Slashdot Mirror
Microsoft Urges Windows Users To Shun Safari
benjymouse writes "The Register has picked up on a recent Microsoft security bulletin which urges Windows users to 'restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.' This controversy comes after Apple has officially refused to promise to do anything about the carpet bombing vulnerability in the Safari browser. Essentially, Apple does not see unsolicited downloads of hundreds or even thousands of executable files to users' desktops as being a security problem." Now while downloading a hundred files to your desktop won't automatically execute them, Microsoft's position is that a secondary attack could execute them for you.
A list of actual drive-by vulnerabilities in current Internet Explorer (name-calling went out of vogue when you reached the age of 15, man. You are at least 15, right?) that allow for code execution on the client to substantiate your claim, please.*
Now if you want to point fingers, visit that Dhanjani link and read about the vulnerability he's not disclosing, as a courtesy to Apple; "The third issue I reported to Apple is a high risk vulnerability in Safari that can be used to remotely steal local files from the user's file system [...] it is a high risk issue affecting Safari on OSX and Windows". There hasn't been an update to that in the past 2 weeks, implying that it has not yet been fixed.
The Slashdot headline is pure flamebait and you took it.
It's funny that you say that, because on my MacBook Pro it is the exact opposite. Safari does this and Internet Explorer does not.
Under OS X, when you click an installer image downloaded by Safari it says something like "The application 'Whatever' was downloaded from the Internet on {date}. Are you sure this is safe to open?'
I sometimes use IE on Windows (for testing sites I develop) and I've never seen a comparable message from Internet Explorer.
Maybe you are talking about IE on Vista and Safari on Windows?