Google Barks Back At Microsoft Over Chrome Frame Security

CWmike writes "Google hit back at Microsoft on Friday, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer safer and more secure. 'Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users,' said a Google spokesman today. 'It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months.' On Thursday, Microsoft warned users that they would double their security problems by using Chrome Frame, the plug-in that provides better JavaScript performance and adds support for HTML 5 to Microsoft's browser."

So, which side

[sopssa]

The company is also investigating bugs filed with the Chrome team by Microsoft developers, who reported that Chrome Frame broke IE8's privacy mode.

Why am I not surprised this feature wasn't tested at Google? ;)

But on an interesting note, this seems to be a direct attack against Microsoft by Google. Granted not that many users will probably install it (especially 'normal' users who just dont care), with this and Chrome OS it's clear that Google is going after MS.

Also, this is another avenue for Google to datamine everything about the internet. People dont usually think about it, but Google's analytics traffic code is all over the internet and probably 90% of the sites you visit is known to google. Another interesting thing is that Slashdot used to hide the tracking code under its own domain, so just blocking the analytics domain didn't work.

While I dont like some of the business practices by neither one, its hard to pick sides here. Atleast MS sells the products directly, while Google monetarizes them by ads. And by that very nature you lose lots of privacy.

Earlier there was also discussion that Chrome Frame is mostly provided for corporate users who are required to use IE and cant install other browsers. But how can they install this plugin then? It's normal exe and probably requires even more admin rights to get inside IE than just installing Chrome on your userbase. And other than that I dont see a point in wrapping another browser plugin to work inside browser. If people are knowledge about this plugin, they're knowledge about the actual Chrome browser too. And IE user experience and GUI sucks.

Re:So, which side

[dread]

Ummm. Not many users? Do you completely fail to comprehend how HARD Google could push this on IE6/7 users if they wanted to? And with their allies and partners I think they would have a very good chance of doing an 80-20 conversion on that user base. That's what's up for grabs, not the measly IE8 percentage points. IE6 and IE7 users accessing Youtube, google.com, gmail, google docs et al being gently pushed to install the plugin. Good thing too in my opinion. The sooner we can get that crap out the door and onto the crap heap of history the better for everyone.

Re:So, which side

[MrCrassic]

Well, from the article, I'm getting the gist that they are only fueling the fire further. IT departments should be doing what they can to GET OFF IE6 instead of using software like this to breathe new life into it!

Upgrading to IE7 and IE8, as specified in the article, makes this add-on irrelevant. On a side note, I'm also concerned about the heavy-handedness Google has nowadays. I understand that their products constitute a LARGE portion of internet traffic, but it's kind of scary to think that their analytics code IS all over the web....

Re:Google dodged the point

To enable the plugin you need to alter the html: add some kind of header.

I would like to see an intranet site especially made to work with IE that enables the plugin by inserting html...I do not think there are any.

Chrome Frame sucks for me

[dword]

I'm a Firefox / Chrome fan and I just installed the Google Chrome Frame to see how it behaves. I installed Windows XP SP2 less than 24 hours ago and since then I've only installed my drivers, Firefox and the Google Chrome Frame; I went to a couple of innocent websites with IE6 and they both crashed the browser.

PS: Web developer here - Yes, IE6 sucks but it is not THAT unstable.

Re:Chrome Frame sucks for me

[JasonBee]

I'm a Firefox / Chrome fan and I just installed the Google Chrome Frame to see how it behaves. I installed Windows XP SP2 less than 24 hours ago and since then I've only installed my drivers, Firefox and the Google Chrome Frame; I went to a couple of innocent websites with IE6 and they both crashed the browser.

PS: Web developer here - Yes, IE6 sucks but it is not THAT unstable.

Which web sites? I'd love to test your observation as I have multiple VMs with various IE versions installed on various WinXP flavours.

Please tell us.

More Errors

[WED+Fan]

I tested this plug-in:

• On /. without plug-in, using IE8, I get no errors.
• On /. with FF, I get no errors.
• On /. with plug-in, using IE8, I get DEP errors.
• On other sites, with plug-in, using privacy mode, I get multiple IE crashes.
• On the same sites, disable the plug-in, in privacy mode, no errors.

I don't know about making it less secure, but it sure causes a bunch of "recovered" tabs and multiple errors.

Not Ready for Prime Time!

Strategic mistake

[blind+biker]

Microsoft has nothing to gain in this war of wards. They should have known it before they started it: now Google has more than just an excuse to publicize/raise the awareness of IEs security holes, educating the public on phishing, in the process. This will will definitely raise the interest of at least some IE users who would have not otherwise bothered themselves with Google's add-on.

I can see how MS got suckered into this, though: they just can't stand someone walking into their turf. Their predator instinct is just too strong, and makes them do stupid things.

Well played, Google.

Re:Strategic mistake

[at_slashdot]

The more Microsoft makes fuss about Chrome Frame the more people will find out about this options. A negative campaign when it comes from a negative company is positive.

Re:Google dodged the point

[SanityInAnarchy]

What chrome frame has also demonstrated beyond a doubt is that microsoft could have shipped a solution that preserved IE6 compatibility and upgraded web standards at the same time. They didn't because they didn't want to.

I'm not entirely sure about that. Microsoft did try roughly this strategy -- there was a plan to make IE7 (I think?) default to IE6 rendering, unless you sent some header to tell IE to render in "standards-compliant mode".

This is effectively the same thing -- it turns IE6 into a browser that's still IE6 until you do whatever you have to do to enable Chrome Frame, which is roughly like "standards-compliant mode".

The difference is, this isn't meant to be any kind of solution. IETab in Firefox is a solution. Adding an "IE6 Frame" to IE8 would be a solution, but I don't think IE8's "compatibility mode" is quite compatible, or people wouldn't still be using IE6 in these corporate environments.

So, this is more a hack to force the issue than a real solution.

I think the difference is that Microsoft was trying to sell this hack as the next version of IE, while Google isn't trying to sell this as anything other than cleaning up after Microsoft's mistakes.

I don't entirely disagree, though:

Microsoft is going to keep delaying the web's advance as long as possible.

Ever wonder why IE doesn't support the video tag? Or canvas?

Hopefully I'm wrong, and IE will eventually catch up -- at which point, of course, everyone else will have moved on to things like WebGL -- but it seems to me that improving the web in this way would slowly but surely make Silverlight (and Flash) obsolete.