Consumer group urges Mac users to ditch Safari
Better browsers flag phishing sites, says Consumer Reports
Computerworld - Mac users should scrap Apple Inc.'s Safari and replace it with a browser that offers antiphishing protection, such as Mozilla Corp.'s Firefox or Opera Software ASA's Opera, Consumer Reports said today as it unveiled its annual Internet security survey.
Although Americans reported fewer spyware attacks and malware infections in the last year than in the past, phishing attacks remain a serious concern, said the magazine, which polled more than 2,000 U.S. households with Internet access.
About 6.5 million consumers, or one in every 13 online households, gave identity thieves personal information at some point in the last two years, said Jeff Fox, technology editor at the publication. And 14% of those people actually lost money through the scams, which often rely on legitimate-looking Web sites that try to trick users into divulging bank account numbers, addresses and passwords.
Mac users are just as likely to fall for the fake sites as people running Windows, Fox said. "There is no significant difference" between the two groups -- Mac and Windows users -- regarding the likelihood of giving away information, he said. "Mac users are indistinguishable from Windows users here."
But users going online with Safari are leaving themselves at risk because the browser doesn't include tools to warn when a site is, or might be, dangerous. "The browser of choice for most Mac users, Apple's Safari, has no phishing protection," said Consumer Reports.
Until Apple adds antiphishing tools, the publication recommended that Mac users steer clear of Safari, and suggested that they instead run the latest version of Firefox or Opera.
Both Firefox 3.0 and Opera 9.5 warn users when they're about to visit a known phishing or malware-spreading site, and block access to those sites. Microsoft Corp.'s Internet Explorer, which already boasts an antiphishing filter, will get an anti-malware tool in IE8, which is currently in beta testing.
This isn't the first time that Apple has come under fire for Safari's omission. In April, PayPal, eBay Inc.'s payment service, said it would bar browsers that lacked antiphishing features. Later, however, PayPal backtracked, saying that it would not block the current 3.x version of Safari.
"The Mac [phishing statistics] were pretty interesting," said Fox, who named it as one of the current survey's biggest surprises. "Mac users think that they don't need to worry about viruses and spyware," he said. "But e-mail is the weak vector on the Mac."
Most phishing attacks begin when a user receives an e-mail message -- perhaps one posing as from his bank -- that includes a link to a malicious Web site.
"This is the one area where the Mac doesn't have an advantage in security," Fox continued. "Significantly fewer Mac users were using antiphishing technologies, but they were pretty much identical to Windows users about giving personal information.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts