Tech Center Current

A couple of weeks ago, Apple gave the web development world a nice surprise when it released a beta Windows version of its Safari 3 web browser.

Safari is currently the third most used browser on the Web with about 5% usage share, largely due to the fact that it is installed by default on all Apple computers. Safari, as well as its webpage display engine, WebKit, was previously only available on Mac OS X, which left Windows and Linux users with no way to reliably test website compatibility without buying a Mac.

The idea of Apple shipping a Windows version of Safari was met with a lot of excitement. High-ranking employees of Mozilla — the company that develops the second most popular browser, Firefox — were quick to praise Apple for this decision.

However, the excitement was soon muffled by a growing number of problems. From a user experience point of view, Safari for Windows was met with lots of very negative reviews. Popular technology blog Ars Technica stated, “Safari’s user interface simply doesn’t provide the usability or flexibility of competing products.” Many complaints stemmed from Apple’s attempt to emulate the Mac OS X look and feel on Windows, which left the browser feeling awkward and out-of-place.

Then came an avalanche of security vulnerabilities. The official Safari website claims, “Apple engineers designed Safari to be secure from day one.” However, on day one of the Safari 3 beta release, several major security vulnerabilities were already discovered. Security researcher Thor Larholm posted on his blog, “I downloaded and installed Safari for Windows 2 hours ago, when I started writing this, and I now have a fully functional command execution vulnerability, triggered without user interaction simply by visiting a web site.” This is the most serious kind of security vulnerability a web browser can have, and these vulnerabilities were then confirmed by Apple and later patched.

But that wasn’t the end of the security woes. A week later, Apple had to release yet another version to fix more security issues. And the next day, another security vulnerability was found that Apple has yet to fix.

It’s typical for a relatively high number of vulnerabilities to be discovered early after this kind of product release. For most people, web browsers in general are the single largest access points for malicious software trying to get into your computer. The Windows release of Safari was a pretty big-news event among people in the field, and Apple really played up its security benefits. So it was naturally an attractive target for security researchers looking to make some headlines. However, no other browser has been met with this number of security issues in such a short time frame, even when releases like Firefox 1.0 made more news than Safari has. Some security researchers believe this to be an indication that Safari is actually the most insecure of all major browsers on Windows, even counting the infamously insecure Internet Explorer.

Finally, Apple CEO Steve Jobs gave a presentation which was very unsettling to many of the early supporters of Apple’s decision to bring Safari to Windows. In the presentation, Jobs presented a pie chart showing the respective usage shares of today’s major browsers, with Internet Explorer at about 78%, Firefox at 15%, Safari at 5%, and other browsers at 2%. Next, he presented a graph which showed his vision for the future: Internet Explorer with the same usage share as before, but with Safari taking up the entire remainder of the pie, thus eliminating all other minority browsers. Mozilla COO John Lilly criticized Jobs on his blog, stating, “This world view that Steve gave a glimpse into betrays their thinking: it’s out-of-date, corporate-controlled, duopoly-oriented, not-the-web thinking. And it’s not good for the web.”

Safari has an interesting history. Its webpage display engine, WebKit, was derived from the open source KHTML engine, which was developed for the Konqueror browser on Linux and is used in some portable devices and other small applications. Although Apple has made WebKit open source and continues to forward their code changes to the KHTML group, it’s Apple’s general nature to be secretive about its development projects, hence the surprise about the Windows version. Safari’s mixture of open source code and proprietary-themed management is unique when looking at the other popular web browsers. Mozilla, the developers of the only other major open source web browser on Windows, has a very open and transparent nature about the way the company is run and the plans it has for future projects. In general, open source communities have always held freedom of choice in high regard, but Steve Jobs’ presentation seemed to have betrayed this line of thinking, idealizing a world with less choice.

The fact remains that this is the first time the WebKit engine was reliably available on a major non-Mac operating system, which means more convenience for web developers. Safari 3 also boasts much improved support for web technology than the Safari 2 series. But in terms of whether or not it’s the right browser for the average user, Safari isn’t looking too good so far.