Slashdot Mirror
Microsoft Says Google Chrome Frame Makes IE Less Secure
Mark writes "The release of Google Chrome Frame, a new open source plugin that injects Chrome's renderer and JavaScript engine into Microsoft's browser, earlier this week had many web developers happily dancing long through the night. Finally, someone had found a way to get Internet Explorer users up to speed on the Web. Microsoft, on the other hand, is warning IE users that it does not recommend installing the plugin. What does the company have against the plugin? It makes Internet Explorer less secure. 'With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers,' a Microsoft spokesperson told Ars. 'Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.'"
stones/glasshouses
Friends don't let friends use Internet Explorer anyway.
Ofcourse it makes it less secure, it lets you run Javascript faster, so that all those drive-by malware installers can execute faster!
It pays to be obvious, especially if you have a reputation for being subtle.
What do you expect; "This is great now our customers can access standards-compliant sites and have a faster, smoother web experience"?
Dear Microsoft:
Citation please. Evidence. Facts. Or retract.
'k thanks,
Google
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
. . . which is why one should run Firefox, konqueror, Mozilla, or Opera on Linux, Solaris, or BSD instead.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
I'm not Microsoft's friend or family.
Of course it doubles the attack rate of malicious scripts... It makes Javascript run twice as fast.
In other news, Microsoft has said that Moores Law is a security risk, because viruses can install themselves twice as fast every 18 months.
You just made one of the most important arguments against Silverlight official.
"Given the security issues with plugins in general and Google Chrome in particular"
O RLY?
I'm happy to believe that IE8 actually has a good security model. I'm happy to believe that Chrome is not without flaws. But, really, Google have gone through fairly considerable pain and implemented quite strict sandboxing techniques for Chrome, to contain any problems in the renderer. It's pretty solid. Maybe it's better than IE8, maybe not. But just hand waving and going "Oh yes, *especially* Chrome" as if it's common knowledge that it's insecure is simply FUD.
The point about increasing the attack surface area seems more valid, perhaps, though it really depends on how this plugin works. If there are really twice as many places available at once then yes, that is a worry. If you'd have to get through Chrome's security and then through IE8's security, that actually sounds quite good. Possibly the biggest security worry I see is in encouraging users to think that installing a large, scary plugin that basically replaces the guts of their browser is a normal occurrence that will make their internet experience better.
"Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."
Given that logic we shouldn't use Windows. Thanks Microsoft!
So... forcing the .NET plug-in on Firefox users was OK, but a voluntary add-on from Google is a security risk? Good to know.
a new open source plugin that injects Chrome's renderer and JavaScript engine into Microsoft's browser, earlier this week had many web developers happily dancing long through the night.
Dancing Developers?? Get back to developing webs, like you're supposed to be doing! Didn't anybody tell you that you are no good at dancing?
... and then they built the supercollider.
Sweet Shimmer Glitter Lube. In juicy apple, boysenberry, pink champagne or pina colada.
Lets revisit this in a year's time. It will be interesting to see how many vulnerabilities are introduced by this compared to how many vulnerabilities in IE do not occur when browsing in a Chrome Frame. My guess is that it will be about even.
Did anyone else who read the headline think how is that possible?
As Ralph Wiggum would say:
That's unpossible!
... we should ban flash, acrobat reader, quicktime, and dozens of other plugins that all have regularly reported vulnerabilities.
So they made great progress improving the security of IE8, but "plugins in general" still have security issues? Am I the only one who sees a faint contradiction here?
Microsoft is not a risk we would recommend our friends and families take.
This is not a risk we would recommend our friends and families take.
Especially the children. Think of the children!
He should have used "mortal danger" instead of simply "risk". Also, change "would recommend" for "let". And add some exclamations, for god's sake, this is serious.
Thus, the closing sentence should be:
"This is not a mortal danger we let our children take!"
However, once you've decided to push factless crap with fear mongering, at least do it with style.
I recommend:
"If you allow your children to install the google demon, your entire family will suffer an eternity of pain, in HELL!"
"This is not a risk we would recommend our friends and families take." The Microsoft representative further stated that "Allowing your children to use the Google Chrome Frame plugin is tantamount to child abuse. In fact, we're not so sure that anyone installing this is truly capable of feeling love. What kind of heartless monster would willingly install this on their loved ones' browser?"
".... has doubled the attack area for malware and malicious scripts."
Can't the same thing be said about the Flash Player Plugin?
Because people still using IE6 are really worried about their browser security...
I heard about this but I wasn't going to install it yet. I don't use a lot of I.E. stuff, but what I do is Javascript intensive, so now that I know that your don't like it at Microsoft I have now installed it. Thanks for the heads up... since you don't like it there must be a reason to give it a look.
How could anyone possibly make IE less secure?
and, no, I don't think 8 is any better than previous versions!
It's simply not possible for IE to be less secure, even if they stuck giant yellow landing stripes with a big blinking arrow visible from space with the label "ATTACK ME" on it.
Well, the first question that comes to my mind is this:
Why even bother using IE in the first place? The tab structure of Chrome is way better in my opinion. I'm not sure if IE8 supports tab dragging, but in Chrome, I love the ability to drag individual tabs out of the main window so that the tab becomes its own independent window. Often I'll have some code reference up on my main monitor, and I'll drag a hello world (or some test equivalent) page as a tab out of the main application. In IE, you'd have to run the program again to achieve the same result.
Barring asinine security policies that prevent you from being able to use Chrome altogether, I just don't see the benefit of a plugin at all when you could just be using Chrome. *shrug*
..is scared.
So Microsoft, how does it feel? How does it feel to have a big bad company with a near monopoly in one market (Google in search) threaten your stake in a different market (browsers)?
FAQs are evil.
But I doubt that even they could make IE less secure than it already is.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
>Microsoft Says Google Chrome Frame Makes IE Less Secure
Everyone knows Microsoft Is What Makes IE Less Secure!
~ there...fixed that for you.
MS was actually pretty fast in addressing this urgent security matter!
If only they were this prompt in addressing the security and standard complaints they have...
did you mean "Horribly insecure operating system"?
I'm not saying that google should use thier position as #1 search provided to bitchslap slap microsoft but if i were them:
active X => did you mean "poorly thought put gaping security hole"?
fault hardware => did you mean "xbox"?
how do i get rid of malware? => did you mean "how do i install linux"?
IranAir Flight 655 never forget!
Ah, OK, I hadn't realised that about it. Because of not reading TFPA (the fine previous article) on the plugin.
But - as you say - it's not really clear how Chrome makes things worse.
Also, it sounds like it's not then a case of:
Total vulnerabilities = IE8 vulnerabilities + Chrome vulnerabilities
but rather
Total vulnerabilities = IE8 vulnerabilities - IE8 renderer vulnerabilities + Chrome vulnerabilities - Every Chrome vulnerability that's *not* in the renderer
And it's not obvious to me that this total number is any worse than either browser in "vanilla" state would be expected to have.
What? No 'Hot Grits' flavor?
This guy's the limit!
Who wants to place bets on how long it will take before the "Windows Malicious Software Removal Tool" flags this plugin as malicious software and automatically removes it?
"But it's a security risk!" they'll say...
I seem to remember back when Microsoft first introduced the removal tool, that it flagged IE as harmful and deleted it.
You should get modded up. Yes, others have also mentioned that it's just webkit (and V8, I guess). So Chrome's sandboxing isn't there, in that case. But it's still not clear to me why this would necessarily be worse. The MS statement still smells like FUD to me - they're basically suggesting that Chrome's rendering engine is obviously less secure than IE's but not really saying why. And if they're omitted the complexity of the rest of Chrome and just replaced the rendering engine it's still not really clear to me why the total attack surface would be any greater - there's still the same number of components in there as in the vanilla browser, just mixed up a bit.
I don't suggest anyone use ChromeFrame. It would double the attack-vector for malware. Unfortunately for Microsoft, the logical conclusion would be to simply switch completely to Google Chrome, as that would be the least susceptible browser of the two choices.
Will do Microsoft. Thanks for the heads-up.
So that means that the plugin architecture of IE 8 is completely insecure ?....
I don't know whether to laugh, cry, or ask where I can order some of that.
One of these days, I am going to flip out. When I flip out, I'll be back in five minutes.
So people who don't want to download and use the Chrome Browser are going to be more likely to download and use the Chrome Plugin?
Microsoft has told skydivers that they don't recommend using parachutes, because a parachute adds to their weight.
This (as the advice stated by microsoft) is based on strictly true facts (greater attack area) but it is also strictly useless advice...
applying the same crazy MS thoughts, then Silverlight make IE less secure
Well of course Microsoft "doesn't recommend" their friends and family use the Chrome plugin. If they did, next thing you know their friends and family are down at the T-Mobile shop eying Android phones, or over at the Apple Store snapping up an iPhone. As long as those friends and family are only exposed to Microsoft products, they'll never realize that the grass, indeed, really is greener on the other side of that fence - because those other guys actually feed and water their lawn!
#DeleteChrome
By running this plugin, you would be exposing yourself to not only Possible IE exploits, but possible Chrome Exploits as well. It would be much safer to run the Chrome browser standalone since it reduces the attack surface. It would probably be faster standalone too.
In Soviet Russia, Trojan exploits YOU!
Making IE LESS secure is like discovering perpetual motion - rational people had long since concluded that it would be IMPOSSIBLE.
hey Microsoft you always pushing your company too hard don't dictate us which one would we choose... if some love google ok make that as a challenge make yours more advanced than theirs so that we chose you in the world today its full of challenges... http://www.techandgizmo.com/
Finally, someone had found a way to get Internet Explorer users up to speed on the Web.
Really, are common IE users are all going to rush to install this plugin? I'd bet most don't even KNOW what javscript is, much less that there's a plugin that makes it better. If you manage to convince users to install it to improve their google experience, can we really call them 'up to speed on the web'? Anyone really 'up to speed' has moved on to another browser anyway, unless they're forced to use IE (company policy, etc).
Microsoft, you're a, you, ah, you're such a bad company. Like all the way through to your core.
You should check out Privoxy as an AdBlock replacement, it runs as a daemon / service, so it'll work with _any_ browser you use.
There are a number of services that the container for these plugins should be provided and are therefore responsible for. Security is one of them - otherwise you can't claim to have a secure container.
Often we have heard of plugins being blamed for Firefox performance, for example, and I wouldn't accept that either.
Genesis 1:32 And God typed
Wasn't there a Microsoft add on for Firefox that forcefully installed itself. Wouldn't that increase the "surface of attack". Why doesn't Microsoft get with the interests of their customers, developers and let us make informed decisions. Or at least follow their own advice.
Which browser is more capable in some abstract sence matters little, what is important is what browser does what I want it to do ( for lazy site developers that means let me use the most features while having everyone able to view the site, for users it means which browser works with most of the web, and is integrated into my desktop OS as well making it fast to load ) And since people's machines were smaller back then most people just didn't have the ram to waste on having two browsers preloaded into ram all the time so they would both load fast IE did much of the work of the windows gui which actually makes sense. ) For that advantage, the browsing capabilities of IE could be quite inferior before using another browser on windows was justifiable. Many of us (like me) did it anyway, but most didn't have a stake in the browser wars, or understand that the only reason IE worked at all was that there was an alternative. A monopoly will always produce a steaming pile of crap because monopolies are allowed to. Monopolies always underproduce and overcharge. Competition means quality is necessary, and that it won't cost too much. Of course Microsoft is capable of producing good stuff, but not if it doesn't have to.
Spending what could be shareholder profits on quality requires justification by the threat of losing customers.
I guess they forgot about their little .NET plugin which insinuated itself on Firefox installs.
Where's the outcry on that gem? Hmm? I mean other than here in slash, which no mainstreamer even knows about.
The "Civilized World" jumped the shark ca. 1973.
A while ago someone at our office installed an ActiveX plug-in for Firefox so that they could use some internal web app. Talk about security hole! Adding IE into anything is a disaster.
Someone who can't install a new browser (for whatever reason) is not going to be able to install a plugin for the same reason.
Ah, OK. That's a bit manky but it does explain where the bigger attack suface comes from I guess - you get to choose which renderer you attack. It's not a doubling in attackable code, since only the renderer is swappable. But there are two renderers and you can choose which one to attack. Ewww, though.
Google Frame may or may not make IE more or less secure. I would support that Google Frame makes IE no less insecure than it already is.
What MS is REALLY concerned about, is not the security. Ha, when has MS really been scared of botnets and malware?
No, the REAL reason is that Google Chrome and up coming Google OS plans to allow programmers to make 3D games, mult-media softeware (photoshop, audition, 3dsmax,,,etc) and ANY OTHER type of application that would normally be only available to applications programmed and run on as a native EXE binary.
What Google is trying to do, is make the platform (Mac, Linux Windows) irrelevant, by allowing the Browser to become so powerful and flexible, that is does not matter what OS you run. This effectively threatens Microsofts #1 cash cow, WINDOWS.
You can blame MS for deciding to attack Google with BING... now Google is responding in full force. Google does NOT want to die out and allow BING to take out Google and it's Search market share.
So, it is war. And Chrome OS is Googles weapon. (It started with Google Docs, than Gears, now Google Native Client)
While I may disagree that it's a problem, with your citations we can talk about facts. Thanks.
The first security flaw was from September 2008, and involved social engineering. From the looks of it, the Chrome guys were so familiar with the Chrome interface that they probably didn't consider that anyone could be tricked into downloading an app. with that technique. The fact that Apple had already tested with a "more diverse" user set is unsurprising.
The second technique:
"If a user has Google Chrome installed, visiting an attacker-controlled Web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice. Such an attack only works if Chrome is not already running. "
I don't really blame them for missing this since they probably don't use IE. And I must say I would have been tempted to classify this as an IE bug.
If the examples you provided are typical for the Chrome security flaws I think it's time to deploy it to my friends and family.
Embrace, Expand, Extinguish... It's not supposed to work against MS products.
Help! I'm a slashdot refugee.
Sure, adding anything to IE will only give it more possible attack points. Adding any other in-tab browser to IE will give IE the additional security vulnerabilities of that browser. This will increase the total number of possible security holes in the application.
But... on most sites you only use one type of browser at a time. And since it is well known that IE is 1) insecure, 2) a bullseye painted on a target ... it can only increase your overall safety to use a different browser. In particular chrome/webkit.
So both true and false, depending how you look at it.
I really don't think there's any way to make IE *less* secure than it already is.
Haha, good one - we know you work for MS - you have no friends, and your family has abandoned you. Enjoy your "safer" browsing experience alone.
> a Microsoft spokesperson told Ars
a Microsoft spokesperson was talking out of his Ars
There, fixed.
an active internet connection makes IE less secure. so.
to ma to
to mah to
The Update:
In .NET Framework 3.5 SP1, the .NET Framework Assistant enables Firefox to use the ClickOnce technology that is included in the .NET Framework. The .NET Framework Assistant is added at the machine-level to enable its functionality for all users on the machine. As a result, the Uninstall button is shown as unavailable in the Firefox Add-ons list because standard users are not permitted to uninstall machine-level components.
In this update for .NET Framework 3.5 SP1 and in Windows 7, the .NET Framework Assistant will be installed on a per-user basis. As a result, the Uninstall button will be functional in the Firefox Add-ons list.
This update will also make this version of the .NET Framework Assistant for Firefox compatible with future versions of the Firefox browser. To properly update the .NET Framework Assistant, this update must be applied while the extension is enabled in Firefox. ... Updates to the .NET Framework Assistant may include updates to the Windows Presentation Foundation Plug-in for Firefox causing it to be enabled upon its initial update.
Update to .NET Framework 3.5 SP1 for the .NET Framework Assistant 1.0 for Firefox [May 6 2009] [about 700 KB]
The update is in .Net framework 4.0, currently in beta. How to remove the .NET Framework Assistant for Firefox [June 2, 2009]
By encouraging the use of an insecure browser, they will cause more people's computer to be compromised.
Google is not in the business of providing searches. Google is in the business of selling ads. It just happens that having the best search gives you more eyeballs on your ads. They leverage that advantage to gain share in other markets. It does sound like another company I've heard about.
But you're on target here, this is obviously not comfortable for Microsoft. Five years ago they wouldn't have even bothered to issue a response. This is the kind of press release that is pure fear.
Someone has made a plug-in for your browser that makes it 8X faster.
It's something I said a long long long time ago. What can kill Microsoft? Something free.
At least, not yet.
IE5 at its time, was great compared to Netscape. MS has a lot of internal resources, many of which are currently working on the Windows Mobile 7 OS. When that task completes, they will move on.
Right now the big allure is HTML5 support and some other things. The average internet user doesn't know what "Chrome" is, much less the Chrome plugin, and unless it's pre-installed on the OS, they won't EVER know. They just know that "E" on the desktop gives them internet.
Keep in mind, there are still a LOT of people running IE6, Windows XP SP1, and other outdated software. They won't update any time soon, either, until their PC dies or is totally unusable. Google is hoping that their cloud services will be a great offering and replace what the desktop OS traditionally does, and they create a fast and neat browser that hooks into their services like Gears or Wave or whatever -- and guess what? Nobody is going to use it for a LONG TIME.
HTML5 is still in draft stages, and it will likely be years before there's any progress made to confirm it. The video standard is still up in the air, so nobody knows anything yet on that front, and Google already 'supports' it. Well, they support their interpretation of it. I'm hoping for Ogg myself :)
I have no doubt, that when push comes to shove and MS starts getting a real threat that makes a mark on their bottom line due to HTML5, or more adoption or education on consumers, they will make a paradigm shift. Who would have thought that the OS after Vista would come out so quickly, and be so great (Windows 7)? But they did it, and I have no doubt they will do it again with IE, and do it yet again with Windows Mobile. But that's the nice thing, Google in this fight makes it competitive, and competition is good for all of us as consumers.
And I am typing this on Firefox, so go figure :)
The price is always right if someone else is paying.
Microsoft is talking about the security framework of IE 8 and they're absolutely correct. Bringing up IE 5 and IE 6 and IE's of times yore is completely irrelevant.
This isn't about characterizing the Microsoft enterprise as some sort of individual and IE as some sort of character in a dramatic play. This sort of analysis is irrational when talking about security.
We are talking about the current IE 8... and IE 8 is extremely secure as it is. I brought up this exact issue the other day because it is a relevant point-- how much can you safely strip from Google Chrome before its security model is irrelevant to the IE plugin model and you've created a new entry point?
If you want Google Chrome, it would be more secure to simply run Google Chrome.
Putting these two browsers together creates awkward new security situation that completely defeats features like antimalware and anti-XSS protecton where IE 8 excels.
Take your fanboy hats for a moment and try to grasp that Microsoft is bringing up a valid point: if Google doesn't maintain this frame with the same level of resources they throw at Chrome, it will simply become an attack vector that neither Microsoft nor Google will be able to cover.
using tried and true business tactics. If you can't beat em; flame em. Oh Big Blue did it so well back in the day...
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
Microsoft should either drop IE, or deliver a browser with Canvas, SVG, a decent fast javascript implementation, and XHTML. This is the minimum I need to make my companies intranet pages work with it. For now, we have banned the use of IE. It is not a product I miss supporting, since it really was truly a compatibility nightmare. We will absolutely never go back to supporting any product sourced from a single vendor, which we can not easily migrate away from.
The most expensive mistake in IT - vendor lockin.
Okay, so the real problem is people running an 'insecure' _platform_. This includes more than the browser. Now, IE8 running on an updated Vista or Win 7 machine is one thing, but earlier platforms are much more likely to have unpatched bugs in the OS, which seems like a much more serious security issue than Frame installed in IE, especially older versions of IE like 6, so this is really just classic MS misdirection. By not providing standards updates for IE 6, _knowing_ that many people can't/won't upgrade their OS to something that can handle IE >6, AND by not making newer versions of IE capable of running on OS versions older than XP, they have created this problem themselves. It's great that Google is stepping up to the plate. I can see why MS is desperate to use misdirection; they don't HAVE any other solution to the issue.
I generally stand by my assertion of FUD but it's worth noting that the replies and discussion below my original comment are interesting, correct technical inaccuracies and vagueness on my part and are generally important reading. Don't read my original comment on it's own. The replies by others should be modded up to at least the same level as my original comment but I can't do that myself.
Weirdly, looking at those other comments, it seems like some people not only read TFA but also the previous one! Wonders never cease!
I find that IE 8 is less secure if I boot windows with a network connection.
Most MS users I know don't know much about computers and have to trust somebody like MS to let them know what's safe and what's not. From that perspective, this sounds exactly like what MS should have done in this situation -- they're letting their users know it could be an issue. What's the big deal? It's like the automobile industry saying "don't run your car without oil" or something similar, which is pretty generally understood for cars in John Q's world, but much less understood for computers due to the "new-ness". Give it a hundred more years and John Q. will be saying "Yeah, don't put extra stuff on your computer that you don't need, it causes problems", and they'll probably be right, even that far out from now, lol =)
Someone came up with better software than Microsoft and they want to fend off that competition by calling it "Insecure."
The pot calling the kettle black, some might say...
Lets just not use flash either for the same reason, oh wait a minute, instead lets just not use Internet Explorer, Windows or anything Microsoft sell : Because it is inherently insecure by design.
This article is hollow and offers absolutely no proof positive that a Google plugin will cause IE 8 to be less secure. Microsoft is just up to its same old FUD tricks again. Microsoft is using generalities to scare people away from using anything Google related. They are not incorrect about plugins in general. In general, there is some risk for opening up a security hole when an add-on is made to a browser. That said, plugins written by Microsoft, Adobe, or others are not necessarily more secure. My guess is Google took some care in testing as much as is possible. Also, I wonder if the plugin is open source. If the source code is available for the plugins, should a security hole be discovered patches can be quickly released. It simply amazes me how most lay people will take what Microsoft (or any other corporation, for that matter) says as gospel. When a corporation makes a press release, it does so not to be altruistic but to better its own position in front of both the public and investors. The propaganda is convincing for the less knowledgeable. My advice to the laymen is to think about what ulterior motives may be hidden in a press release before taking it as gospel.
Um, the Microsoft HTML control has been the biggest security hole on the Internet since 1997.
They have big brass ones to complain about anyone else's.
Those comments are full of it. The least secure browser is IE. The least compliant browser is IE. Creating a substitute for users is a good thing. It brings choice. If they could complain about Chrome running in IE then they could make claims about Chrome outright. Greater standards compliance brings greater security and accelerates development of products that are OS independent, which creates opportunities outside of monopolistic practices.
You can lead a man with reason but you can't make him think.
If you cant beat it on quality, you try emotion.
wahhhh hah ha ha ha ugh ugh
lol lol
rofl
c a n ' t b r e a t h
ugh ugh ugh
Less Secure
wah ha ha ha ha ha
omg
please ... call ... a ... medic
______________________________ (flat line)
Google Chrome Frame running as a plugin has doubled the attack area for malware and malicious scripts.
:)
So clearly to avoid the doubling of attack vectors, one should avoid IE altogether and just use Chrome. Or Firefox.
"This is not a risk we would recommend our friends and families take."
Friends don't let friends use IE.
This harkens back to the early years of a previous decade, when a much younger Microsoft used this same tactic to scare people off of a nascent competitor, DR DOS.
These young bumpkins that have taken over the company must have been reading up on their predecessors.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Similarly, not wearing a helmet makes jumping off a cliff less safe.
(Clip is a sketch from That Mitchell and Webb Look)
ebay.com:----------253 errors
digg.com:----------371 errors, 285 warnings
reddit.com:--------Valid XHTML 1.0 Transitional
So. Let me get this straight. Chrome plug-in = X2 less secure. So for the last like 10 years every plug-in Ive used makes my IE less secure.... 1 Plug-in = x2 Do 2 plug-ins = x3 or x4? 3 plug-ins = x4 or x16? Let me know...
What's less secure than nothing? ;)
Homonyms are fun!
You're driving your car, but they're riding their bikes there.
With jokes like these, Microsoft and IE really aren't worth complying about :)
Ballmer has got to be furious. He's getting out-flanked on all sides.
MS still have their huge corporate market, but they're rapidly losing their grip on the consumer. Historically where consumers go, corporates follow... like the PC that put MS where is is now.
Do as you would be done to.
The stupid thing here is there are many Add-ons for IE that do ridiculously unproductive things, and that's all fine with Microsoft. But then Google releases one that is actually useful, that doubles the speed of Web browsing in IE, and Microsoft is against that.
> This is not a risk we would recommend our friends and families take.
Weak! I wouldn't recommend you let your dog run IE.
Lame response from Microsoft as usual.
Adding anything to your browser increases the attack surface area. They are not bullshitting you. It's 100% true.
Of course, the better solution is to just use Google Chrome, or anything else not IE.
What are you talking about?..
A browser is only as secure as the most insecure plug-in it allows to be installed.
Can't wait to install Google OS Frame on windows.
IE 8.0 is a POS browser to begin with.. I can't count how many times working computer help desk that we have had to have users uninstall it because it simply does not work 80 percent of the time on most of our applications.
Thank goodness there are so few Microsoft friends and family for them to influence. Seriously, how many people do they think their "friends and family" consist of? If the rest of the world recommends this why would Microsoft's voice have any bearing at all?
You can lead a man with reason but you can't make him think.