Consumer group urges Mac users to ditch Safari

Computerworld - Mac users should scrap Apple Inc.'s Safari and replace it with a browser that offers antiphishing protection, such as Mozilla Corp.'s Firefox or Opera Software ASA's Opera, Consumer Reports said today as it unveiled its annual Internet security survey.

Although Americans reported fewer spyware attacks and malware infections in the last year than in the past, phishing attacks remain a serious concern, said the magazine, which polled more than 2,000 U.S. households with Internet access.

About 6.5 million consumers, or one in every 13 online households, gave identity thieves personal information at some point in the last two years, said Jeff Fox, technology editor at the publication. And 14% of those people actually lost money through the scams, which often rely on legitimate-looking Web sites that try to trick users into divulging bank account numbers, addresses and passwords.

Mac users are just as likely to fall for the fake sites as people running Windows, Fox said. "There is no significant difference" between the two groups -- Mac and Windows users -- regarding the likelihood of giving away information, he said. "Mac users are indistinguishable from Windows users here."

But users going online with Safari are leaving themselves at risk because the browser doesn't include tools to warn when a site is, or might be, dangerous. "The browser of choice for most Mac users, Apple's Safari, has no phishing protection," said Consumer Reports.

Until Apple adds antiphishing tools, the publication recommended that Mac users steer clear of Safari, and suggested that they instead run the latest version of Firefox or Opera.

Both Firefox 3.0 and Opera 9.5 warn users when they're about to visit a known phishing or malware-spreading site, and block access to those sites. Microsoft Corp.'s Internet Explorer, which already boasts an antiphishing filter, will get an anti-malware tool in IE8, which is currently in beta testing.

This isn't the first time that Apple has come under fire for Safari's omission. In April, PayPal, eBay Inc.'s payment service, said it would bar browsers that lacked antiphishing features. Later, however, PayPal backtracked, saying that it would not block the current 3.x version of Safari.

"The Mac [phishing statistics] were pretty interesting," said Fox, who named it as one of the current survey's biggest surprises. "Mac users think that they don't need to worry about viruses and spyware," he said. "But e-mail is the weak vector on the Mac."

Most phishing attacks begin when a user receives an e-mail message -- perhaps one posing as from his bank -- that includes a link to a malicious Web site.

"This is the one area where the Mac doesn't have an advantage in security," Fox continued. "Significantly fewer Mac users were using antiphishing technologies, but they were pretty much identical to Windows users about giving personal information.