Our Blog

Safari on Win32, and browser choices in general..

Reading time ~2 min
Posted by Haroon Meer on 12 June 2007
Categories: Infosec-soapies, Security-news

Gareth linked to David Maynor’s blog where he documents the results of some simple fuzzing against the new Win32 port of Safari. Of  course fanboys everywhere are going to be on this one like, erm.. like a thing that is very onto another thing.. but.. i digress..

2 things are interesting in all this for me though..

  • Why Apple chose now to do the win32 safari release
  • Why anyone in security uses Safari anyway?

Most people postulate that the Win32 Safari release is tied to the release of the iPhone. Since 3rd party developers cant build for the iPhone yet, it would seem that web-apps running on iPhone Safari would be the way to go for now.. if you are pushing the browser they need better adoption.. its a reasonable enough theory and i cant imagine its because apple actually want to launch a serious attack against IE/Mozilla on non Apple desktops

Now, for the more contentious  question.. Why would security folks be running Safari anyway? I like my macbook, its pretty and shiny and mostly runs pretty well. (i have even heard some people say this about their Vista machines), but.. choosing a closed source alternative when an adequate (some will say superior) free, open source alternative exists seems a strange choice indeed. Its not the same as asking you to switch from MS-Word to emacs.. the user experience is almost identical, except with one option you are in the driving seat?

Now im not going to go into the whole “more eyeballs” fallacy but under the circumstances it seems strange..

One of the guys i know who uses safari claims its for the tight OS integration.. Well.. i think that sounds like a perfectly good reason not to..

Of course at about this point people should be shouting “Low Rights IE!”. In truth, this is a nice step forward for browsers, but the low rights option is really a new OS capability, not purely a browser feature [simply using icacls to set your firefox integritylevel to low will take you a few steps closer)

At the end of the day.. the firefox / ie / safari / opera decision seems to be a reasonably easy choice to make.. im not sure which part of it im missing…