Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Barks Back At Microsoft Over Chrome Frame Security

Posted by Soulskill on from the oh-no-you-di'int dept.

CWmike writes "Google hit back at Microsoft on Friday, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer safer and more secure. 'Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users,' said a Google spokesman today. 'It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months.' On Thursday, Microsoft warned users that they would double their security problems by using Chrome Frame, the plug-in that provides better JavaScript performance and adds support for HTML 5 to Microsoft's browser."

11 of 150 comments (clear)

  1. Re:Google dodged the point by jlp2097 · · Score: 4, Informative

    There's just no reason to get this installed in corporate networks where IE6 is being used (breaks most intranet sites)

    BS! Chrome Frame is entirely opt-in i.e. the website has to include a meta-tag indicating that the site should be displayed in Chrome Frame instead of IE Trident. This is the point of Chrome Frame: allow all these corporations (mostly) to keep their IE6 and maybe IE7 while still having the possibilty to access all these new & shiny ajaxy webapps (like Wave).

  2. Re:So, which side by AmberBlackCat · · Score: 3, Informative

    Everybody I know ends up with the Google toolbar, and most of them don't know how they got it. It's installed the same way as viruses; they just get some software installed, choose typical or default installation, and keep clicking yes till they get to the end. So surely Google could bundle the installer for this thing with the toolbar and everybody will have it. They just won't know what it is, why they have it, or how to get rid of it.

  3. Re:Google dodged the point by daniel142005 · · Score: 4, Informative

    Do you have any idea why they released Chrome Frame in the first place? Its because Google got tired of Microsoft not meeting web standards. Google will be releasing Wave soon and the majority of the population would not be able to use it because IE does not support HTML5. Chrome Frame is just as secure as IE if not more, not to mention, if a bug or exploit is found with Chrome or Chrome Frame, it takes Google hours to days to push out a fix.

    "There's just no reason to get this installed in corporate networks where IE6 is being used"

    Do you have any clue what Chrome Frame even does? It does not force EVERY website to use itself. Only websites that request it or websites that you told to use it. And believe it or not, there are a lot of newer applications in the business environment that do not work with IE6 or even IE7/8.

    "anyplace where IE8 is being used (surface of attack expanded in exchange for little benefit)"

    I guess you are unaware of exactly how much IE8 does not include compared to Firefox/Safari/Chrome, and your obviously not a web developer. Most of the time websites have to have code dedicated for IE otherwise the website will not work right. Google is sick of Microsoft not following standards and them as well as everyone else having to waste their time to make patches so it will work in IE.

  4. Re:Does anyone care? by Shikaku · · Score: 3, Informative

    It doesn't activate on EVERY website. RTFA. It requires a meta tag. Google released this so that IE users can use Google Wave because IE doesn't support HTML5. It can also be used on other websites. I think it's a great move by Google, to smack Microsoft in the face to actually step up to standards.

  5. Re:Chrome Frame sucks for me by IamTheRealMike · · Score: 5, Informative

    ChromeFrame isn't activated unless the website asks for it. So you were just testing the reliability of IE6, not Chrome.

  6. Re:Google dodged the point by Runaway1956 · · Score: 3, Informative

    Coming to a community college near you: Reading Comprehension 101

    The plugin sits idle UNTIL CALLED by a call ON THE SERVER. If the call isn't made by the intranet server, the plugin doesn't do anything, meaning IEx does what it would have done anyway.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  7. Re:Chrome Frame sucks for me by dword · · Score: 4, Informative

    I guess IE6 is THAT unstable. Thanks :)

  8. Re:Chrome Frame sucks for me by Anonymous Coward · · Score: 1, Informative

    Just to be sure it wasn't CF, try adding the cf: prefix to the URL. This will force IE to use CF for that page. E.G., in your address bar put "cf:http://tech.slashdot.org/story/09/09/26/0257216/Google-Barks-Back-At-Microsoft-Over-Chrome-Frame-Security" (w/o quotes obviously).

  9. Re:So, which side by hairyfeet · · Score: 2, Informative

    First of all, I think the word the guy is looking for is spyware/malware. Anybody who has had to remove coolwebsearch knows that nobody goes "yes, i would like a buggy, crashy, POS software that follows everything I do and reports it back. Oh yeah, can I have lots of popups and ads too?" so that is what he was going for I think. Most folks I have dealt with have no clue how they got "Googled" or Yahooed or Asked either. Hell even Java now will hit you with a toolbar when you apply an update if you're not careful, so its no wonder why folks look down on those damned toolbars.

    Second I honestly don't get how this is supposed to make anyone more secure. Give Google more data to mine? Sure I can see that. But more secure? Lets think about it for a minute: First you have IE, and any and all vulnerabilities for it, and then you add Chrome on top, along with any and all vulnerabilities for it as well. So how exactly does running TWO browsers at the same time make for LESS vulnerabilities than simply running one? Because unless there is some hidden voodoo going on I just don't see it. It seems to me it would simply be better to push to get IE6 users to use ANYTHING other than that old POS, than it would be to add more crap on top of IE and double your attack vector. Or am I missing something?

    --
    ACs don't waste your time replying, your posts are never seen by me.
  10. Re:Does anyone care? by TheRaven64 · · Score: 2, Informative

    You seem to have missed the fact that HTML5 is not following the same standards process as previous versions of HTML. It is being developed incrementally (parts of the spec are in flux, parts are fixed) and it requires two independent implementations to exist (like IETF standards) before any part is finalised.

    --
    I am TheRaven on Soylent News
  11. Re:So, which side by hairyfeet · · Score: 2, Informative

    Actually they put a little tiny thing on about page 8 or so of the EULA with language like "In order to give you this awesome shareware title for absolutely free, you agree to install our partners software so they can give you fabulous offers. This software may transmit information in order to better serve you with offers that pertain to your surfing habits" etc. Believe me, as a PC repairman going on 15 years I have run into the "toolbar tango" more times than I can count and it always feels sleazy. Why Google and Yahoo would stoop that low is beyond me.

    Now see, you are hitting the nail on the head as to what is confusing me. We all now IE6 equals total swiss cheese that can turn a box into a virus laden whore faster than you can say coolwebsearch, so how exactly is having Chrome Frame for the very limited number of websites that will call it actually helpful? I honestly don't see malware sites calling Chrome Frame, unless they have an exploit, and then like I said running two browsers would be a bad thing, and not of the good.

    And I have worked on more than a few corporate desktops in my day, before I got burnt on the PHB Dilbert bullshit keeping me from doing my job and providing a secure workstation, and again this just don't compute to me. Those desktops are usually locked down tighter than a Nun's panties and you usually have to go through an act of congress to get squat installed on those suckers, which is of course why they are still running IE6 and not IE7 or 8 or hell, anything that doesn't blow chunks like IE6. So again this looks like such a minuscule amount of folks that this would supposedly help (Has IE6+can't upgrade or switch to a better browser+has permission to install plugins) that it just doesn't seem worth the development effort to me.

    In my mind the only way this makes any sense at all is if Google is hoping to get the "clicks through anything to get the goodies" crowd that are too stupid/lazy to get rid of the POS that is IE6. And if that is the case they would be much better off simply cutting off support for IE6 completely from all Google services and offering a link to Chrome (or FF3 if they are on Win2K) than all the work to build this thing. Because as you said trying to put security on top of IE6 is like wearing a helmet while standing around in your boxers. More than a little bit pointless. And for those not allowed to install anything there is always Pocket Kmeleon, QTWeb (same engine as Safari/Chrome) or Portable Firefox. And that is just the first three I clicked on at random, there are over a dozen including a Portable Chrome. This idea just seems like a solution in search of a problem to me.

    --
    ACs don't waste your time replying, your posts are never seen by me.