Google Barks Back At Microsoft Over Chrome Frame Security

CWmike writes "Google hit back at Microsoft on Friday, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer safer and more secure. 'Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users,' said a Google spokesman today. 'It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months.' On Thursday, Microsoft warned users that they would double their security problems by using Chrome Frame, the plug-in that provides better JavaScript performance and adds support for HTML 5 to Microsoft's browser."

So, which side

[sopssa]

The company is also investigating bugs filed with the Chrome team by Microsoft developers, who reported that Chrome Frame broke IE8's privacy mode.

Why am I not surprised this feature wasn't tested at Google? ;)

But on an interesting note, this seems to be a direct attack against Microsoft by Google. Granted not that many users will probably install it (especially 'normal' users who just dont care), with this and Chrome OS it's clear that Google is going after MS.

Also, this is another avenue for Google to datamine everything about the internet. People dont usually think about it, but Google's analytics traffic code is all over the internet and probably 90% of the sites you visit is known to google. Another interesting thing is that Slashdot used to hide the tracking code under its own domain, so just blocking the analytics domain didn't work.

While I dont like some of the business practices by neither one, its hard to pick sides here. Atleast MS sells the products directly, while Google monetarizes them by ads. And by that very nature you lose lots of privacy.

Earlier there was also discussion that Chrome Frame is mostly provided for corporate users who are required to use IE and cant install other browsers. But how can they install this plugin then? It's normal exe and probably requires even more admin rights to get inside IE than just installing Chrome on your userbase. And other than that I dont see a point in wrapping another browser plugin to work inside browser. If people are knowledge about this plugin, they're knowledge about the actual Chrome browser too. And IE user experience and GUI sucks.

Re:So, which side

[dread]

Ummm. Not many users? Do you completely fail to comprehend how HARD Google could push this on IE6/7 users if they wanted to? And with their allies and partners I think they would have a very good chance of doing an 80-20 conversion on that user base. That's what's up for grabs, not the measly IE8 percentage points. IE6 and IE7 users accessing Youtube, google.com, gmail, google docs et al being gently pushed to install the plugin. Good thing too in my opinion. The sooner we can get that crap out the door and onto the crap heap of history the better for everyone.

Re:So, which side

[mystik]

I'm from a small org, fully embracing the leading edge.

But I can See the following scenario:

1) Org has large internal App written for IE6 only. Can't upgrade so users are forced to have IE6 on their workstations
2) Org's IT admins are well aware of the security problems IE6 forces them to work around.
3) Roll out the Chrome plugin, and set things up so everything *but* the internal site uses Chrome.

Installing IE upgrades makes it difficult to leave an ie6 & ie_latest deployment side-by-side in a 'supported' fashion (Unless ms has a 'supported' way of doing this?)

Using the Chrome plugin lets the Org upgrade the browser to something maintained & more secure on their deployment, while allowing the archaic app to work as expected.

Re:So, which side

[AmberBlackCat]

Everybody I know ends up with the Google toolbar, and most of them don't know how they got it. It's installed the same way as viruses; they just get some software installed, choose typical or default installation, and keep clicking yes till they get to the end. So surely Google could bundle the installer for this thing with the toolbar and everybody will have it. They just won't know what it is, why they have it, or how to get rid of it.

Re:So, which side

[Bert64]

I don't think they will...
Firefox. Opera and Safari are being actively developed and are all roughly in the same league with chrome when it comes to standards support and performance.. It is just IE that lags so far behind, and breaks support for things so badly that it puts a considerable burden on companies like google having to support it.

Aside from the fact that Safari even uses the same rendering engine as chrome.

Google don't really care what browser you use, they were pushing people to use firefox before chrome came out, they just don't want people using a browser as outdated and broken as ie because it makes their job so much harder and limits some of the things they'd want to do.

Does anyone care?

[amiga3D]

I'm thinking that IE users' primary concern is not security or they'd be using something else to begin with.

Re:Does anyone care?

[Shikaku]

It doesn't activate on EVERY website. RTFA. It requires a meta tag. Google released this so that IE users can use Google Wave because IE doesn't support HTML5. It can also be used on other websites. I think it's a great move by Google, to smack Microsoft in the face to actually step up to standards.

Re:Google dodged the point

[jlp2097]

There's just no reason to get this installed in corporate networks where IE6 is being used (breaks most intranet sites)

BS! Chrome Frame is entirely opt-in i.e. the website has to include a meta-tag indicating that the site should be displayed in Chrome Frame instead of IE Trident. This is the point of Chrome Frame: allow all these corporations (mostly) to keep their IE6 and maybe IE7 while still having the possibilty to access all these new & shiny ajaxy webapps (like Wave).

Re:Google dodged the point

[daniel142005]

Do you have any idea why they released Chrome Frame in the first place? Its because Google got tired of Microsoft not meeting web standards. Google will be releasing Wave soon and the majority of the population would not be able to use it because IE does not support HTML5. Chrome Frame is just as secure as IE if not more, not to mention, if a bug or exploit is found with Chrome or Chrome Frame, it takes Google hours to days to push out a fix.

"There's just no reason to get this installed in corporate networks where IE6 is being used"

Do you have any clue what Chrome Frame even does? It does not force EVERY website to use itself. Only websites that request it or websites that you told to use it. And believe it or not, there are a lot of newer applications in the business environment that do not work with IE6 or even IE7/8.

"anyplace where IE8 is being used (surface of attack expanded in exchange for little benefit)"

I guess you are unaware of exactly how much IE8 does not include compared to Firefox/Safari/Chrome, and your obviously not a web developer. Most of the time websites have to have code dedicated for IE otherwise the website will not work right. Google is sick of Microsoft not following standards and them as well as everyone else having to waste their time to make patches so it will work in IE.

Chrome Frame sucks for me

[dword]

I'm a Firefox / Chrome fan and I just installed the Google Chrome Frame to see how it behaves. I installed Windows XP SP2 less than 24 hours ago and since then I've only installed my drivers, Firefox and the Google Chrome Frame; I went to a couple of innocent websites with IE6 and they both crashed the browser.

PS: Web developer here - Yes, IE6 sucks but it is not THAT unstable.

Re:Chrome Frame sucks for me

[JasonBee]

I'm a Firefox / Chrome fan and I just installed the Google Chrome Frame to see how it behaves. I installed Windows XP SP2 less than 24 hours ago and since then I've only installed my drivers, Firefox and the Google Chrome Frame; I went to a couple of innocent websites with IE6 and they both crashed the browser.

PS: Web developer here - Yes, IE6 sucks but it is not THAT unstable.

Which web sites? I'd love to test your observation as I have multiple VMs with various IE versions installed on various WinXP flavours.

Please tell us.

Re:Chrome Frame sucks for me

[IamTheRealMike]

ChromeFrame isn't activated unless the website asks for it. So you were just testing the reliability of IE6, not Chrome.

Re:Chrome Frame sucks for me

[dword]

I guess IE6 is THAT unstable. Thanks :)

Re:Google dodged the point

[Runaway1956]

Coming to a community college near you: Reading Comprehension 101

The plugin sits idle UNTIL CALLED by a call ON THE SERVER. If the call isn't made by the intranet server, the plugin doesn't do anything, meaning IEx does what it would have done anyway.

More Errors

[WED+Fan]

I tested this plug-in:

• On /. without plug-in, using IE8, I get no errors.
• On /. with FF, I get no errors.
• On /. with plug-in, using IE8, I get DEP errors.
• On other sites, with plug-in, using privacy mode, I get multiple IE crashes.
• On the same sites, disable the plug-in, in privacy mode, no errors.

I don't know about making it less secure, but it sure causes a bunch of "recovered" tabs and multiple errors.

Not Ready for Prime Time!

Strategic mistake

[blind+biker]

Microsoft has nothing to gain in this war of wards. They should have known it before they started it: now Google has more than just an excuse to publicize/raise the awareness of IEs security holes, educating the public on phishing, in the process. This will will definitely raise the interest of at least some IE users who would have not otherwise bothered themselves with Google's add-on.

I can see how MS got suckered into this, though: they just can't stand someone walking into their turf. Their predator instinct is just too strong, and makes them do stupid things.

Well played, Google.

Re:Strategic mistake

[at_slashdot]

The more Microsoft makes fuss about Chrome Frame the more people will find out about this options. A negative campaign when it comes from a negative company is positive.

Re:Strategic mistake

[mister_playboy]

Publicity has nothing to do with logic, smartypants.

Re:Strategic mistake

[westlake]

The more Microsoft makes fuss about Chrome Frame the more people will find out about this options.

The only "fuss" I'm hearing about Chrome Frame is on Slashdot. The geek needs to remember that to almost everyone else Google remains simply a search engine.
 

Sigh... shortsighted are we?

[SmallFurryCreature]

Google is at war and its goal is the liberate the browsers and allow them to be everything they can be.

Evil Microsoft has poor IE as a hostage and is doing terrible things with it. It could be so much but forced into ghetto conditions it is backwards and idiotic.

Direct war with the evil Microsoft is hard but Google is dropping supplies behind enemy lines to help as much as possible. Luxuries other browsers can take for granted are dropped in the form of javascript libraries so that IE can still at least somewhat come along no matter how slow.

Now with this new weapon of peace the evil Microsoft can be twarthed like never before, every IE that dares can now be free and standup like a real browser with all the features those in the free world have come to taken for granted.

There is not going to be one single succesful strategy to liberate the browser, but liberated it will be. Google needs freedom more then any true american company needs air to breath. The communist Microsoft (All for one OS and one OS for all) shall be vanquished. It will not happen overnight, but it will happen.

For the humor impaired: Google needs fast capable browsers because that is where it does its business. If MS can't produce a capable browser then it got 3 options: advertise other browser (firefox), produce its own to push the cutting edge (Chrome forced firefox to become quicker) and to augment the least capable browsers to support current standards. It will have to push hard from different directions to achieve this but success has already been made. MS has had to work very hard with IE and you can see from their response about this plugin in that they are very scared indeed about the browser becoming more capable.

This battle is NOT about getting people to install Chrome or Firefox, it is about having them surf the web with a capable browser so Google can push new features and not have to constintly cripple their application for an obsolete piece of software.

Re:Oh please no...

[TheRaven64]

Web sites should be designed using web standards, and not require specific browsers for use.

That's rather the point. IE6 is not standards-compliant, while the Chrome frame is. If you deploy a standards-compliant web site, it won't work in IE6, but it will work in IE6 with the Chrome Frame Plugin. It provides a way of 'supporting' IE6 without actually having to write a broken web site. Just set the meta tag so that when an IE 6 user comes along they use the plugin and let everyone else use their browser.

There was a similar thing done a few years ago (2002?), where someone made an ActiveX control containing the Gecko engine. It wasn't used much back then because downloading 3MB of plugin for a site was too much effort for most people. Google, however, has a lot more ability to push things like this to end users.