Consumer group urges Mac users to ditch Safari
Better browsers flag phishing sites, says Consumer Reports
Computerworld - Mac users should scrap Apple Inc.'s Safari and replace it with a browser that offers antiphishing protection, such as Mozilla Corp.'s Firefox or Opera Software ASA's Opera, Consumer Reports said today as it unveiled its annual Internet security survey.
Although Americans reported fewer spyware attacks and malware infections in the last year than in the past, phishing attacks remain a serious concern, said the magazine, which polled more than 2,000 U.S. households with Internet access.
About 6.5 million consumers, or one in every 13 online households, gave identity thieves personal information at some point in the last two years, said Jeff Fox, technology editor at the publication. And 14% of those people actually lost money through the scams, which often rely on legitimate-looking Web sites that try to trick users into divulging bank account numbers, addresses and passwords.
Mac users are just as likely to fall for the fake sites as people running Windows, Fox said. "There is no significant difference" between the two groups -- Mac and Windows users -- regarding the likelihood of giving away information, he said. "Mac users are indistinguishable from Windows users here."
But users going online with Safari are leaving themselves at risk because the browser doesn't include tools to warn when a site is, or might be, dangerous. "The browser of choice for most Mac users, Apple's Safari, has no phishing protection," said Consumer Reports.
Until Apple adds antiphishing tools, the publication recommended that Mac users steer clear of Safari, and suggested that they instead run the latest version of Firefox or Opera.
Both Firefox 3.0 and Opera 9.5 warn users when they're about to visit a known phishing or malware-spreading site, and block access to those sites. Microsoft Corp.'s Internet Explorer, which already boasts an antiphishing filter, will get an anti-malware tool in IE8, which is currently in beta testing.
This isn't the first time that Apple has come under fire for Safari's omission. In April, PayPal, eBay Inc.'s payment service, said it would bar browsers that lacked antiphishing features. Later, however, PayPal backtracked, saying that it would not block the current 3.x version of Safari.
"The Mac [phishing statistics] were pretty interesting," said Fox, who named it as one of the current survey's biggest surprises. "Mac users think that they don't need to worry about viruses and spyware," he said. "But e-mail is the weak vector on the Mac."
Most phishing attacks begin when a user receives an e-mail message -- perhaps one posing as from his bank -- that includes a link to a malicious Web site.
"This is the one area where the Mac doesn't have an advantage in security," Fox continued. "Significantly fewer Mac users were using antiphishing technologies, but they were pretty much identical to Windows users about giving personal information.
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts