Is it really a flaw? As I understand it from what I have read on the
web, Safari will download what you tell it to where you have told it
to. In the case of Windows, the default is the desktop, a fairly
common choice. Unfortunately for windows users, the desktop is an
unsafe location because executables on the desktop work differently,
read more permissively, than elsewhere. The flaw in my view is thus
on the Windows desktop. Safari already has a fix available - choose a
different location. What would you have Apple do - code Safari to
break the aspect of Windows that allows executables from the desktop?
Matthew
On Jun 3, 2008, at 2:52 PM, mike wrote:
They are naive and code badly because of it? You keep spinning and
yer
gonna get dizzy. Apple also said they aren't going to fix the issue.
Professionalism? Google apple microsoft zero day patch and you'll hit
articles showing apple is so professional they lag behind in issuing
zero
day patches compared to MS.
So to sum up. Safari has a flaw, that enables a second flaw in
explorer to
be exploited. MS is going to patch explorer, Apple has zero plans
to patch
even though when MS patches, the safari bug will still have security
effects
on the system. And you think MS is less professional then Apple is
used to
working with?
Mike
On Tue, Jun 3, 2008 at 9:41 AM, Tom Piwowar <[EMAIL PROTECTED]> wrote:
Comments I've read from Windows programmers suggest that Apple's
programmers may be a bit too naive about Windows. Despite hearing
all the
stories about Windows' foulness they still assume a higher level of
quality and professionalism than Microsoft is able to deliver.
Consequently problems like this fall through.
Still, what is it about the Windows desktop that is particularly
dangerous? Should I be concerned about keeping any files on the
desktop?
The last paragraph is the critical one for Tom to notice.
*
According to Raff, unless Apple patches the bug, more attacks like
the one
he found in IE are likely to pop up. "This is not the only issue
that can
be
combined with the Safari vulnerability," he said. "If Microsoft
fixes
this,
Safari users will still be vulnerable."
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
