Skip to content

TechRepublic

  • Top Products Lists
  • AI
  • Developer
  • Payroll
  • Security
  • Project Management
  • TechRepublic Academy
  • Innovation
  • Cheat Sheets
  • Big Data
  • Tech Jobs
  • TechRepublic Premium
  • Top Products Lists
  • AI
  • Developer
  • Payroll
  • Security
  • Project Management
  • TechRepublic Academy
  • Innovation
  • Cheat Sheets
  • Big Data
  • Tech Jobs
  • See All Topics
  • Sponsored
  • Newsletters
  • Forums
  • Resource Library
TechRepublic Premium
Join / Sign In
Security

Securing Safari: How to run Apple’s Web browser securely

By ryan naraine June 14, 2007, 12:18 PM PDT

Image
1
of 7

Securing Safari: How to run Apple’s Web browser securely

Picking the right Safari download

Picking the right Safari download

Despite Apple’s claim that its engineers “designed Safari to be secure from day one,” researchers have already found several dangerous flaws in the new Safari for Windows browser.rn

These flaws can be used to launch drive-by malware downloads if a user is lured to a malicious Web site.rnrn

Here are several steps you can take to disable various features in Safari to reduce the risk of hacker attacks.rn

On Apple’s Safari download site, Windows users have two choices — Safari bundled with QuickTime or Safari as a standalone download.rn

If you wish to beta test the new browser, avoid the QuickTime bundle, which could potentially introduce additional security risks.rn

You can download the browser without giving your e-mail address to Apple.

Securing Safari: How to run Apple’s Web browser securely

Installation choices

Installation choices

During the Safari for Windows installation process, Apple gives you the option to install the Bonjour networking service and a software update utility that helps with the patching/updating process.rn

For security reasons, uncheck the Bonjour service installation. There have been serious code execution holes found in this service.rn

Install the Apple Software Update tool to ensure you receive fixes and security patches automatically.

Securing Safari: How to run Apple’s Web browser securely

Pop-up blocking

Pop-up blocking

This screen is taken from Safari on the Mac but it also applies to the Windows version.rn

On Safari for Windows, choose Edit and ensure that Block Pop-up Windows is checked. rn

The shortcut for this is Ctl+Shift+K.

rn

This option will prevent sites from opening another window through the use of scripting, or active content.rn

You should be aware that while pop-up windows are often associated with advertisements, some sites may attempt to display content relevant to your usage of the site in a new window.rn

Therefore, setting this option may disable the functionality of some sites.rn

Source: CERT/CC (Computer Emergency Response Team Coordination Center).

Securing Safari: How to run Apple’s Web browser securely

Downloading and opening files

Downloading and opening files

On the Mac OS (screenshot), choose Safari > Preferences. On Safari for Windows, choose Edit > Preferencesrn

In the General tab, you can set up many options such as Save downloaded files to: and Open “safe” files after downloading.rn

CERT/CC recommends that you save downloaded files to a temporary folder that you create for downloading files. rn

For security reasons, be sure to uncheck the Open “safe” files after downloading option.

Securing Safari: How to run Apple’s Web browser securely

Beware the auto-fill feature

Beware the auto-fill feature

Move next to the AutoFill tab to select what types of forms your browser will fill in automatically. rn

In general, CERT/CC recommends against using AutoFill features because if someone can gain access to your computer, or to the data files, then the AutoFill feature may permit them even easier access to other sites that they would not otherwise have the ability to access. rn

However, if used with appropriate protective measures, it may be acceptable to enable AutoFill. rn

On the Mac, use filesystem encryption software such as OS X FileVault to provide additional security for files that reside your home directory.

Securing Safari: How to run Apple’s Web browser securely

Plug-ins, JavaScript and cookies

Plug-ins, JavaScript and cookies

The Security tab includes the most important settings to help reduce the risk of drive-by downloads.rn

The Web Content section permits you to enable or disable various forms of scripting and active content. CERT/CC recommends disabling the first three options in this section, and only enabling them when you require the functionality of these features.rn

You should select the Block Pop-up Windows to prevent sites from opening another window through the use of scripting, or active content. However, be aware that while pop-up windows are often associated with advertisements, some sites may attempt to display content relevant to your usage of the site in a new window. Setting this option may therefore disable the functionality of some sites.rn

Use Safari without plug-ins and Java by disabling the options Enable plug-ins and Enable Java. rn

It is also safer to disable JavaScript. However, many web sites require JavaScript for proper operation.rn

You can also disable cookies and view or remove cookies that have been set. rn

CERT/CC recommends disabling cookies and enabling them only when you visit a site that requires their use. At this point, you should determine if the site is trustworthy (i.e., contains no malicious content and is securely designed) and determine whether you want to allow cookies to access the site’s content. After you are finished visiting the site, we recommend disabling cookies until you need to access a site that requires cookies. rn

You can limit cookies to the sites that you navigate to by selecting the option Only from sites you navigate to. This will permit sites that you visit to set cookies, but not third-party sites. Finally, we recommend selecting the Ask before sending a non-secure form to a secure website option. This will alert you when data is sent to a secure web site over an insecure channel.rnrn

Source: CERT/CC.

Securing Safari: How to run Apple’s Web browser securely

Private Browsing

Private Browsing

Safari (on Mac and Windows) offers a feature called Private Browsing.rnrn

You can turn this on via the Edit drop-down on Windows or from Safari on the Mac.rn

When Private browsing is turned on, Safari won’t store your Google searches, your cookies, the history of sites you’ve visited, your download history, or information from online forms you’ve filled out. rn

If you’ve been browsing without private browsing turned on, just use Privacy Reset to empty your cache and clear Safari of your browsing, forms, and search history.

  • Security
  • Account Information

    Share with Your Friends

    Securing Safari: How to run Apple’s Web browser securely

    Your email has been sent

Share: Securing Safari: How to run Apple's Web browser securely
Image of ryan naraine
By ryan naraine
  • Account Information

    Contact ryan naraine

    Your message has been sent

  • |
  • See all of ryan's content

TechRepublic Premium

  • TechRepublic Premium

    Best of Confluent Current 2023: The State of Data Streaming

    TechRepublic Premium was at Confluent’s Current 2023 event, held in San Jose, California, September 26-27. Our coverage of the event comprises an analysis of data streaming, interviews, the role of stream governance and a look at Apache Flink. From the download: Confluent used the Current 2023 ‘next generation of Kafka Summit’ event in San Jose ...

    Downloads
    Published:  September 27, 2023, 4:00 PM EDT Modified:  September 28, 2023, 1:00 PM EDT Read More See more TechRepublic Premium articles
  • TechRepublic Premium

    Quick Glossary: Fintech

    Fintech is a fast changing landscape that constantly introduces cutting-edge ideas and developments. TechRepublic Premium presents this quick glossary of fintech terms and concepts to help you understand technological breakthroughs and make educated decisions. From the glossary: DECENTRALIZED FINANCE Often referred to as DeFi, this utilizes emerging technology to remove third parties and central financial ...

    Downloads
    Published:  September 27, 2023, 4:00 PM EDT Modified:  September 28, 2023, 8:52 AM EDT Read More See more TechRepublic Premium articles
  • TechRepublic Premium

    Anti-Money Laundering Policy

    Money laundering poses a detrimental impact on businesses and the economy as a whole. According to the United Nations Office on Drugs and Crimes, the amount of money laundered around the world in a single year is presumed to be 2–5% of global GDP, which is roughly $800 billion to $2 trillion. The purpose of ...

    Downloads
    Published:  September 27, 2023, 4:00 PM EDT Modified:  September 28, 2023, 9:14 AM EDT Read More See more TechRepublic Premium articles
  • TechRepublic Premium

    Hiring Kit: Video Game Audio Engineer

    Modern video games rely on a cornucopia of sounds to engage and engross players. Whether it is ambient sound to set the mood, music to invoke a feeling or dialog to tell the story, sound is vital to the immersive experience of a video game. The individual responsible for meshing all those disparate sounds together ...

    Published:  September 27, 2023, 4:00 PM EDT Modified:  September 28, 2023, 10:00 AM EDT Read More See more TechRepublic Premium articles

Services

  • About Us
  • Newsletters
  • RSS Feeds
  • Site Map
  • Site Help & Feedback
  • FAQ
  • Advertise
  • Do Not Sell My Information
  • Careers

Explore

  • Downloads
  • TechRepublic Forums
  • Meet the Team
  • TechRepublic Academy
  • TechRepublic Premium
  • Resource Library
  • Photos
  • Videos
  • TechRepublic
  • TechRepublic on Twitter
  • TechRepublic on Facebook
  • TechRepublic on LinkedIn
  • TechRepublic on Flipboard
© 2023 TechnologyAdvice. All rights reserved.
  • Privacy Policy
  • Terms of Use
  • Property of TechnologyAdvice