Although Mozilla's Firefox and Google's Chrome browsers get a lot of attention in the media, Apple's Safari browser is not too shabby in comparison. The one thing it unfortunately lacks is robust security.
Given that so much computer activity revolves around the browser these days, security is the last place you'd want to see sub-standard features. InfoWorld's Roger Grimes took and in-depth look at Safari and says that even though it has strong pop-up blocking and anti-phishing tools, it's rife with numerous security flaws.
"[S]ecurity is not Safari's strong point. Unfortunately, 26 separate vulnerabilities have been announced since March 2008, one-third of which would allow complete system access. Plus, there simply isn't a lot of security granularity to Safari," he writes.
Grimes also notes that while Safari warns of invalid digital certificates -- a method of verifying online identity -- it's alert mechanism is so subtle it could easily be overlooked. Furthermore, Safari's password management system failed all but 2 of 21 tests to check it's safety and effectiveness.
Although Grimes doesn't give Safari a ringing endorsement, he doesn't suggest anyone should avoid it all together. "Safari passed all of my browser and JavaScript security exams, negotiating my predefined lab trials, test suites on the Internet (including scanit and Jason's Toolbox), and real-world exposure to known-malicious Web sites without allowing any malware to be automatically installed (Safari's competitors fared just as well)."
