There has lately been a rash of articles about how "insecure" Safari is because it has no anti-phishing mechanism. Frankly, I think this is a bunch of hogwash. It's an attempt to show how lax Apple is about security, and, by implication, how great Microsoft is.
It's not that I don't think phishing is a serious problem... I do! It's just that phishing is not a security issue, which is how the anti-Apple, pro-Microsoft (and pro-Firefox) zealots are trying to portray it.
Here's the comment I left on ZDNet's site about this article, dated 7/23/08:
Phishing scams are very bad, but they are not the same as viruses or malware that gets installed on your operating system. Not even in the same category. They are simply a sophisticated con, and unfortunately there are a lot of naive, clueless web users who will click on any link they're offered. Then again, I know people who are so paranoid they won't click on any link in an email at all... even if it comes from a trusted source (like a friend). I'm not at all convinced that anti-phishing software will work any better than junk-mail filters have, though I understand the need to try.
All you guys who are so hot to jump on Apple need to at least know what you're talking about. Though the companies who make money on security vulnerabilities like to lump phishing in with "security" flaws, in my opinion they aren't. Why? Because they pose no threat to the integrity of your computer or to your network.
Later, in reply to a reader who thought I was kidding with this opinion, I wrote:
Of course it's bothersome... on the same plane as the scum who trick old ladies out of their social security checks by conning them into some phony investment.
Phishing is more insidious, but if you have an ounce of common sense, it's easily avoided.
Not so with viruses and spyware, which can invade your system without any action on your part... not even clicking on a link. If following a link loads a virus, that's not phishing, defined as [blockquote] the activity of defrauding an online account holder of financial information by posing as a legitimate company[/blockquote].
My point is, phishing is not so much a security liability as it is a privacy issue... Phishing amounts to identity theft.
I'm not arguing that phishing isn't a serious concern that needs to be addressed. But I'm saying it's not a security issues in that it doesn't install software on your system, invade your network, or propagate itself to others.
I am arguing that it's more like spam, which is likewise a serious problem that can lead individuals to dangerous websites or tempt them into bad decisions. Like spam, I'm doubtful that any software solution to eradicate phishing is possible.
In this light, the urgency to correct a phishing vulnerability is much lower than that to correct a security vulnerability, and the fact that such a vulnerability exists should not alarm users to the same degree.
Turns out this "phishing" scam isn't over with the iPhone or Safari. See more of my ranting in Part 2 of this topic.