Safari 3.2 Adds Anti-Phishing and Other Security Enhancements

18 Comments

Yesterday, Apple released Safari 3.2 for both Windows and Mac (Tiger and Leopard). As usual, Apple’s normal update announcements are a little short on details.

This update is recommended for all Safari users and features protection from fraudulent phishing websites and better identification of online businesses. This update also includes the latest security updates. For detailed information on the security content of this update, please visit this site: http://support.apple.com/kb/HT1222

The KnowledgeBase article about the security content of the update takes you to Apple’s main security page, which links to the Safari 3.2 security fixes. Most of the fixes are about arbitrary code execution but some are more subtle fixes to make sure that web pages don’t have access to local files.

The anti-phishing updates are two-fold. If you visit a malicious web site, Safari will warn you with the following dialog box:

Clicking on the “Learn more about phishing scams” link takes you to a web page that explains Strange Behavior and Malicious Software: Phishing attacks. Interestingly enough, this explanation is on Google.com rather than on Apple’s web site. I assume this means that Apple is using Google’s list of sites that they have identified as potentially dangerous, like you might see on some search results.

To go along with this, there is a new preference in the security panel to toggle this warning when you visit a fraudulent website.

The other change is a positive indication for sites that have taken the extra step to obtain an Extended Validation Certificate from one of the Certificate Authorities that have begun to do the extra background checks. If you visit a site that has one of these Extended Validation Certificates, Safari will display the site name next to the usual lock icon in green text, as you can see in this example from eBay.com’s login page.

Not all sites with SSL certificates have these EVC credentials (my bank’s online site does not, for example). When you do see the notice, you can click on this green text to get more details on the site certificate (just as you can for other sites by clicking on the lock itself). Make a note of the “Class 3 Extended Validation SSL SGC CA” line in PayPal’s description below.

There are lots more features coming in Safari 4 which should implement much more of the HTML 5 specification and the new SquirrelFish javascript engine, but this is a small step towards that.

18 Comments

design

I love Mac, but Safari is pretty boring. It pales in comparison to other Apple products, in fact it is suprisingly out of sync with the rest of their products in terms of style, mac experience, etc., etc. Will Google Chrome become the leader of the pack… I highly doubt it, but at least it will push innovation. Right now Firefox stands above the rest…

Patrick Santana

@ramzez I tried this one. But it is incomparable with the plugin from Mozilla. It is difficult to find, there is no search and the integration with delicious is not so good. I keep my eyes there to see if there is a new version.

Thank you

ntopics

I didn’t know that Safari 3.2 is available for both Windows and Mac.
These new browsers are amazing for what they can do to improve
viewing, security, and ease of use.

thanks from tony

Dan

Can’t wait to see how well Safari will work after Apple actually debugs it.

This release is based on an ancient version of WebKit, so it’s MUCH slower than the current and only gets 75/100 on Acid3.

And, so far, it’s crashed half a dozen times on me… Viewing standard stuff, like eBay and CNN pages. (this on a fully updated Tiger system).

Way to go Apple!

Weldon Dodd

@Patrick – plugins are the main reason I continue to use Firefox as well. I rely on the delicious bookmarks and “Web Developer” plugins.

@Mark – I apologize for the misinformation. I’ve made some edits to the article in response. I wrongly thought that the “show databases” button on the security preferences panel was new, along with the fraudulent websites warning checkbox.

Andy Kelsall

Safari 3.2 is working great here and I’d just like to second what Mark Rowe said about the HTML 5 database support, it’s not new and was there in 3.1.

Chris

Strange, mine crashes on startup, and pops up an error saying SafariStand is the likely culprit. Hmmm…

Chris

Anyone else having problems with SafariStand after this? It seems to be crashing Safari for me.

Mark Rowe

HTML 5 client-side database support was added in Safari 3.1. It is not new to Safari 3.2.

Patrick Santana

I like Safari very much. It is a great software; but I will keep Firefox until I have a decent plugin for my delicious at Safari. That the only reason.

– Safari is faster than Firefox
– Safari is more integrated with Mac than Firefox
– Safari does not destroy my memory as Firefox

Comments are closed.