MacMost Now 269: Understanding Safari Security Preferences

Learn about the different options in Safari's security preferences, such as fraud alerts and disabling plug-ins, JavaScript and cookies.

Video Transcript
Hi, this is Gary with MacMost Now. On today's episode let's talk about Safari browser security. So being secure while browsing the web is important enough for Safari to have an entire Preferences pane dedicated to just security features. Let's go and take a look at what each one of these does.
So here is the security pane in the Safari Preferences box. Now there's a whole bunch of different things here and if we're not familiar with web security they can be a little confusing. Let's go and take a look at each one. First we've got fraudulent websites. So what happens when you have this on is, when you try to go to a website and it either has malware on it or has been suspected of fishing - that's the practice of trying to get you reveal personal information - uh, it will put up an alert and warn you about this. Now, this doesn't mean that just going to the website is going to be a problem, it's just a warning. So if it's a website that you already know and trust, you can continue to go to it. If you've never been there before or you didn't even request to go there, you thought you were going somewhere else by clicking on a link, then you can stop.
Now where Safari gets this information is from Google. Google keeps a database of sites that may be malicious and it updates this database constantly. And Safari every once in a while updates its local database of that Google database, so that it can know when to show this alert.
So next we've got four different settings for web content: the first three basically disable features of your browser. Now, I'm really disappointed that a lot of security websites basically tell you to turn all three of these off. Yeah, sure that'll make you more secure, but also turning off your computer will make you completely secure. But these are used by websites all over the place. For instance plug-ins include things like Flash, which are used everywhere. Here's what happens when you go to YouTube with plug-ins disabled. Go ahead and you can see that there's no video right there. So turning that off is really gonna disable you from viewing a lot of good stuff on the Internet. Also turning off JavaScript will do even more. And here's what happens when you turn off JavaScript and try to go to, say, me.com - the MobileMe homepage. You can see that it doesn't work at all of course, because those pages are dynamic and require JavaScript.
Java isn't used as much as it once was, so probably disabling this one won't do as much harm, but still there's really no record of there being much harm to be worried about out there in Java right now.
The last one, "Block pop-up windows", well that's one everyone should have turned on. That basically blocks pop-ups, these little windows peering over the content you're looking at right now so that it can show you ads. Very rarely are they used for the general reasons by sites, and if they are you always have the ability to go to Safari and select "Block Pop-up Windows" here to turn it on or off very easily and very quickly, or with the Shift-Command-K. So it's very easy to turn that on temporarily and get that functionality back for a website that may actually be using it.
So the next security preferences are about cookies. Now cookies are something that has been villainized over the last few years in the press as something to be concerned about, but in fact cookies are misunderstood. What they really are is this information is saved on your computer, not information sent to the web server. For instance, if you go to a weather site and you enter in your zip code so it can show you your local weather, it will save that information in a cookie and the next time you go to look at the weather it instantly knows where you're located so it doesn't have to ask you again. That information is on your computer, it's not being stored somewhere else. And it will also remember information for other things, like your preferences for viewing websites for instance.
So what's so bad about cookies? Well, some people don't like the fact that that same information, like your location for that weather site, could be used to show you advertisements based on that data. So you see local ads, rather than just national ads. But it's really not that big of a deal, it's really more of a privacy issue than an actual security issue.
Now you've got three different cookie options: you can always accept cookies, you can never accept cookies, and you can only accept cookies from sites you're visiting. So if there's an advertisement or something else going on on the website, or if the website automatically throws you to another site, then it will block cookies from that site. So I don't really feel any problem with having "Always" checked. As a matter of fact, I could never do the "Never" checked, because there's so many different websites that I go to that it would be such a pain to enter in all my information, what my zip code is, what my initial user ID is, things like, every single time I go and visit them. So cookies are actually a very useful thing, that's why they're there in the first place.
Now if you want you can click on "Show Cookies" to see a list of all the different cookies that are stored on your computer, in your web browser. You can go through and select one and delete it if you like, and you can also remove all of them if you want to clear them out. You can also search for them. Now, another thing about cookies is a lot of times people go an say, "Oh if you're having a problem with your web browser or a problem with the site, try clearing your cookies." This used to be good advice a long time ago, but rarely does it do anything for you right now and, as a matter of fact, it can sometimes be very bad. Especially if you were used to your browser remembering things about each website and suddenly you find out that you're starting with a clean slate again.
Now last on the list in the security preferences is this thing called database storage. This is fairly new to Safari. You can set the amount of database storage and you can also click on "Show Databases". Now if I click here, even though I've been surfing a lot, you can see that there's no databases. This is a new feature and it's very new for HTML 5, which is the most advanced version of HTML, the language that's used to create all webpages. It basically is like a super cookie, allows you to store tons of information on your computer. Again, not on the server but on your computer. And what it does, or will do, is allow applications like word processing, spreadsheets, things like that working inside a browser to actually work with the data locally rather than having to go and constantly transmit the data back and forth to the server. These will be used a lot in the future to allow you to use web-based applications even if you're not connected to the Internet at the moment.
And the last option at the bottom is "Ask before sending a non-secure form from a secure website". So this is in the rare case that you're actually visiting your secure website and you're shown that the website is secure, but it decides that it's going to send some data, information in the clear. So you want to be aware if that's gonna happen, but it's rare that a website would try to do it, especially one that you presumably already trust.
That's a quick look to help understand what all those different options are in the Safari Security Preferences for security. Until next time, this is Gary Rosenzweig with MacMost Now.

Comments: One Response to “MacMost Now 269: Understanding Safari Security Preferences”

    Daniel
    7/24/09 @ 3:11 pm

    Great info in this podcast and clears up a lot for many. :D
    Was really hard to hear the audio, had to plug in speakers to hear you.

Comments Closed.