Mar 27, 2008

Nice Safari for Windows EULA mistake

I really can't stand this new auto-install mentality of software developers anymore. It seems any application you install has some sort of online auto-update feature. This is a perfect example of how dangerous it can be. At least we used to have the choice of installing a vulnerable product. Now it can happen even without our knowledge.

The article goes on to say how you aren't in any legal danger by installing Safari on your PC. It's obviously a mistake from Apple. The EULA for a Windows product says that you can't install it on a non-Apple machine. That is just not possible. Jonathan Kramer, a lawyer for the Kramer Telecom Law Firm, says "You can't enforce a term that's impossible."

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

recoiledsnake writes
"The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites."

Further, Wormfan writes
"The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs."