Apple Fixes Safari "Carpet Bomb" Windows Vulnerability

Titoxd writes "Apple has released a new version of Safari that fixes the carpet bomb vulnerability in Safari 3.1 for Windows. This comes in the heels of Microsoft recommending against using Safari in Windows, as well as the release of code exploiting this vulnerability."

But did they fix the real bug?

[rustalot42684]

Did they fix the bug where Safari installs as an iTunes update? I'd say that that is a fairly severe bug right there.

Re:But did they fix the real bug?

[99BottlesOfBeerInMyF]

Last I checked the "new" software was still checked by default - and I really don't feel like installing anything that ASU comes with right now. So does anyone know if they finally fix THAT idiocy?

Why would they need to "fix" it. It is operating as they prefer it, the same as all the software MS includes in Windows that most of us would prefer we did not have to install. Is it so difficult for you to uncheck that box if you're performing an update?

Re:But did they fix the real bug?

[torchdragon]

Yes.

Recently, the Java update software has begun asking for the Open Office installer to be installed on the system during an update for Java. Several users at my company have clicked straight through and added more crap to their desktop/registry/uninstall information.

Can we blame the users for not reading every detail and not unchecking a checkbox? Yes.
Can we also blame software vendors who are relying on the aforementioned user behavior to add their software to your computer on the sly? Yes.

Its a bad practice and it needs to stop.

If something is required for the operation of a software package, default to selected.
If something is optional or not required for the operation of a software package, default to unselected.

Why are we allowing marketing to override good engineering?

Re:But did they fix the real bug?

[lusiphur69]

The real question is why are you defending Apple's unethical bundling - when the same is performed by Microsoft we criticize it. Call a spade a spade or you look foolish. Face it, this kind of practice is unacceptable, whether or not it comes from your favorite company.

Is it so difficult for you to uncheck that box if you're performing an update? For me, no. For millions of uneducated end users, it is. Get it?

Re:But did they fix the real bug?

No, it isn't like that. IE7 is an upgrade to something already installed and, to most end-users, in use. Safari is an entirely new piece of software. There's a difference, whether you like it or not.

Hmm?

[koinu]

Safari downloads files (e.g. dynamic libraries) in user directories where the Internet Explorer could autoload them on start. Isn't the bigger problem within Internet Explorer? Why did Microsoft setup a library path to a user's directory at all?

Re:Did Microsoft fix the vulnerability in IE?

[The+End+Of+Days]

The actual vulnerability is that Safari downloaded files without the user's permission. Trying to make this a Windows issue smacks of fanboyism.

Re:Did Microsoft fix the vulnerability in IE?

[gad_zuki!]

How did safari even get on most of those computers. I think people are seriously missing the big issue here.

Imagine if Netscape won the browser wars and you installed Windows Media Player which later on, in the middle of then night, downloaded and installed IE for you. If Office 2008 did this on OSX there would be riots in the street. When Apple does it, its of course Microsoft's fault.

Granted, there's a lot of blame to go around, but claiming this is a MS problem is being pretty unfair and only shows up that Apple can do anything, and few will complain.