The Internet Explorer team should be proud of themselves this week:
Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.
Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.
However, if you’re feeling ten feet tall and bulletproof because you’re using FireFox, you might want to reexamine that idea and make sure you get the auto-updates installed:
Likewise, Apple cultivates the image of security to every fanboy’s peril:
Safari 3.1 patches 13 holes affecting Mac OS X, Windows XP, and Windows Vista.
Think you’re safe because you don’t have Safari? You may have it without realizing it. Apple now distributes its browser with iTunes updates. Forget to uncheck a box in one of these updates, and it’s there.
The Safari holes could allow an attacker to trick you into thinking that a fake site is really your bank site, or to take over your PC via a poisoned page.
Remember it was Safari that led to the hacking of a MacBook Air in a recent contest. Add in the insult of sneaking Safari onto machines via iTunes updates and Safari in most corporate environments would be defined as malicious. The distribution policy has recently been changed to be more clear about what is being installed, but some damage has been done, and you still have to refuse the automatic installation.
There is a reason corporate IT departments prefer software we can control via Group Policy, and why we have policies against anyone installing anything.