Well, it didn't take long (I didn't think it would). Within two hours, a protocol handler exploit (including proof-of-concept) was posted up on the web, and then a handful of security researchers published the results of their own delving (mainly involving a stupid amount of fuzz testing to try and find weak points in the code). They turned out a fair few, less than I thought would actually be discovered (being the eternal cynic), but obviously WinSafari is still less than two days' old in the wild so I suppose there's more to come.
"It took all of two hours for researchers to find 6 bugs in the Windows version of Safari, 4 DoS attacks and 2 remote code execution bugs."
(via Wired Compiler)
Aside from the bugs in my initial impressions writeup, here's what's been found:
- The 0day exploit (found in two hours) by Thor Larholm (more info and PoC on his site);
- 4 Denial of Service attacks and 2 remote code execution attacks (found by David Maynor (yes, he of Apple WiFi hack) with free tools and a bit of elbow grease... more info);
And to top it off:
- Many of the exploits also run on the OSX version of Safari, due to the shared codebase... Nice!
"It's clearly fast. Very fast. Like, noticeably fast, loading a half dozen sites (that take IE7 or FF2 a few seconds) within a blink of an eye. If nothing else, they've set the performance bar higher."
... And you know what? I'm inclined to agree with him on this one. Obviously the rendering engine is a fast one, and as it's built on the open-standards WebKit framework with a bit of luck some other enterprising souls will come along and build a nicer-looking browser on top of the codebase, which would be perfect.
What holds me back from using Safari is... Well... I guess for one thing, it's the problem of it being an Apple-designed program for me. The forced Apple-style interface (ugh), the stupid layout and obvious skimming-over of standard Windows design (hello? top-left chrome menu?) and ignoring of design standards for the shortcuts, browser window design, missing features... Not being able to resize the window from anywhere except the bottom-left corner (where did the usability go?)
For me it's the little things with Apple's design conventions, and they all add up into a really frustrating experience for me. If Apple fix the bugs, standardise Safari's interface to match that of other Windows apps, maybe make it skinnable and retract their slightly pompous "Apple engineers designed Safari to be secure from day one" statement, I might consider using Safari on my laptop alongside Firefox, IE(6) and Opera.