Mac users were alarmed to hear late last week that Paypal is telling its Mac users not to use Apple’s default browser Safari, but to use another browser instead.
This was initiated by comments from Michael Barrett, PayPal's chief information security officer. He claimed in an interview that, "Apple, unfortunately, is lagging behind what it needs to do, to protect its customers."
IE7, Firefox 3, Opera
Barrett added: "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."
The root of the problem is that Safari has no built-in phishing filter which warns users if they are visiting dodgy websites. Nor does it support Extended Validation (EV) anti-phishing certificates, according to Barrett.
"Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that's it," he said. "I'd love to say that Safari is a safer browser, but at this point it isn't," he added.
Teacup storm?
“I think it's a storm in a teacup,” editor of the UK's best selling Mac magazine, MacFormat, told TechRadar earlier today.
“I'm going to continue to use Safari on my Mac for PayPal in the future despite this warning. PayPal isn't saying its website is not compatible with Safari, it just don't like the fact that Safari doesn't have a Microsoft-style anti-phishing bar built-in.
“But what is this anti-phishing software they're talking about? It's a filter in Internet Explorer 7 that warns you when you visit a phishing site. It's a big feature of Internet Explorer 7, and one of the reasons I personally find that browser so irritating to use.
“I find the amount of time I spend clicking the equivalent of a 'Yes, I'm really sure I want to do this' button incredibly frustrating when browsing the web in Internet Explorer 7... Faced with a choice of having to put up with this extra level of obfuscation when browsing the web or not having an anti-phishing filter, like Safari does, then I'll happily go for not having one, thanks."
Clearly, as Barlow reminds us, the easiest way to make sure you never get stung by a phishing site “is to make sure you never click on a link in an unsolicited email claiming to be from PayPal, because they're inevitably fraudulent”.
