Mac OS X. So the Mac version IS [more] secure.

      Now the Microsoft world is a different one. But eh, like so many mentioned, that is a 'real' beta, pre-2003 style beta. (Although i agree you'd expect more from such a big announced product, beta or not)
    • rblancarte, on 10/11/2007, -15/+1You know what they say, it's a jungle out there.
      BA-DUM-CHAAAAA!!
    • aaronm67, on 10/11/2007, -9/+41From www.apple.com/safari (under security)

      "Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one."
    • tanveer, on 10/11/2007, -14/+13 Posted by David Maynor at 1:48 PM

      **PLEASE DO NOT POST A COMMENT IF ITS ABOUT SAFARI IN BETA**
      These bugs have been verified in the current PRODUCTION copy on OSX (Safari 2.0.4).

      Original Errata Security Article:
      http://erratasec.blogspot.com/2007/06/niiiice.html
    • mentor972, on 10/11/2007, -30/+3Well, if Windows was secure, we wouldn't have that problem, would we?
    • g3r4, on 10/11/2007, -16/+14Wrong. If Apple had developed the Windows version of Safari on Windows using its own features and not trying to use a bunch ***** from OSX then maybe it would have worked. Don't blame the platform, blame the idiots who programmed it for OSX and ported the same code over thinking that if it worked their, it would work anywhere.

      "Its engineers obviously designed Safari to take advantage of security protocols in the OS X operating system, as evidenced by function calls to those protocols Larholm located inside the source code for the Windows version - calls which would obviously go unfulfilled." - 5th Paragraph, http://www.betanews.com/article/Day_One_for_Safari_for_Windows_Becomes_ZeroDay_Nightmare/1181661606
    • audiowizard, on 10/11/2007, -21/+2Dude...it's a f*cking beta release.

      Refer to it as such, and your story is quite deflated.

      f*cker
    • audiowizard, on 10/11/2007, -12/+2But after reading Apple's claims, I agree they haven't handled this beta release responsibly. But then again, I'm using it, loving it, no problems. But I don't go to free porn sites, or crack sites...soo.....
    • LordMaul, on 10/11/2007, -7/+3@byronm

      "...i get my hand on we're working on a polished product - trying to polish it off more."

      heh heh heh *snort*
    • davin510, on 10/11/2007, -4/+5More than happy to be proven wrong.
    • Van3ck, on 10/11/2007, -9/+2Firefox FTW.
    • mobilitatis, on 10/11/2007, -19/+1Is Safari 3 (beta but 3 indeed) so it sucks before this beta.




















    • orlyfactor, on 10/11/2007, -4/+7@davin510: owned.
    • antiorblkflag9, on 10/11/2007, -5/+0@davin510

      .....yeah, it's only the top article....
    • Thargok, on 10/11/2007, -6/+2@cwo655321 If you consider 16% a margin of error. (That is followed by two years of substantial growth) May I suggest you find work in a field that has nothing to do with mathematics, science, logic, or research...

      http://macdailynews.com/index.php/weblog/comments/5933/
    • camix, on 10/11/2007, -0/+5Beta is the new Alpha I guess.
    • zachblume, on 10/11/2007, -2/+1Obligatory Micro$oft post.
  • Braddeharder, on 10/11/2007, -111/+21Well it is just a Beta. I will not even put it on my mac yet.
    • estvir, on 10/11/2007, -27/+256> Well it is just a Beta.

      That line [on Digg] doesn't work for Microsoft products so it sure as hell doesn't work for others.
    • immrlizard, on 10/11/2007, -36/+12I fully agree. People seem to have forgotten what beta version means. I have no doubt that they will close this hole up rather quickly. It really does show that they haven't done as much testing as they should have. I hope that they learn from this and not put out more software with such easy to find weakness. Are they going to become MS part 2 Lets hope not.

      I don't really have a reason to install another browser on my pc. I have IE, Firefox, and opera which allow me to do anything that needs to be done. If Safari did something that the others didn't do, or if it did something that much better then I would consider checking it out. Right now it doesn't, so I will hold off until it is at full release to try it.
    • Kazbaeden, on 10/11/2007, -11/+137It's not /just/ a Beta; it's a Beta which recieved a keynote fanfare from Steve Jobs as well as a prominent link on the Apple home page. With that kind of exposure, you'd think that what they would release to the public would be something more than abhorrent pre-alpha code.
    • starbird, on 10/11/2007, -8/+22@kazbaeden

      "It's not /just/ a Beta; it's a Beta which recieved a keynote fanfare from Steve Jobs as well as a prominent link on the Apple home page. With that kind of exposure, you'd think that what they would release to the public would be something more than abhorrent pre-alpha code."

      I couldn't agree more. And I also readily admit my favorite flavor of Kool-Aid is Apple...

      On my Mac, it doesn't seem to be causing any issues, but again it is version 3 (truely) on Mac. SafariStand and Acidsearch had to be removed (Or any SIMBL hack) before it would work, though, but that is to be expected. I already have my list of "Remove before upgrading to Leopard" for some menu items.
    • Greyarea, on 10/11/2007, -5/+15Trouble is, it feels like late alpha/early beta software that's not even _begun_ to be properly tested, at least on the Windows side. I think it was rushed forward by at least two weeks so it could be a Keynote announcement, something that was available *now*.

      Ironically if Steve had said "In two weeks we'll release Safari 3 beta for Windows" people would have accepted it without complaint, even looked forward to it.

      Apple slipped up here big time.
    • incabulos, on 10/11/2007, -15/+5Since when did MS fanbois defend MS with "It's just a beta?" and it did not work? I don't get it.

      This is all redundant anyway, /. already had this on the FP: http://apple.slashdot.org/article.pl?sid=07/06/12/0120230&from=rss

      The controversy over there is responsible disclosure of security breaches, whereas over here it's "SAFARI is TEH BETA!! WTF LOL?!?" "NO, SAFARI IS ALPHA, OMGWTFBBQ PWNED... FSCK APPLE fanbois!". Heh, amusing.
    • Feeves, on 10/11/2007, -1/+6Perhaps it just speaks to the audiences. Digg seems to have been more offended by the seeming arrogance (or confidence) that Safari was announced with that it's become more of a "I told you so" moment for the site.
    • outsid3rNo17, on 10/11/2007, -2/+7@immrlizard : "People seem to have forgotten what beta version means."

      No, developers seem to have forgotten what beta version means.
  • saralk, on 10/11/2007, -19/+83The shoe is on the other foot now.
    • meatmcguffin, on 10/11/2007, -91/+19Not really. My Mac is still as secure as it was. Your windows box is still the same swiss cheese it was.
    • thealliedhacker, on 10/11/2007, -25/+88No, you see, the point is that Apple makes just as many holes as anyone else. No-one cares to exploit them if it's only going to be on a Mac.
    • DogEars, on 10/11/2007, -5/+20No no no....it's "I guess the foot's on the other hand now, isn't it Kramer? "
    • schoate09, on 10/11/2007, -10/+13With avast running, and Windows defender on my vista box, i've had no problems at all. And these problems require 1 minute a month of input from me, that's it.
    • norman619, on 10/11/2007, -15/+22@meatmcguffin:

      LOL!!! My god you do live up to the stereotypical Mac user image. I prescribe this link to clear up your arrogance and ignorance.
      http://www.eweek.com/article2/0,1759,2140308,00.asp?kc=EWRSS03129TX1K0000614

      The Mac has largely been ignored by those who compromise systems. This is the only reason the Mac has this illusion of being more secure. Looks like all the noise Apple has been making has finally drawn some attention. Have fun and welcom to the real world of mainstream computer users. Oh and what's up witht he ***** of patches Apple has been releasing for their os? There couldn't be some security issues they aren't telling you guys about could there? No.. No way... We all know Apple is unlike all other software companies and is completely open with it's customers regarding issues like this...
    • c5kirk, on 10/11/2007, -19/+14With no antivirus running, and no antispyware on my Mac box, i've had no problems at all. And these problems require 0 minute a month of input from me, that's it.

      Don't really care why it is so... just care that it is so. If this is because Apple has < 5% of the market then I hope it stays that way.
    • norman619, on 10/11/2007, -9/+10c5kirk,

      Spoken like a true computer newbie. The WHY is very important. If the why is because no one is really trying to bitchslap your system then it's not really secure and you need to do SOMETHING to try and secure your system. If it's because it truly IS invulnerable to such attacks then you can continue doing nothing.
    • mateo60, on 10/11/2007, -9/+14Don't you think that someone out there would like to be the first to bitchslap and exploit OS X? Hasn't happened yet. Seems like someone would want to be the first.
    • meatmcguffin, on 10/11/2007, -30/+11@norman619

      LOL!!! My god you do live up to the stereotypical PC user image. I prescribe this link to clear up your arrogance and ignorance.
      http://daringfireball.net/2004/06/broken_windows

      Security through obscurity on the mac is a myth. There have been so many competitions to break a Mac, most have failed and the rest have taken days. There are no viruses in the wild despite the major kudos that would come from creating the first.

      Once again: security through obscurity is a myth.
    • Epyn, on 10/11/2007, -2/+19At least PC guy's article wasn't three years old. I stopped reading yours when the guy complained that someone got popups when he installed Kazaa.
    • norman619, on 10/11/2007, -9/+8Windows users aren't the ones saying Windows is invulnerable. OSX users are the ones saying this about their OS. :-) Oh well...
      If you refuse to believe the word on experts in a CURRENT article and cling to an old one then that's on you. Denial I guess...
    • norman619, on 10/11/2007, -7/+1@mateo60:

      LOL!!! Read the article I provided above. It explains the issue pretty well.
    • xtmno3, on 10/11/2007, -8/+6@saralk (#7162252)
      All the people who say that Mac is more secure than Windows are silly. Don't get me wrong, I hate Windows a bunch too, but I play too many video games to be able to give it up. When it all comes down to it, I could say my calculator is really secure too, but my calculator doesn't do much that is useful now does it?
    • c5kirk, on 10/11/2007, -6/+7norman619,

      I understand your point... I simply disagree. That's like suggesting that I wear a ballistic vest at all times even though I've never been shot at. Personally I use a Mac because OS X is my preferred OS. I also have machines running XP and Win Server 2k3 for development purposes and have never had a problem with a virus or spyware (can't remember the last time I saw a BSOD either). However, I did purchase an iMac for my mother and my sister and one of the primary reasons for that is the absence of threats. My point was simply that whether the absence of malicious attacks against the OS X platform is due to fundamental differences in the OS architecture or due to market share (I believe it's a combination), the fact remains that there are thousands of worms, viruses, etc... targeting Windows vs. none/very few (depending on whom you believe) targeting OS X.

      BTW... I wrote my first program at the age on 10 on an Apple II, received a Masters Degree in Computer Science, and have spent my entire adult life working in the field of software design and development. Having said that, if you feel that calling me a newbie helps bolster your argument knock yourself out.
    • bjornski, on 10/11/2007, -11/+2And in their rush to run Windows software, they're going to experience every bug Windows has too.

      And viruses.
    • c5kirk, on 10/11/2007, -8/+1norman619,

      One more thing... regarding the "illusion of security" that Mac users are living under. Perhaps you missed the following paragraph in the article that you yourself referenced above...

      "These aren't bottom-feeding notebook buyers," he said. "In overall terms, their number is small. But it's always been an attractive target, increasingly so since [Macs] lack secondary protections that Windows [users] enjoy [such as a rich selection of third-party security software], though the primary platform itself [has been] in many cases and still is more secure."
    • bowe, on 10/11/2007, -6/+27http://projects.info-pull.com/moab/

      Found an exploit every single day for a whole month in OSX.
    • norman619, on 10/11/2007, -2/+12c5kirk,

      I have similar qualifications and when I did my stint as a helpdekp person I quickly learned people like you and I were the worst customers to deal with. The clueless peopel tended to accept our instructions w/o a fuss. The "computer experts" were convinced they knew more than the person they were calling for help. It was like pulling teeth to get them to do what I asked them to do. And when I showed them they were full of crap they rarely apologized. They simply went quiet then hung up. I still remember when a MS programmer called me for help with his network connectivity. I had to get stern and threaten to end the call if he didn't stop yelling at me and did as I asked. When he finally calmed down and did what I asked him to do (I already knew what is problem was) his issue went away. He truned a call which should have only been 5 - 10 minutes into a 1 hour call becasue he refused to acknowledge he called ME for help because he didn't know what was wrong and fought me the whole way.
    • c5kirk, on 10/11/2007, -2/+7norman619,

      That is certainly something that we can agree on. Personally, I regard the fact that I've never had to pull Help Desk duty (not counting family members) as one the great blessings in my life. However, I certainly have respect for those who are able to do it.
    • norman619, on 10/11/2007, -6/+4@bowe:

      No way. Haven't you heard? Those don't exist on OSX. Tiz a figment of your magination....
    • DJCult, on 10/11/2007, -2/+7@ norman & Ckirk: Hol-ee *****. It ended up as a discussion, and an agreement to disagree politely. God I wish that happened more on this site.
  • Scopitone, on 10/11/2007, -12/+173This was like releasing an adorable yet unequipped baby panda into lion choked jungle.
    • Ryosen, on 10/11/2007, -8/+149This reminds me of that old John Travolta movie, "The Boy in the Plastic Bubble", (http://imdb.com/title/tt0074236/) where he is nestled inside a protective, virus/germ-free environment his entire life. Then, at the end of the movie, he tries to step outside of the bubble.

      And promptly dies.
    • scoobycarolan, on 10/11/2007, -14/+9Amen
    • dRuNk3nIrIsHmEn, on 10/11/2007, -4/+19WTF? Spoiler Alert!!!!111!
    • brian1625, on 10/11/2007, -2/+12Welcome to the Jungle, Safari.
    • Arcesius, on 10/11/2007, -1/+5@ scopitone

      as opposed to an equipped baby panda? *ponders*
    • Ryosen, on 10/11/2007, -0/+2@drunk3nirishmen

      Sorry, dude. I figured that if you haven't watched some crappy made-for-TV movie that was released 31 years ago by now, you're probably not going to watch it at all.
  • speedmaster, on 10/11/2007, -15/+14Wow, that didn't take long. ;-)

    I tried it last night and was pretty unimpressed. Will anyone run this on OS X under Parallels? ;-)
    • Nar1117, on 10/11/2007, -1/+1I haven't tested it extensively, but under parallels it seems to be working fine. Its going to work just the same under parallels XP as it does under regular XP. Albeit the security risk would be much less.
  • djtrypt, on 10/11/2007, -4/+26well i went to try it out on vista business and it didn't work at all, none of the text or fonrts showed up in any of the menus or input boxes on the app, quite disappointed
    • zybch, on 10/11/2007, -4/+7Stupid thing installed but then wouldn't even run on my Vista Ulti system.
    • mrASSMAN, on 10/11/2007, -0/+1Works fine on Vista Premium for me..
  • Ryosen, on 10/11/2007, -19/+353PC: "Hi, I'm a PC"

    Mac: "And I'm a Mac"

    PC: "Welcome to the big, bad world of the Windows platform"

    Mac: "Mommy!"
    • identifiedlogo, on 10/11/2007, -13/+17ha!:)
    • shakdang, on 10/11/2007, -19/+41am an Apple fan but, hahaha touche!
    • wageslaven, on 10/11/2007, -32/+16Here, I fixed it for you:

      PC: "Hi, I'm a PC"
      Mac: "And I'm a Mac"
      PC: "Welcome to the big, bad world of the attention of Security Analysts, I hear you dont really get along so well since Apple believes in security through obscurity."
      Mac: "Mommy!"

    • meatmcguffin, on 10/11/2007, -32/+6I was wondering how long it would be before the security through obscurity crap was dragged up

      http://daringfireball.net/2004/06/broken_windows
    • clyde2801, on 10/11/2007, -12/+6P.C.: Don't worry, you'll get used to it. With over 100,000 pieces of malware, and new ones being written daily, I'm getting sodomized online several times a day. Soon you too will be working part time for the Russian mafia!
    • Feeves, on 10/11/2007, -3/+19Sorry Meat, but I can't agree with the article's premise.

      Let's say it is true, that Apple just makes inherently more secure products/software. Then we wouldn't be having this discussion about the zero-day vulnerabilities of Safari. If it were truly about Zero Tolerance then why are we dealing with this? It seem that this sloppy beta seems to support the security through obscurity claim more than it supports the Zero-Tolerance claim. One wonders what would have happened had Microsoft released a product under that heading. The front page would have been filled. And before you make the beta claim, I would mention that this beta was released with such fanfare that they would have better tested for easy vulnerabilities.

      Also I won't deny that many of us more moderate users were somewhat offended by the absolute arrogance of above statement especially for a Beta.

      I myself have been digging up numerous stories such as this because it's necessary to get the word out for users to beware.

      As to Ryosen: I laughed.
    • troon, on 10/11/2007, -6/+1@shakdang

      I think you’re using "touché" inappropriately there.
    • norman619, on 10/11/2007, -6/+3Sprry meat but take a gander at this:

      http://www.eweek.com/article2/0,1759,2140308,00.asp?kc=EWRSS03129TX1K0000614

      It's like saying an untested security system is more secrure becasue it's never been really compromised. Wake up.
    • TyrannousDotNet, on 10/11/2007, -3/+2definitely BAD. you got that part right...
    • Aaronontheweb, on 10/11/2007, -3/+6Apple Ad: PC's come with a bunch of features you'll never need, Macs come with you want.

      I guess transport layer security would be one of those features you'll never need!
    • cootieSHOT, on 10/11/2007, -2/+1Karma is a Bitch.
  • DiaperedHusky, on 10/11/2007, -83/+9This is after all, just a beta. Seems that people have forgetten what beta might mean.
    • zehh, on 10/11/2007, -17/+126Oh sure. Let's announce and release a browser at a huge fanboy conference, claiming it's better and faster than all competitors already. When it breaks and screws your system, hey.. /It's just a beta!/
    • bpapa, on 10/11/2007, -71/+12"Huge fanboy conference?" It's the Developer's conference, ass. You know, developers. People who are smart enough to make software.
    • cheesegrits, on 10/11/2007, -18/+76""Huge fanboy conference?" It's the Developer's conference, ass. You know, developers. People who are smart enough to make software."
      But not secure software?
    • zybch, on 10/11/2007, -12/+86"You know, developers. People who are smart enough to make software"

      Perhaps Apple should hire a few of them.
    • meshman, on 10/11/2007, -11/+40"Seems that people have forgetten what beta might mean."

      It seems Apple has forgotten what Beta means; NOT for open public distribution.
    • SenorPez, on 10/11/2007, -5/+26If it's a beta, it should have been released to a limited scope of customers, with incident tracking, rolling builds, and planned tests.

      Or, you can just roll it out to the whole world and use "beta" as an excuse. It's not just Apple that's playing stupid with the "beta" tag. But you don't get to fall back on "beta" as soon as security bugs, that would have been found by any reasonably-written test plan, start cropping up. You're either fit for public consumption, or you're not.

      It's clear right now that SafariWin is in the latter category.
    • Hoinah, on 10/11/2007, -3/+2Beta means there should have been extensive testing on thier part beforehand, and we're here to help clean it up and find any bugs that slipped through the inital gauntlet of testing.
    • Feeves, on 10/11/2007, -1/+8If an robust exploit was found in under 24 hours then the company just wasn't looking hard enough. Extensive QA should have been done, which either means that their dept. was being sloppy or their developers were rushed to meet the deadline. Either is a bad sign.

      Secondly if it is a Beta, then one shouldn't announce it under their trademark for gigantic announcements ("oh and one more thing").
    • TheFBI, on 10/11/2007, -3/+8@bpapa (#7162398)

      DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS
    • Escamillo, on 10/11/2007, -0/+6@diaparedhusky

      From Apple's own mouth (the "security" tab of http://www.apple.com/safari/ ):
      "Apple engineers designed Safari to be secure from day one."

      If that's the standard Apple is claiming for itself, then that's the standard they will be held up to. This is a "beta", but its a *public* beta (*public* betas are held to higher standards than private betas) that Jobs and Apple touted as being the best Windows browser and "designed to be secure from day one". Vulnerabilities found within hours of its release puts to lie that claim.

      Also, according to http://erratasec.blogspot.com/2007/06/niiiice.html , some of these flaws have now been verified in Safari 2.x, which is very much out of beta stage.
    • bimtott, on 10/11/2007, -0/+2I was constantly updating the Engadget page, and I am no developer. Yeah, it might "officially" be a developer's conference, but it doesn't matter. If you have stock analysts and the public-at-large watching your developer's conference, it's not exactly a closed-door forum where you can be cavalier with what you hype as "ready to go"

      I thought that they managed this great with the iPhone. Show it off, whet the consumer appetite, but don't release it until it's ready.
  • rkalajian, on 10/11/2007, -63/+8B-E-T-A
    • Scyth3, on 10/11/2007, -21/+10How's that spelled again?
    • cheesegrits, on 10/11/2007, -11/+27B-U-G-G-Y
      B-A-D
      B-U-M-M-E-R
    • underrun, on 10/11/2007, -6/+25The BETA tag is ***** now.

      It's an easier for a company to say "oops...it's only in beta" rather than "oops...we ***** up". They want you to install it and use it but they don't want to be held responsible for the inadequacies of the product (mainly the FREE ones). In fact, most of the "BETA" classifications should be replaced with the "FREE" classification. This way you already know the response if something ***** happens and why.
    • cbreaker, on 10/11/2007, -2/+4@underrun: Yes, this happens with "free" software, but there's usually quite a difference between open source free and corporation free. FireFox, for example, has a public beta forum, all the latest patches and source code are immediately available online, and there's ways to communicate with the developers. If there's a major issue, public discussions take place and the problems are fixed one way or another, no matter how much outrage might occur.

      A corporation "freebie" like Safari is closed source, provided by the marketing department, with no way to communicate back with the development team. As soon as a corporation sees problems, they're more likely to just close the project and say "have a nice day" or say it's "just a beta, you're on your own" or whatever.

      OSS might not always have a phone support option, but the free support options are always a lot better. When I have a choice, as I do here, I'll always choose F/OSS.

    • mamee, on 10/11/2007, -6/+7D-O-N-T F R-E-L-E-A-S-E I-T W-H-E-N I-T-S F-U-L-L O-F B-U-G-S.
    • bjornski, on 10/11/2007, -5/+18If this was a Microsoft product, the Mac users would never shut up.

    • bimtott, on 10/11/2007, -5/+3Well, it's not an MS product, and people still aren't shutting up about it.

      What was your point again?
  • kamin, on 10/11/2007, -72/+9Does anyone else seem to think that maybe releasing a supposedly "secure" OSX browser into the bug filled world of Windows is just to prove a point to the general public that maybe it's not the browser, but the operating system?

    Seems like a marketing ploy to me.
    • DiaperedHusky, on 10/11/2007, -61/+4I would agree.
    • ThinkFr33ly, on 10/11/2007, -11/+71That might be a good point if it actually *was* the operating system.

      But it's not. It's a very poorly written browser.
    • Septimus, on 10/11/2007, -6/+27The comment to show how stupid fanboys really are.

      Yes its the OS's fault that Apple won't code to Windows guidelines.
    • chalkboy, on 10/11/2007, -4/+18Yeah thats why Firefox is so full of security holes.......
    • kamin, on 10/11/2007, -17/+3@septimus
      "The comment to show how stupid fanboys really are.

      Yes its the OS's fault that Apple won't code to Windows guidelines"

      Fanboy? I don't even own a Mac.
      Windows guidelines? If we had those, there would be many less flaws in all of the Windows OS.

      And my comment was geared more towards an Anti-Apple sentiment.

      So the next time you want to feel high and mighty about putting someone else that you don't know anything about down, pics, or it didn't happen.
    • ScrewedThePooch, on 10/11/2007, -7/+6Does anyone stop to think that maybe OSX appears more secure because less people try to hack it? When 90% of the business world is using Windows to process monetary transactions, and the rest of the world is using Mac OSX to make videos and store pictures, which one do you think people are going to try to exploit?
    • sulaco, on 10/11/2007, -2/+4@kamin

      Your comment was idiotic. Why would any company put themselves to shame just to try and prove some kind of point about a competitor. That's not the way things are done. You show people you are better by releasing better software. Stop crying about it.
    • bimtott, on 10/11/2007, -0/+3I can just picture the brainstorming session at Chiat/Day (Apple's ad agency), according to kamin:

      "Hey, you guys, we've been really good with the Apple campaign so far, so let's take it one step further. Let's have them develop a product, PURELY for marketing purposes, have the straight-shooting company head put his reputation on the line to sell and hype the product at a branded event, and have it run horrendously ON PURPOSE. Then, days later, we'll wait for the dust to settle, and blame it on their competitor! That'll work GREAT!"
  • rayt5, on 10/11/2007, -9/+98Firefox/Opera FTW
    • zybch, on 10/11/2007, -4/+18Never thought I'd digg up a pro-opera comment :)
      Hey look, airborne bacon!!
    • clyde2801, on 10/11/2007, -9/+1Sadly enough, I'm still picking up S$#T browsing in Firefox and occasionally in Opera. stupid porn sites...
    • andre321, on 10/11/2007, -2/+0opera pwns :P
  • pigg123, on 10/11/2007, -15/+87"The World's Best Browser." --> Own3d

    • DiaperedHusky, on 10/11/2007, -77/+17On the worlds worst OS.
    • NSMike, on 10/11/2007, -3/+20@diaperedhusky -

      Well it must have some clout, since, you know, it not only has the market share of the world, but was good enough for Safari.
    • zybch, on 10/11/2007, -7/+37@daiperedhusky "On the worlds worst OS."

      OMG - OS9?!
  • cheesegrits, on 10/11/2007, -12/+29Apple has avoided most exploits by being little used by the computing public. After a cracker has exploited Windows numerous times, Apple is like a dewey eyed maiden waiting to be raped (please forgive the preceeding phrase, I've been reading some books about barbarians).
    Hopefully, linux developers will learn from this and avoid some of the more common mistakes when they write their code.
    • NSMike, on 10/11/2007, -3/+20Do you like movies about gladiators?

      /airplane
    • cheesegrits, on 10/11/2007, -25/+1Yes, "Gladiator" was a good movie. "Spartacus" was good in its day. "I enjoyed "Conan", mixed gladiator and barbarians together.
      Or perhaps you meant the remark in a homophobic sense? Which really only points up your mixed feelings about your sexuality, and the fear and attraction of gay men you have. You should really try it and find out if you are actually gay or not instead of living your life with this secret shame/self-loathing tainting your feelings of self-worth.
      I'm going to have to tell my wife and daughter about this comment and how sad it really was on your part.
    • NSMike, on 10/11/2007, -4/+18@cheesegrits -

      Go to your local movie rental place and rent the movie "Airplane." Oh, and take your happy pills too. You seem to have forgotten to this morning.
    • cheesegrits, on 10/11/2007, -13/+6Sorry, overlooked the "/airplane" at the bottom.
  • eliasg, on 10/11/2007, -27/+7If you read the article, this is only affecting Safari on Windows.

    From the article:
    "Apple's Web site touts, "Apple engineers designed Safari to be secure from day one." As Larholm explained on his blog, that may very well be correct: Its engineers obviously designed Safari to take advantage of security protocols in the OS X operating system, as evidenced by function calls to those protocols Larholm located inside the source code for the Windows version - calls which would obviously go unfulfilled."
    • ThinkFr33ly, on 10/11/2007, -3/+24So Apple has crappy coding practices and makes up for it using calls to security APIs in an effort to put a band aid on it?

      Using security APIs is great, as long as it goes hand in hand with having a secure development lifecycle to begin with.
    • cheesegrits, on 10/11/2007, -8/+22So are you saying Apple "engineers" do not know what they are doing? Or that they forgot some code while writing the Windows version/? Or that they did not give a crap?
    • ThinkFr33ly, on 10/11/2007, -4/+45"So are you saying Apple "engineers" do not know what they are doing? Or that they forgot some code while writing the Windows version/? Or that they did not give a crap?"

      It's not necessarily a question of whether Apple's engineers "know what they are doing". Unlike Microsoft, which has been under siege for years by people trying to hack Windows and their various other productions, Apple has enjoyed virtually no serious examination of their software's security.

      Microsoft had their ass handed to them and they had invent a brand new way of developing software (the Secure Development Lifecycle) to deal with it. It cost Microsoft billions, but their recent product versions (Vista, IE 7+, IIS 6, IIS 7, .NET 1.x, 2.x, 3.x, etc.) have shown to be extremely secure by any body's standards.

      Apple hasn't had to endure this kind of onslaught yet. The fact that Safari was compromised in a matter of hours shows that Apple's inexperience in dealing with security will come back to bite them if they venture into more "popular" feeding grounds for hackers.
    • Gunslinger99, on 10/11/2007, -2/+11Even if that were true and it has holes in Windows but not in OSX that still defeats the purpose. You make a browser for another OS hoping to gain more market share and possible pull people to your OS if they think your browser is superior. Now windows users myself included think these guys can't code or could care less about me so I will uninstall your browser and have even less of an inclination to switch to your OS. Also knowing that your smart phones uses a full version of this browser I would be even less inclinded to switch to your smartphone.
    • tsupersonic, on 10/11/2007, -1/+9Well said thinkfr33ly, I agree.
    • xenuxenuts, on 10/11/2007, -3/+2security is like an onion. It has layers... You shouldn't just rely on the other layers to protect you if security is a major goal. The fact is programmers miss things. Since there are so many windows users, putting safari on windows will only help expose any holes in safari, eventually making it much more secure than it would ever be if apple left it only on the mac.
    • Escamillo, on 10/11/2007, -1/+3@ThinkFr33ly

      You're right, of course. Apple's programmers, used to the security blanket of relatively low marketshare, aren't used to what it's like in the wider market that is Windows. Hopefully Apple's programmers will step it up like MS was forced to. But besides the programmers (who just aren't used to the higher scrutiny), the ones really at fault are Apple's PR people (including Jobs) who market Apple has being inherently secure by design (even Safari 3 Apple claims to have been "designed as secure from day one" (see apple.com/safari ). If it weren't for Apple's ridiculous PR campaign wrt security, they wouldn't be getting blasted so much around here.
  • Cyber_Akuma, on 10/11/2007, -17/+80So hows that security through obscurity working out for ya now that you are in the real world Apple?
    • jtsnyc47, on 10/11/2007, -39/+7You mean the real world of working on a pathetically exploitable, inferior operating system? Yea, that's all Apple's fault.
    • PJBonoVox, on 10/11/2007, -3/+19No, they moved to Windows, didn't you read the article?

      :)
  • Stoical, on 10/11/2007, -9/+48Looks like the exploit isnt just limited to Windows:

    "...the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for alot of stuff). The exploit is robust mostly thanks to the lack of any kind of ad[v]anced security features in OSX..."

    Quote from linked article from the main article: http://erratasec.blogspot.com/2007/06/niiiice.html

  • BillGod, on 10/11/2007, -5/+18I've got nothing against Mac or Mac users. Mac has always been ahead of its time. I decided to try safari.. YES I KNOW ITS BETA!! So has every version of Ubuntu that I have upgraded to over the last 2 years. I installed the beta version clicked on preferences and set my homepage to google.com/ig. closed and re-opened and it crashes loading my google page everytime. .... uninstalled. Maybe will try again on full release
    • udahlen, on 10/11/2007, -4/+6At least they call it "beta". Parallels latest is beta quality, but they call it "release 3.0"...
    • MacParrot, on 10/11/2007, -6/+1ack!

    • the6thReplicant, on 10/11/2007, -2/+1I had the same problem. It might be a redirect problem with the google page.

      I'm going to be neutral on the badness of Safari 3.

      Obviously, since no company had time to test their websites I'm not too surprised how badly some of them "work" on Safari 3.. I have no idea how much browser specific code is in 'em, nor how much tweaking, if any, sites need to do so that they work on Safari 3.
  • MikeonTV, on 10/11/2007, -8/+33This is a clear example that Mac users can't touch a Win customer. There was never a discussion about Microsoft products being Beta tested on a Mac, like this is. 24 hours and already 3 articles saying the exact same stats have hit the front page at Digg. Clearly you million dollar celebrity advertisements can't help ya.
    • crazymonkey, on 10/11/2007, -27/+3That's because mac users never install any windows products (who needs them with all the open source stuff).

      And frankly, aren't ALL windows products beta versions?



    • disciple83, on 10/11/2007, -22/+10"This is a clear example that Mac users can't touch a Win customer."

      How is that relevant to the rest of your post? That was a clear cheap shot at Macs, will you get off it already? It's already been established that the reason the software bugged out was because it had tried calling security protocols on a Mac platform which didn't exist on a Windows machine. When will you fanboys learn that OSX and Windows platforms both get the damned job done if you just take care of your machine? People give Windows a hard time because you hear all kinds of horror stories from ***** crazy people who simply expect the machine to do everything for them and often times the computers simply cant keep up with the users poor habits. The same thing happens with Macs, on a smaller scale because its obviously proportional to machine sales.

      I'm a Windows user, prepping to install Vista so I can link my 360 to my video library through Media Center, but I can't wait till Safari finalizes so I can test my websites I design in a different render engine.

      Sidebar vs. Dashboard, widgets vs gadgets, Aqua vs. Aero, ZFS vs NTFS, who gives a ***** which came first or who copied whom, the fact is that both platforms exist, and they both benefit the consumer equally. Each one feeds off the other to bring features to the customer, which is really all that matters, not market share or superiority. Grow up.
    • wageslaven, on 10/11/2007, -6/+37"That's because mac users never install any windows products"

      Ever heard of IE for Mac? MS Office? MSN Messenger? Windows Media Player is presently listed as the 3rd highest download on apple.com

      Shut up fanboy.
    • MacParrot, on 10/11/2007, -24/+4@disciple

      Dugg you up. VERY well said. Too bad fanboys from both camps will likely take offense.
    • PJBonoVox, on 10/11/2007, -4/+10@macparrot :

      Your name alone is enough to digg you down. Bye bye.
    • MacParrot, on 10/11/2007, -7/+3What? You don't like Macs OR Jimmy Buffett?
    • numb, on 10/11/2007, -0/+4@disciple

      Good points. One thing I've noticed about Digg when it comes to OS vs OS is that if you pick a side you'll get dugg up by enough fanboys from one side to make up for all the buries from the other side. If you take a balanced view (whether mentioning flaws or benefits of both sides) you'll end up getting buried by fanboys from both sides regardless of the quality of your comment.
    • knetworx, on 10/11/2007, -0/+9I'm a developer, and to be perfectly honest, there are things I don't like about both Macs and PCs. Yeah, Windows pisses me off sometimes, and yeah, Macs don't get as many viruses, but you have to consider targeting. Someone above made the comment that Windows machines are used more for important documents and highly sensitive information (I guarantee if you walk into any government office, bank, etc. you will not see a Mac anywhere), while Macs are more like powerful playtoys. Most of the viruses that regular PC users get originally came from someone trying to hack into some important information. How many people would create a virus for a Mac to see your Facebook pics before you post them? Nobody.

      Not to mention, whoever talked about Windows programs on Macs, that was a retarded attempt at defending Apple. Saying "Windows Media Player is the top download on Apple.com" does not really make me think "Oh right, that must mean Apple is better, since Safari got ass-raped when it got put on Windows." Now, had you said something like "Internet Explorer for Mac and MS Office for Mac were the worst programs to ever be put on a Mac, and nobody uses them," I would probably think "yeah, you're right, Safari's cross-platform attempt was just as good as MS Office, IE, or WMP." And don't even try calling me a fanboy, because I f***ing hate IE (long live Firefox), I don't use WMP, and Vim is my default editor for any kind of text that it can display.

      Another thing, the reason every Google product is beta is so they don't have to officially provide support for it, and so they can use it as a cheap cop-out if something happens to go wrong. And of course there's also the fact that Google software changes all the time, so they don't really have a final product, or milestones....or goals....whatsoever. They just say "hey, I think this would be cool to implement, I'll put it together." Their product base keeps expanding because every Friday, employees who have been there for more than three months get to spend the entire day working on whatever project they want. But, anybody here who's ever interviewed with Google or attended an in-depth lecture of their algorithms can vouch for me when I say, you have to be a f***ing genius to have any hope of getting a job there.
  • arras, on 10/11/2007, -14/+7If you're worried about vulnerable software, don't put beta versions in your production environments. That's what test environments are for.

    • potp, on 10/11/2007, -1/+6if you dont want people to bitch about a beta then dont make it so freaking buggy and dont call it then best browser ever and dont ***** advertise it as if its a final product. Also beta are suppose to be test version of a final release. This is more like a ***** alpha build.
  • Kyderdog, on 10/11/2007, -10/+6doh
    • aldenhg, on 10/11/2007, -0/+1I just don't understand why Apple would even release Safari for Windows. I don't know a single Mac user who uses Safari - it's all Camino or Firefox. Also, Windows already has a strong alternative browser - Firefox again. Unless they're going to have some sort of Safari-iPhone tie-in there's no point in doing this. They obviously aren't gaining any positive press and MUST have known about how crappy their browser is. I hate to say it, but arrogance may be getting the best of Apple.
  • zimsters, on 10/11/2007, -8/+47perfect evidence of how the all-secure apple would not pass the scrutiny of the user base that windows has.

    apple is "secure" because nobody has bothered to hack it. offer up a prize or hold a tournament and its hacked in hours.

    windows has been under the microscope and has been battered for a decade now from millions upon millions of users. it survives. apple won't survive that.
    • udahlen, on 10/11/2007, -22/+4Well, no! Windows doesn't survive, it's hacked daily! Microsoft fixes the bugs faster than Apple, but it is not the case that Windows is now so thoroughly tested that there are no more bugs.
    • NSMike, on 10/11/2007, -2/+8@udahlen -

      You just described every piece of software in existence. If you ignore the need for software maintenance, then you don't deserve to be writing software in the first place.
    • Darcy, on 10/11/2007, -0/+11"Well, no! Windows doesn't survive, it's hacked daily! "

      Do you have evidence for this claim? If this was true, I'm pretty sure all the helpful Mac and Linux fans would be more than happy to provide us with the actual proof, rather than the usual Windows sucks because we say it does.
  • MetalHaze, on 10/11/2007, -33/+7""On the OS X platform," he continued, "Apple has enjoyed the same luxury and the same curse as Internet Explorer has had on the Windows platform, namely intimate operating system knowledge." As a result, Safari for Windows may be expecting other layers of the operating system to provide security - layers which aren't present on Windows, especially since Microsoft has naturally adapted its transport layer security for optimum use with IE7."

    This explains it right here. Basically, when you are working on the safest OS, the browser is fine. Safari is amazing on OS X Tiger...

    For the PC users....sucks for you....But can you really complain about Beta software? I think it's mainly for developers to use at this stage in the game and isn't really ready for mass use by geeky, enraged, Digg power users.....Stick to Firefox for now and stop all your god damn bitching and give it a REAL test run when the final release version comes out.....
    • ZergyPoo, on 10/11/2007, -5/+25No, you misinterpreted, you have no basis to claim that OSX is the "safest OS."

      The article doesn't say "OSX is safest" it says "They're most used to OSX than windows."

      Intimate operating system knowledge does not equal "Macs are better." So stop spinning the words around to make baseless fanboyish claims.
    • NSMike, on 10/11/2007, -4/+10Come on. That's a terrible excuse. The thing relies on OSX security to keep it secure. Windows and OSX are VERY different animals, and because of how widespread it is, Windows is FAR more tested against security issues than OSX is. So, they handle security VERY differently. The Safari developers failed to take this into account when switching operating systems, after building the dependency directly into the code? Sounds to me like someone should get fired for that oversight.
    • PJBonoVox, on 10/11/2007, -4/+24"For the PC users....sucks for you..."

      Not really. Most of us Windows users didn't ask for Safari nor would we ever use it. Windows browsers are streets ahead so there is no reason to install it.

      We don't do form over function this side of the fence, okay?
  • CATSCEO, on 10/11/2007, -31/+5It seems people have forgot that this a a BETA.
    • Stoical, on 10/11/2007, -0/+15What about the production copy on OSX? i quote David Maynor (one of the first to discover the exploit) again...

      "...the bugs found in the beta copy of Safari on Windows work on the ____production copy___ on OSX as well (same code base for alot of stuff)..."

      From his blog: http://erratasec.blogspot.com/2007/06/niiiice.html

      To be fair i think this will be patched quickly and my personal view is software can never be 100% immune from vunerabilities.
    • griz, on 10/11/2007, -7/+1wrong topic digg down
  • python2121, on 10/11/2007, -15/+5DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS AAAARRRGGGGGHHHHHH
  • udahlen, on 10/11/2007, -15/+9I love OS X and think it's lightyears ahead of Windows, but: I think Apple doesn't take security seriously and it really bothers me. Please, Apple, wake up!
    • btipling, on 10/11/2007, -10/+30Yeah light years, what with bad windows management (green button), a ridiculous way of finding apps, an inconsistent UI (you have to hit the keyboard button to eject an empty disk tray to put a disk in but you can drag a disk to the trash can to eject), a stupid mouse, a dock with a mind of it own, ETC ETC


      Pfffft. I'll take my Windows start menu or xfce application menu and toolbars and fully maximizable windows over a stupid os x anyday.
    • MacParrot, on 10/11/2007, -6/+13I would agree with some of that, but you are exaggerating a bit as well. The green button is not a fill window, but a maximize to what the window needs. It's a matter of preference of course but I prefer not to have a window fill the entire screen if it doesn't need to. As far as loading disks go, only the Mac Pro requires you to hit the "eject" key to insert a disk. Every other current Mac just requires you to slip the disk into the slot with the drive. The "Mighty Mouse"? I hate it as well and prefer trackballs which is all I use. I prefer the column view in OS X as compared to Windows management, but that's a preference as well. I don't mind Apple's Dock, but I think the Windows Taskbar is better.

      Both Apple and Microsoft copy each others better UI tweaks. If it adds up to better experience, why be upset about it?
    • meatmcguffin, on 10/11/2007, -13/+7"bad windows management (green button)"
      It's a zoom button which makes the window exactly the size it has to be to show its contents. Also, there's nothing stopping you from maximising the window, just click and drag.

      a ridiculous way of finding apps
      Uh....they're in the /applications folder. Or hit apple-space and type the name. What's ridiculous about it?

      "but you can drag a disk to the trash can to eject"
      Or you could hit the keyboard eject button. Or right click -> eject. Or hit the eject button in the finder. I get the feeling you haven't touched a mac have you?

      "a dock with a mind of it own"
      I've never heard of a misbehaving dock. Care to elaborate? Or better still, stop regurgitating crap from the internet, use the OS for more than five minutes and form your own opinions.

      edit: damn you macparrot!
    • MacParrot, on 10/11/2007, -4/+3"SQUAWK!"

      No problem mon!
    • Platypus3333, on 10/11/2007, -0/+3I wish I could cut and paste folders in OSX, and I wish applications were in package form in Windows. Beyond that, I'm perfectly okay with either OS.
  • MacParrot, on 10/11/2007, -9/+3Considering that this is a beta, I wouldn't even install it on my supposedly more secure Mac (yes, I know there are exploits in OS X. That's why I said "supposedly"), much less on Windows. Also, wasn't this to be for XP as compared to Vista? That could be why it crashes on Vista.

    Frankly though, that would be a lame excuse if true. Microsoft is putting all there resources into Vista now. If you're going to release software for the Windows platform, you should code it for the newest version, not optimize it for what came before. Apple should know better.
  • RAiNsTorm, on 10/11/2007, -14/+6People believe what they want to believe. This was released and talked about at A DEVELOPERS conference, just because everyone hangs onto every word in second by second live blogs doesn't mean it is targeted towards them. This was for developers, it will allow developer to test sites on Safari even if they are on windows... not to instantly be installed by every schmuck and try to use it as their daily browser.

    Where Apple went wrong was by making it seem otherwise and make the download link prominent. It should have been a buried link in a development section or given away on a CD at the conference to DEVELOPERS. Which was the whole damn point anyhow.

    All it really shows is how stupid and blind most Digg-ites are and how everyone thinks they are so tech savvy when they are in reality barely past windows/linux/OSX for dummies.
    • RAiNsTorm, on 10/11/2007, -14/+5Go ahead dig me down... god forbid someone speaks the truth. Seriously this is my last post to Digg, this site is *****. I'll miss all the BEST ______ EVER stories, and instant 200 diggs for anything with Ubuntu in it... because, like, Ubuntu IS Linux dood!

      Complete *****.
    • meatmcguffin, on 10/11/2007, -12/+5Don't give up on Digg just yet :)

      This was posted in the software section instead of the Apple section which means that the MS fanboys are going to digg down anything with a positive slant, even if it's the truth.

      Case in point: If you download a beta, you can't expect it to be bug free and yet how many stupid complaints are there on this page regarding bugs?
    • daftman, on 10/11/2007, -3/+5> Seriously this is my last post to Digg, this site is *****.
      Oh man, I'm seriously going to miss you.
      You always sound so intelligent, insightful, and so free from bias that you make the word "*****" sounds like a French love word.
    • OgnodoD, on 10/11/2007, -1/+2Rainstorm, I've had it with Digg, too, but for a slightly different reason. This entire comments section is disgusting. Not because people are criticizing the browser (which is a reasonable thing to do given the problems people are having), but because so many people are calling each other assholes, idiots, and fanboys, and are patting each other on the back for it.. Someone even used the anti-gay slur "Apple *****" (and he's not getting dugg down for it).

      I hate to say it, but those who say that Digg acts like a mob at times are absolutely correct. This is far from the only article where the crowd mentality has taken over to such an extreme. Without knowing both sides, Digg has led to people sending threats to school principals, obscene letters to officials, and even a hacking or two. Not too long ago, I would have been hanging from a tree because of people with the same "Don't think. Just believe what someone tells you and follow your emotions" mentality . I can no longer be part of the 21st-century version of that. The medium may have changed, but the anger, hate and irrationality are still there.
  • Thomasson, on 10/11/2007, -18/+6Meh. Pretty much what I'd expect from a big slab being placed atop a deck of cards.
    IE on MacOS was discontinued, but still stands up to punishments and don't let no bugs in.

    Why'd you think they did a beta with such gusto? Their devs are probably rubbing their hands now as they go to patch up all the holes that are being discovered, having got glorious free bugtesting.

    So, not to be an OS fanboy, but....

    Suckers!
    • zybch, on 10/11/2007, -0/+16You realize that it had the same wide open exploits when running on OSX as well don't you?
    • Feeves, on 10/11/2007, -1/+5Actually that's probably one of the best hypotheses I've heard for why Safari's been released in such a state.
    • webcrumb, on 10/11/2007, -1/+1Same reason the Marklar builds kept being "leaked" and heavily tested on a variety of hardware by the OSx86 community.
    • Escamillo, on 10/11/2007, -0/+1"Why'd you think they did a beta with such gusto? Their devs are probably rubbing their hands now as they go to patch up all the holes that are being discovered, having got glorious free bugtesting. "

      Well, duh.
      That's the whole point of a public beta. It's not like Apple's the first company to do this and that they're geniouses for thinking of it. In fact, they need to do more public betas, as evidenced by iTunes 7.0 (released without any public beta, was so buggy that iTunes 7.01 was released mere days later). Leopard hasn't had a public beta, BTW. That should worry you.
  • exYU, on 10/11/2007, -16/+1isnt the windows version Alpha?

    I mean come on nerds, give them a brake FFS!
    • potp, on 10/11/2007, -6/+6then why the ***** is apple calling it a beta and giving it so much publicity. the apple ***** could have kept it low key and not pulled "figures" and "facts" from their own fart.
  • Zabuza2478, on 10/11/2007, -3/+14The old "..but but but its Beta" excuse is really getting tired. Its slow and crashed my machine 3 times. Thats all the evidence I need to know that this isn't for me
  • rosewood67, on 10/11/2007, -4/+10I don't even like using Safari on my Mac...why would the Windows crowd even want such a thing is what I am curious about....long live firefox? ;)
    • disciple83, on 10/11/2007, -1/+4Firefox is great, I'm using it now, but there are benefits for using different browsers. Opera leaves a tiny memory footprint, Firefox is more secure than IE, but IE7, IMHO, runs faster than firefox at times. Safari has a different render engines for use in web development, and then there is that whole "secure mode" for anonymous browsing.
    • jgreene777, on 10/11/2007, -0/+5@disciple = i agree with the usefulness of multiple browsers. SharePoint Services works much better on IE7 than any other browser, just don't use IE for anything outside your internal network. Firefox is great, but there is some issue with my setup that doesn't like QuickTime. So if Safari would actually WORK on my WinXP machine, it would prolly be a better "movie trailer surfing" tool.
    • myklee, on 10/11/2007, -0/+2try camino, i use it over firefox and safari on my mac. still use firefox on my pc though.
  • zomgorly, on 10/11/2007, -20/+3ZOMG O RLY?



    Has everyone forgot this is a BETA
    • Lonewolfsanscub, on 10/11/2007, -0/+9I did, thank you for mentioning it. No one else has.
  • michaelkpate, on 10/11/2007, -14/+6Anyone who is going to be running Safari right now is smart enough to choose which websites to surf to. This is such a non-issue being blown way out of proportion.

    If things are bad when the non-beta is released, there is cause for concern.
    • zybch, on 10/11/2007, -1/+12Would you be cutting MS the same slack under similar circumstances?
      C'mon, be honest with yourself, you probably wouldn't.
  • griz, on 10/11/2007, -11/+3Funny, Apple released a beta of Leopard to developers and you don't hear them all in a tizzy that there is a bug or security hole. They are working on it. But you release a beta of Safari to the public, to people who are non-developers and can't do anything to fix the bug and all they do it punch holes in it. They get everyone else worked up over something that is probably already fixed in the developers world.
    Get over it people. Wait for the final release before you release the hounds!
    • wageslaven, on 10/11/2007, -5/+11You dont hear them all in a tizzy because they are A) working in a niche market (less than 3% of world market share) and wouldnt dare do anything to hurt what little success they have. and B) so few of them that you wouldnt hear unless digg posted a macrumours article... and Id venture C) Like the rest of apple consumers, irrationally emotionally connected to apple.
    • meatmcguffin, on 10/11/2007, -8/+5"so few of them that you wouldnt hear unless digg posted a macrumours article"

      I bet you're the same class of moron who complains that there's too many Apple stories on Digg and it's being overrun with Apple fanboys. Pick a side and stick to it.

      "Like the rest of apple consumers, irrationally emotionally connected to apple."

      Funny, i see you trolling a *lot* of Apple stories. Emotionally invested to MS are we?
    • Hoinah, on 10/11/2007, -2/+5I'll hold Apple to the same rule that I hold Microsoft to:
      Don't release things that should still held Beta, it will only ends in tears.
  • mrdlcastle, on 10/11/2007, -7/+11I wonder how many of you claiming beta doesn't mean beta are actually developers.

    Beta has always meant - this product is not ready for production. Don't be a fool and install it on a production system.
    From my experience, beta (windows, mac, or any other platform) has always meant the software is not ready and won't be until beta testers use it and find what's wrong with it.
    Look at Windows Vista, it has been a 'beta' since July of 2005. Two years later it was released as a final product.
    • ideapower, on 10/11/2007, -3/+3it doesn't matter who you are, or what "Beat" means to you personally... it has a specific meaning. if people don't know what it means, it's their own fault for expecting something different.
      http://en.wikipedia.org/wiki/Beta_software#Beta
    • ideapower, on 10/11/2007, -2/+1ha, sorry, i meant "Beta" not "Beat" lol
    • Feeves, on 10/11/2007, -1/+2These wasn't a legion of black hats though going for some obscure exploit that 1% of hackers could ever have come across though. This was a vulnerability using common tools. It should have been found in internal testing not in public beta.

      Also if it were a beta then Apple shouldn't already be touting its security (it's intentionally misleading)
  • kheldorin, on 10/11/2007, -2/+7What scrutiny seriously? They are just 3 security researchers who opted to publish their results on the web. What about those that don't? And what about the legion of Black Hats who still are not remotely interested in Safari because there's little financial inventive for them. The Safari browser has seen nothing yet...
  • jgreene777, on 10/11/2007, -8/+2one thing: it IS a beta.
    another thing: it doesn't work at all on my WinXP PC. no text in the menus and half the page doesn't show up... install, run once... reboot, run again... uninstall. It does however work fine on my Vista PC at home. Thank goodness for hardware firewalls.
  • akatherder, on 10/11/2007, -11/+29Fantasy: As a Windows user, this experience with Safari has introduced me to the speed, security, and snazziness of Apple. I can't wait to drop a million dollars on an iPhone and my next computer will be a Mac!

    Reality: WTF? Safari sucks and Macs are a bunch of overrated *****.
    • abandonedhero, on 10/11/2007, -7/+1I swear, some people need to learn to understand sarcasm.
  • houndeyex, on 10/11/2007, -6/+1Aaaagghhhh there was a FIRE FIGHT!
  • greenvortex, on 10/11/2007, -10/+5I like Macs. I hate Microsoft. But I don't even use Safari in OS X, so why would I want to use it in Windows?

    Anyway, what might possibly compel someone to switch browsers? 1.Too much spyware cripples their current browser. 2.The prospect of a much smaller CPU footprint. 3.Documented superiority in security. 4.Crashproof code. Page loading time? No. Your PC specs and internet connection speed have way more impact than any browser coding tricks. There's no compelling, or even uncompelling reason to use Safari, and there are plenty of reasons to avoid it. Fanboyism is the only motivation to try out Safari for Windows. Realistically, the appeal is similar to Vista. Meaning no one but a complete tool would think its a good idea to switch from what they already have.
  • chicofaraby, on 10/11/2007, -16/+7I have to laugh.

    BTW, what's a "virus?"

    -Mac user
    • mikefitz2, on 10/11/2007, -9/+4YAAAAA YOU'RE SOOO COOOOOL
    • Hoinah, on 10/11/2007, -4/+7Its something worthwhile platforms have to deal with because certain lap-pinkied mouthbreathers can't keep their fandom in their pants, and feel they're doing a service to the greater good by causing the downfall of the evil Megacorps.
  • gumby013, on 10/11/2007, -5/+13If I could get Safari to render a page successfully without crashing, I might have security issues...
  • jebudas, on 10/11/2007, -6/+1When in Rome...

    ;)
  • jjey, on 10/11/2007, -5/+0its like "omg they find hole in safari? nowai!... was windows?".
  • akypoon, on 10/11/2007, -2/+2I tried Safari briefly last night. It feels fast (at least on par with Firefox 2.x, definitely faster than IE7). However, this browser is a memory hog. On browsing the same website, Safari could use up to 2x more memory than Firefox 2.x. It could be a concern for people who run on a tight RAM machine.

    If Apple wants to position themselves better among the other existing browsers, they need to have some stronger points. Security appears not to be one of these points at the moment. But if Safari can get better over time in security, I still see it as a potential contender in the browser segment.
  • sholt, on 10/11/2007, -2/+6Safari for Windows isn't a beta, it's clearly a rush job.

    The only reason I can see that it was released at all is because Apple (Jobs) wanted as many people as possible to get their webapps ready for the iPhone. Therefore, the priority was most likely placed on just getting the thing running and looking like Safari on Mac (to which I ask "Why?!" but that's a whole other discussion), instead of actually paying attention and porting the app over using proper practices on Windows.

    Currently, this is a tool to spur iPhone development, not a browser, and should be labeled as such.
    • JDHarper, on 10/11/2007, -5/+2OK, seriously, what is my comment doing down here? I clicked reply to something way up at the top of the page!
    • kheldorin, on 10/11/2007, -3/+1Then the iPhone better not be gaining any significant marketshare if they want to avoid getting hacked. Seeing as to how they elected to use the browser as a medium for 3rd party apps, it better be secure. Now, I know why they didn't release an SDK for the iPhone. If they can't design a secure browser, they probably couldn't design a secure mobile OS.
  • PradaPete, on 10/11/2007, -7/+3We are the Apple fanboys. If you say something remotely negative about Apple, we have to ask you to take a german shower.
    • Hoinah, on 10/11/2007, -6/+2Can I have some schnitzel afterwards?
  • mseneschal, on 10/11/2007, -12/+4I was excited to hear about a Windows version of Safari. I immediately went upstairs, turned on my Dell.... then waited 5-minutes for the damn thing to boot up. I got frusterated and went back to my MacBook... what was I thinking?!
    • daftman, on 10/11/2007, -2/+7I don't know what you were thinking, but I'm thinking why the ***** did you buy a Dell when all you do is make love to your Mac?
      Kind of ***** stupid don't you think?
    • nreisan, on 10/11/2007, -2/+5i see your problem

      you have a dell

      if it takes 5 minutes to boot up

      your doing it wrong

      thanks for playing :)
    • CBTF, on 10/11/2007, -2/+1You obviously don't know how to configure your dell, then.
  • johncern, on 10/11/2007, -5/+5This browser is horrible. Apple should have tried to make the browser better than firefox. Right now, why would someone use safari?
  • thinkdifferent, on 10/11/2007, -3/+8Interesting the vulnerability they described relies on Firefox, which is what actually executes the vulnerability. Safari simply passed the url to Firefox which was the gopher handler. Essentially what they found is a browser which doesn't know about the gopher protocol that then asked the OS what apps knew how to handle it. The OS responded it was Firefox, which then parsed the arguments in an unsafe manner.

    I'm all for finding security holes, but seriously this is lame. It'd be like blaming a browser for passing a pdf to Acrobat that causes Acrobat to erase the hard drive & then blaming the browser. It isn't a browser's job to know about potential issues with everything in existence. It passes off external requests to those apps & it is their responsibility (or the OS) to catch them. It doesn't matter which browser either. The same could happen to Opera or IE, since they aren't actually handling the code, just handing it off to another app.
    • Feeves, on 10/11/2007, -1/+2I think it's just a demo. I think the fact that it can activate an executable through Safari is the point.
    • bitbuckethead, on 10/11/2007, -1/+2The actual fact that Firefox is used here is moot, it doesn't do anything (except in the last case on http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours/ ), Safari blindly runs anything in the source attribute (if it can't handle it itself, gopher in this case), if anything is inserted after it's executed as well, instead of being URL encoded. For example "gopher://example.org | cmd.exe" is run as is, instead of being transformed to "gopher://example.org%20%7c%20cmd.exe/" first.
    • thinkdifferent, on 10/11/2007, -0/+2@feeves
      It is standard for all browsers to pass off a url they don't know to some other application to handle. Browsers which don't directly support RSS do the same with the feed:// protocol. When they encounter an unknown protocol, they pass the request to the OS which checks if anything knows how to handle that protocol & then passes it to the appropriate application. Safari didn't execute anything in this case.

      @bitbuckethead

      That was exactly my point. Firefox being the actual vulnerability in this case wasn't the point. Safari didn't execute anything. It passed the url off to something else that claimed to handle that protocol. Expecting a browser to know the intricacies of everything (including stuff it doesn't handle) is silly. Now, if they had done the same with ftp (a url protocol Safari does claim to know), that'd be a different story.
    • bitbuckethead, on 10/11/2007, -0/+0"Safari didn't execute anything. It passed the url off to something else that claimed to handle that protocol."
      Safari ran commands it shouldn't have done, this exploit gives people the equivalent of the Windows run dialog remotely, Safari should be url encoding any non alphanumerics and passing them to the appropriate handler, rather than just blindly executing whatever is in the source attribute.
    • Feeves, on 10/11/2007, -0/+1It handled the iframe incorrectly so that it seemed like the commands were coming from the client end. And why should any program expect a malicious command from the front? To put it mildly, this exploit wouldn't exist without Safari having the vulnerability in the first place, regardless of how insecure one may find whatever other program.
  • Fetching more discussions...
    Show 51 - 100 of 134 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.