Hi, edf. I rather doubt that DEVONtechnologies will attempt to ‘open’ Apple’s WebKit browser core in order to provide for user installation of extensions, unless Apple itself does so. Given the popularity of extensions and plugins in FireFox (which I don’t use for other reasons), perhaps Apple may do that in the future. DEVONagent is my default browser, and it does a good job preventing ‘pop-up’ ads.
Which is ultimately more secure, trusting Apple to provide security fixes, or trusting third-party extension writers to provide security? To tell the truth, I’m not sure, but I’ve browsed for years in OS X with Safari or WebKit browsers and have never encountered a security problem yet with a malicious site (which I probably would never visit unless it were a DA search result, as I do most browsing from a list of several hundred ‘trusted’ bookmarks). But I have a sneaking suspicion that the extension route could allow malicious software to be installed.
Pfhishing scams are becoming more and more sophisticated, and ultimately the user must take responsibility to avoid them, as I don’t think there is any bullet-proof software protection against making a bad decision by the user. Every week I get email purporting to be from my bank, one of my investment firms, PayPal, etc. that would enable the bad guys to steal from me were I to respond. Not too long ago such phishing messages were full of typos and badly formatted. Now some of them are beautifully designed to look official, and if one inspects the links they contain they seem real (and could probably fool protective extensions in the long run). The only true user protection is to avoid responding to them by clicking in their internal links. Which is why all the financial institutions I deal with have warned me to never, never, never reply directly to a message that purports to be from them. Identity theft should be a serious concern to everyone. Don’t trust software to protect against it.
I run behind a firewall. I can see in my menu bar the network and disk activity that’s going on at all times. And I watch the Mac sites for alerts about security issues. I have not (yet) installed virus protection software. But I don’t download software except from trusted sites and I don’t download haxies or other software that modifies the OS, with very few exceptions (haxies not included among the exceptions).
I’ve been buying stuff over the Internet for years, with credit cards. I monitor activity reports on credit cards. There have been two credit card fraudulent transactions, neither from Internet purchases. In one case, a department store clerk kept my credit card number and bought hundreds of dollars worth of clothes and shoes. The department store cancelled the charges to my card. In the other case, my wife’s purse was stolen from her office desk and the thief within minutes had removed $300 from an ATM using that card. The bank refunded the amount to our account.
Actually, the integrity of my data – especially my DT Pro databases – is worth more to me than my checking account or the value of the computers that host it, so the most serious threat as far as I’m concerned is data loss. I combat that by preventive maintenance on my OS and disk directories plus external backups to external media. I use AppleJack, DiskWarrior and OnyX or C*ocktail for maintenance and DT Pro’s Backup Archive script for external (and internal) backups of my databases.
I haven’t lost data, I haven’t been scammed or compromised by malware or phishers and my computers are operating smoothly.
Given the sophistication of firewalls, virus detection, and spam filters, hijacking the web browser is these days the easiest way to compromise a system.