In a recent post, I mentioned that Apple had a statement in their EULA for their Safari web browser that it could not be run on Windows machines. If you’ve got iTunes, you’ve probably noticed that when it does it’s “New Update Found!” alert every other day, Safari is suddenly in the list, selected by default.

Now, the EULA has been fixed, so this is all good. Now we’ve moved on to something more important: the security of the browser.

There was a contest recently where a group of hackers had three machines: A MacBook running OS X 10.5.2, a laptop running Vista, and a laptop running Ubuntu. The results of this contest were the following:

• The MacBook laptop was hacked first, within minutes. The method used was a security hole in Safari, an application bundled with the operating system, installed by default.
• The Vista laptop was hacked next, a day and hours later. The method used was a security hole in Flash, an application not bundled with the operating system, installed by the user at the user’s discretion.
• The Ubuntu laptop was not hacked.

Now, looking at these results, we need to consider something important. Since Safari’s introduction to the Win32 architecture, it’s been plagued with security issues. Even with these issues not closed, Apple is all about pushing Windows users to use the browser.

The other problem I see here is the fact that Safari is enabled by default when doing an update. And since this update happens often, you’re likely–one way or another–to eventually install it, accidental or not. It’s not required by iTunes, and for most users, it’s not going to add much functionality.

Hmm.. bundling software (Safari) in a market you already saturate (iTunes). Didn’t Microsoft get in trouble for something like this?

~Jaker