Safari - Last Man Standing

Discussion in 'Mac Apps and Mac App Store' started by phillipduran, Mar 8, 2013.

  1. macrumors 6502a


    Apr 30, 2008
  2. macrumors G3

    Jessica Lares

    Oct 31, 2009
    Near Dallas, Texas, USA
    I'm surprised, considering how many times Safari crashes on me, and the fact tat it eats up my memory like crazy. :rolleyes:
  3. macrumors member

    Jul 1, 2012
  4. macrumors newbie

    Mar 6, 2013
    My guess - Safari made it to the end because it's so S L O W that the hackers didn't bother messing with it. :)

    I was a Safari user from day 1 and loved it, but I switched to Chrome months ago. Sorry to say, but Safari is a turd.
  5. macrumors 65816


    Oct 19, 2012
    At least.....

    some nice to say/know about Safari...:D

  6. macrumors 6502

    Aug 30, 2011
    I have been running the Webkit daily build and it is outstanding for me. Very nice ;)
  7. macrumors 68020


    Dec 18, 2006
    Pwn2own started as a Mac hacking contest and hacking Safari used to be the pinnacle event of the contest.

    Headlines artificially made Macs out to be the easiest by saying Macs hacked first but the machines were hacked on a schedule with Macs being first on the schedule. The competition wasn't done head to head.

    Also, companies, such as Microsoft, with a vested interest in the results of the competition sponsor the event. This introduces bias in the presentation of the contest results. Bias influenced by a funding source is a common bias in all research.

    Macs, due to a Unix foundation, have always been more resistant to hacking because Macs don't have structured exception handling (SEH), which Windows does include. SEH allows an attacker to remotely execute code by overwriting the exception instruction and generating an exception (crash). Abusing SEH is much easier than having to create an instability in the process by triggering a vulnerability and overwriting the return address to achieve code execution all without causing an exception.

    Historically, most malware that uses these types of exploits in the wild targets abusing SEH because it requires less skill. SEH also provides second vector if overwriting the return address isn't successful so it is easier to produce more reliable exploits for Windows.

    Mac market share is rising so the motivation to attack Safari should have increased yet no one compromised Safari. No one compromised Safari running on Lion last year.

    The reason for this is that no researcher has demonstrated a method to defeat the runtime security mitigations in Lion and ML since the introduction of position independent executables, which Windows doesn't yet include.

    So, these types of exploits no longer seem to be an issue for Macs due to its Unix foundation and more recent runtime security mitigations.

    But, Macs aren't completely immune from all attacks. Java applets are only protected by the Java sandbox which is independent of the protections provided by OS X. Luckily, the default security setting of Java have been increased and Apple is diligent to blacklist vulnerable versions of Java via XProtect, which is included in OS X, when security threats arise.

    Also, the robust discretionary access controls in OS X mitigate the usefulness of Java attacks at least in mainstream malware, such as malware that targets protected data entry to steal banking credentials, so the typical consumer isn't at risk. These types of exploits against Macs only target specific individuals who work for companies that have valuable intellectual property.
  8. macrumors demi-god


    Feb 26, 2011
    New England, USA
    As a long term turd is stable, never crashes for me, and does the job I want it to do.

    If this makes me an unsophisticated, easy to please moron...I revel in my stupidity.:p:D
  9. macrumors 6502a


    Apr 5, 2010
    One Infinite Loop, Cupertino CA
    Chrome is safari (webkit) with a ****** JS accelerator. Anything you see in chrome is a placebo, it's a proven fact. It has a lower FPS rate in rendering, it executes code slower (saving for V8 optimized fake-world tests) and is all around inferior to safari.

    If you like Chrome because of its features, that's legitimate, but not because of speed.
  10. macrumors 68000


    Jul 25, 2004
    Gloucester, UK
    ... and as far as the tech-press reporting Safari's outstanding performance in this respect, the silence has been deafening.

    I can't say I'm surprised, though. :rolleyes:
  11. macrumors newbie

    Jul 28, 2012
    Ummm. When's the last time you tried Safari? Didn't you know that it's snappier now?
  12. macrumors 6502

    Dec 11, 2012
    I'm a very new user, and love Safari. I am running the WebKit, though.

    Is there a decent portable version for Windows, so I can use it at work?
  13. munkery, Mar 10, 2013
    Last edited: Mar 15, 2013

    macrumors 68020


    Dec 18, 2006
    Here is more information about this topic:


Share This Page