Safari Windows Detection ... and all That Implies
Apple recently gave Windows iTunes users the option to download the Safari web browser. This move was criticized by many bloggers and security experts. What we will be discussing in this blog today is detection of the Windows Safari application and also examine how organizations could react to this situation.
Detection
Nessus plugin #31788 named "Safari Detection (Windows)" looks for Safari installed on a Windows platform. This plugin requires credentials to analyze the Windows system to see if the browser has been installed. If credentials are not available, this plugin won't report an issue.
The Passive Vulnerabiltiy Scanner can also be used to generically report the active web browser being used on any host it sees web traffic originating from. In the Security Center screen shots below, all user agents detected by the PVS have been listed:
|
|
In the screen shot on the left, only Safari browsers on Mac OS X computers are shown. On the right screen shot, a host that has a single Windows Safari client is shown among several different other browser types. The PVS also has a unique plugin (#3705) which detects the Safari browser.
Analysis
I've had a few conversations with our customers about this issue and there are a few themes:
- In organizations that banned the use of iTunes, this event gives them much more evidence to support this decision. The organization should be in charge of what software gets run on a network, not the application vendor. This also gives them reason to ban other applications that might include a software delivery method.
- In organizations where iTunes use is allowed, but there is still a requirement for a standard browser such as Internet Explorer, some leniency was given to users who have been educated to accept security updates from their vendors. It could be argued that the Safari push looked like a security update.
- Some organizations are modifying their acceptable use policies to more explicitly state that unauthorized software should not be installed, even if it is from the vendor of an approved application. I've heard several comments from customers basically expecting other major software and operating system vendors to use this sort of technique.
For More Information
We've bloged in the past about enumerating various applications and finding software that should not be there on a corporate network:
Related Articles
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
