Filed under: Software, Internet Tools, Security
Consumer Reports pans Safari's lack of phishing protection
Consumer Reports, in its annual internet security survey, recommended that Mac users avoid Safari because of its lack of phishing protection. Instead, they recommend users install Firefox 3 or Opera 9.5 as their default browsers, since both will warn users before displaying the contents of sites known to be source of scams and personal information theft.
Jeff Fox, technology editor at Consumer Reports, noted that "e-mail is the weak vector on the Mac," meaning that most successful phishing attacks on Mac users arrive via email.
"Windows users are used to being paranoid about not clicking [links in phishing emails]," he said. "Mac users aren't, even though they say, 'Antivirus software, who needs it?'"
As we've mentioned before, 1Password does a great job of adding phishing protection to Safari. Also, always be extra-wary of clicking links in emails from people you don't know.
[Via Computerworld.]
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Gray_hat said 5:12PM on 8-05-2008
You don't need 1Password (although I love 1Password for many reasons) to get phishing protection. In fact you can get phishing protection from the same source by using OpenDNS ( https://www.opendns.com/ ). All you have to do is change your DNS servers in Network Preferences to the OpenDNS servers and you are protected from Phishing 1Password. They both use PhishTank for their database of phishing sites.
Reply
Roustem said 6:10PM on 8-05-2008
@Gray_hat,
Don't forget that PhishTank includes only the links that were reported at some time. Brand new phishing sites may not be reported or approved in time.
Not only can 1Password consult the PhishTank database, it also always checks the website address and does not let you use the password on sites different from previously saved address.
andrew said 5:16PM on 8-05-2008
yeah, because phishing protection is very important, if you happen to be five years old.
Reply
Robert Palmer said 5:44PM on 8-05-2008
Or 85. I've found that the people most vulnerable to phishing attacks (not only via email, but by phone, too) are the elderly.
We all have a responsibility to check on our parents and grandparents online to make sure they're protected.
andrew said 6:05PM on 8-05-2008
specifically, we each have a responsibility to our own respective parents/grandparents to make sure they know how to protect themselves...
Eknath Kadam said 5:20PM on 8-05-2008
We have been listening bad words about how safari is not safe and bla bla....But there hasnt been a single incident which has reported someone got screwed because he was using safari browser.
Reply
mi_sat said 5:41PM on 8-05-2008
Hmmm. Apple apologists. Who would have thought?
NutMac said 5:23PM on 8-05-2008
Perhaps just as stupid as users that click on phishing emails are Hotmail's email spam filter. Here's the phishing email that got through Hotmail spam filter:
Subject: *** SPAM (15.817) *** In current of 6 days your account will be delete
From: admin@microsoft.com (admin@microsoft.com)
Sent: Tue 8/05/08 11:40 AM
Confirm your using an account having passed under the given reference
Reply
Danny Goodman said 5:53PM on 8-05-2008
When the phishing hits close to home, you can envision many non-techy users falling for it:
http://spamwars.com/archives/2008/08/itunesapple_id.html
Reply
andrew said 6:20PM on 8-05-2008
if you can't do, teach
if you can't teach, instill fear
if fear doesn't work, take away internet access
my mom and grandmother are scared sh*tless of putting any personal information online (or on the computer at all, actually), which is really for the best, because teaching them how to use the internet is an exercise in futility.
SpinThis! said 5:59PM on 8-05-2008
This article is ComputerWorld FUD at its finest.
I'm a CR online subscriber and I can't even find where Consumer Reports (or Fox) recommends—even in the paid sections—to "scap Safari." The only link to CR ComputerWorld bothered to post is just CR's annual survey of users' experiences with phishing.
So Keizer interviewed Fox and that's what he had to say or ComputerWorld/Keizer is just making stuff up. Even if it's the former, there's no "official" recommendation of dumping Safari on CR's site that I can see. I am a little disappointed if Fox is speaking out on CR's behalf—since the publication is usually very even-biased.
Reply
cantlogin said 6:41PM on 8-05-2008
This is what CR says:
"According to this year’s State of the Net survey, Mac users fall prey to phishing scams at about the same rate as Windows users, yet far fewer of them protect themselves with an anti-phishing toolbar. To make matters worse, the browser of choice for most Mac users, Apple’s Safari, has no phishing protection. We think it should.
What you can do: Until Apple beefs up Safari, use a browser with phishing protection, such as the latest version of Firefox (shown at right) or Opera. Also try a free anti-phishing toolbar such as McAfee Site Advisor or FirePhish."
So they do recommend using a different browser.
SpinThis! said 6:56PM on 8-05-2008
OK I finally found the page:
http://www.consumerreports.org/cro/electronics-computers/computers/internet-and-other-services/7-online-blunders/overview/7-online-blunders-ov.htm
What's recommended is certainly not bad advice but ComputerWorld is still spinning that 1 paragraph into an anti-mac, anti-Safari diatribe. They make Safari out to be such a bad browser but according to Consumer Reports' own recommendations, Firefox 2 only blocked less than 10% of phishing sites. (They didn't test Firefox 3.)
http://www.consumerreports.org/cro/electronics-computers/computers/software/security-software/antiphishing-tools_ratings/ratings/security-software-antiphishing-tools-ratings.htm
2shae said 6:18PM on 8-05-2008
Safari does lack protection.
Sure, most people aren't that stupid or ignorant to click on a suspicious link in their email, but there is a percentage of people who still do...which is why "they" still try to trick you everyday by sending you more and more emails.
Why Apple refuses to add even phishing protection in Safari is quite worrying.
Reply
andrew said 6:20PM on 8-05-2008
I'm sure they haven't flat out refused, its more of a 'we haven't gotten to it yet' or 'we don't see it as a priority right now' type situation
jbrown510 said 6:40PM on 8-05-2008
Phishing protection is lame anyway. I invariably end up turning it off after being annoyed by a false positive or two.
Reply
alansky said 7:58PM on 8-05-2008
Consumer Reports should stick to things they know something about, like cars and refrigerators. They have proved time and again through the years that they know next to nothing about personal computers or the internet.
Reply
Richard said 11:29AM on 8-06-2008
Yes, like all the times they've said that Apple has the best customer support.
alansky said 11:43AM on 8-06-2008
Even morons accidentally speak the truth once in awhile.
Dave said 8:11PM on 8-05-2008
I do agree Firefox 3 goes to great lengths to protect the user (the big red warning with the almost microscopic link allowing one to click through to the site is a nice touch). But the weakest link is always the end user and, ultimately, people need to learn that they do not have a relative in Nigeria who left them $10M and will transfer it to the bank of choice for only $5G.
On another note, as someone who uses Firefox, the green highlight in the address bar is barely catches my attention when I visit a trusted site. I wonder if others even notice it at all.
Reply