Slashdot Mirror
German Government Endorses Chrome As Most Secure Browser
New submitter beta2 writes "Several articles are noting that the German IT security agency BSI is endorsing Google Chrome browser: 'BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation. ... BSI also recommended Adobe Reader X — the version of the popular PDF reader that, like Chrome, relies on a sandbox to protect users from exploits — and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes. To update applications, BSI gave a nod to Secunia's Personal Software Inspector, a free utility that scan a computer for outdated software and point users to appropriate downloads.'"
Let the criminals rule your life !! MORE SO than now !! Let crime be free, because you can never kill it !! NEVER !!
They didn't take into account its terrific privacy? Sending data to Google HQ? Really??
I am a Droid Borg. Shameless promotion from me, Google is the best of the best. Chrome, G+, Android, etc, etc, etc.
Yes, beacuse silent updates let you know which security problems you may have been exposed to.
HAND.
Yes sheep, it's the most secure browser ever. Download the binaries and rest at ease. We promise we haven't conspired with Google to install a back-door on our behalf.
Due to its history the BSI is taken about as serious as FOX "News".
I wouldn't even trust those idiots to be able to count to three.
My roomie has asked me to help him practise the symptoms of Asperger Syndrome, because his employee psych-evaluation is coming up and he's convinced that demonstrating the traits of an aspie will improve his chances of promotion.
Because, as he puts it, "Everyone knows all real genius geeks are aspies".
So I'm thinking about ways to "improve" on his performance, maybe by subtly giving him pointers which will make him look like a closet child-molester or something.
Ideas and/or suggestions?
Sometimes it crashes hard to the point where you need a hard reset of your computer. It even happens on major sites such as Boing Boing. Even though I switched to Chrome from Firefox after all it's "changes" from 4.0+ I still don't like crashes. I also feel that Google is trying to force Chrome on people similar to IE did to squelch Netscape with their over advertising and bundling.
The browser war is getting too rough, I hope once HTML5 is finally finished in 2014 the browser scene can stabilize again.
tbh the droid app is very superior, default google browser is slow and doesn't work
I take a look at Chrome every few versions or so, but I do not use it, for various 'comfort' reasons; I haven't decided whether it's useful for me to install Chromium since I seem to get by just fine with Opera and Firefox.
Unless it's absolutely needful to run anything from Adobe, I prefer to use open-source alternatives, because they suit my admittedly pedestrian needs.
On Windows systems, I've used Secunia to good effect since their on-line scanner became available; later I used PSI on Vista and Windows 7. I found the later versions in particular to be very useful and easy to use. While I now run Linux, save for a few Windows virtual machines, I continue to highly recommend PSI to any general user running Windows.
It would seem to me that "Chrome's habit of bundling Adobe Flash" would be a detriment. But that's just me.
They went on to recommend Adobe Reader X. I agree that pdf readers in a sandbox make a lot of sense, its just that I have no particular reason to trust Adobe, since it was their doing that made PDFs unsafe in the first place. With Chrome's built in PDF render engine, I find I seldom have to use the adobe plugin at all any more. (And when I do, I'm always suspicious).
If Google wanted to do us all a favor they would to with Flash content what they did with PDF documents, and add their own in-browser render engine.
That being said, I do like the sandboxing that Chrome supplies, and Google Chrome is my browser of choice.
Some people don't like keying search terms in the URL bar, and other minor objections that, when investigated, all amount to "its not firefox". I've seen some reports of incredibly slow page fetches, which are usually traceable to external things (chrome likes to use multiple concurrent connections, and swamps some anti-virus packages that operate as a proxy server).
For me, the speed can't be beat on any of the platforms I use (linux and windows - various flavors of each). I prefer Google's builds to those in the Chromium Open Source project but both work very well.
Sig Battery depleted. Reverting to safe mode.
Well, IE is IE but the reason I'm really not surprised is all my repair customers who have Firefox give me an extra headache. You can uninstall Firefox completely then reinstall it from scratch with nothing preserved and you'll still have the MyWebSearch toolbar and basically any other malware that was on it before. You have to actually delete the plugins folder out in Program Files to actually clear it. The add/remove plugins menu is confusing and non-exhaustive compared to IE8 and 9. It's really, really annoying and bad from a security standpoint. Plus, you have to go into the options menu to permanently disable password-remembering which is just about the least secure thing you can do in a browser. They sure have gone downhill lately. I wouldn't be surprised if Mozilla hires the old Netflix CEO because they've been about that smart lately. So I guess chrome wins.
And I notice all the other posts mentioning that Google products are spyware are getting modded down. No surprise there. Watch what happens to this one. Why do think their stuff is 'free'?
For justice, we must go to Don Corleone
Chrome is the most secured browser - new study:
http://www.theregister.co.uk/2011/12/09/chrome_ie_firefox_security_bakeoff/
* No Opera results compared (too bad, it's my "weapon-of-choice" online), but, similar results based on security featuresets compared showed similar results a month or so before this (Dec. 2011)...
(Sandboxing's a nice feature, but imo @ least, a bit "overrated", because sandboxes DO GET BROKEN, & in Windows 7 @ least, you can natively isolate ANY APPLICATION via right-click on it in taskmanager & set it as UAC VIRTUALIZATION enabled (which isolates applications' registry writes to the current profile only, NOT the ENTIRE SYSTEM/ALL PROFILES) - or, even moreso (filesystem, registries etc.) by using a tool called "SandBoxie" (64-bit capable too)).
APK
P.S.=> Anyhow/anyways, from the link above's a really nice chart used there for comparison of security-features & the criteria used as well -> http://regmedia.co.uk/2011/12/09/sandbox_comparison_small.png
... apkChrome is the most secured browser - new study:
From the same government that brought you Hitler!
fsck your proprietary recommendations, I'll neither use Windows or proprietary code for Windows! If you think flash bundled or not bundled but installed is a good you are out of your FSCKING MIND! Just say NO to Flash and fsck Windows!
But this newest update they sent... is blowing my CPU util of the charts...
I can open just Gmail, come back 8hrs later (ie, going to sleep), come
back and my laptop fan is roaring like a jet taking off, utilization is well
above 50%, with kernel involved and both cores.
I don't know if it's new Chrome update interacting with SWF or something
that they (Google) did to their pages. When I run Chrome taskman, it
shows the tabs that have Google apps on them, just smoking the CPU.
This isn't flamebait or trolling... it's a fact. I've made two bug reports,
but it seems that there isn't a "me too" anywhere.
Hoping maybe one of the geek peers here might have a similar issue?
-AI
For me, it is far better to grasp the Universe as it really is than to persist in delusion
it's called HTML5, and it will eventually kill flash
'It would seem to me that "Chrome's habit of bundling Adobe Flash" would be a detriment. But that's just me.'
and you are wrong. people want to see flash. and if a browser did not offer them flash, they simply wouldn't use the browser
so give google credit for meeting users half way: "look, you want flash, and you don't care about your security, so we are going to give you what you want in the most secure way possible, in spite of yourself"
don't hold against google their attempts to maximize security within the parameters of user expectations. of course, there will always be people who will judge google, and others, against absolute ideal security standards. and such people will only be called insightful on slashdot. the rest of us understand the needs of satisfying real world users
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I use Firefox because it has NoScript and SSLEverywhere, that Chrome doesn't (or doesn't that have equivilent funcionality); thus making Firefox more secure for my usage paterns.
The source is available. Take a look at it yourself, idiot.
It's open source, where the fuck are they going to put the backdoor? If you're really paranoid, compile it yourself after reading the source code over.
Adobe in the same sentence as secure?
I do not know what world they are living in but post 2008 since the death of IE 6 the number one infection of the web is not javascript or browser exploits but infected flash, java, and adobe files. They infect all platforms regardless of browser and is a nice run around since browsers generally have huge resources put in security development. I am shocked most geeks still allow flash and java enabled in work computer browsers outside the intranet and allow adobe acrobat to be installed.
At home I use Foxit with javascript disabled by default as my pdf viewer and use lists in IE 9 to block most flash and ads. In Chrome I use adblock.
Also Chrome is that secure because of one glaring feature that is a security risk. Chrome will click for you on every hyperlink and just not render it in front of you in order to *appear* faster when you do click on it. It is called network predictions. So the old tale, do not click on everthing! ... does not apply in Chrome and that scares me. I make sure I disable it under advanced options.
So far I only trust IE 9 for security as Firefox offers no sandbox at all, but even IE 7 had a sandbox and was not secure although better than IE 6.
http://saveie6.com/
http://www.samba.org/samba/news/articles/low_point/column11.html
The Low Point â" a View from the Valley â" Column 11
The Land of "Nothing for free"
On the map, Laguna Niguel looks like a beautiful Pacific coastal area south of Los Angeles, a little like one of my favorite spots Monterey, south of San Francisco. But I forgot; this is Los Angeles, where the brown haze of the air lies like a thick blanket over the insane sprawl of "Generica". It's an endless landscape of McDonalds, strip-malls and gas stations familiar to anyone who has seen the movie "Ghost World". Nothing is free here. You pay for parking (nothing but valet available), driving on toll roads, access to much of the beach (private). If they could figure out how to charge for the air I'm sure there'd be meters every block or so. It's a fitting home for the entertainment industry.
I was down there to give a talk on "Open Source Business Models" for a conference. Also represented were entertainment industry lawyers, "Big Telecom" management, and a smattering of software people. Microsoft was there of course. You can't hold a church fete with "Open Source" on the banner these days without Microsoft turning up and requesting representation. At least we also had Bruce Perens on our side to help make up the balance. The venue was an unbelievably expensive hotel. Even though I was on expenses I balked at asking the company to pay for a room there and found something cheaper (not by much) a few miles down the road.
Along with the collection of apologists for the "ultimate evils" (tm) of Hollywood and Telephone companies there were some very interesting presentations. A Japanese telecoms researcher made all the software people jealous by describing the idyllic state of broadband in Japan, where providers vie to sell gigabit fiber-optic pipes to the home. Yes, you read that right, Gigabit. The obvious question was asked; "what do people use all that bandwidth for" and the less than obvious answer was that they use it for all the same things people in less bandwidth-friendly countries do, they just do more of it. I could see a collective shudder pass through the entertainment industry people. They knew what that meant.
A keynote by Lawrence Lessig made the point even further. He showed a series of "mash-ups" of copyrighted material which were incredibly creative and funny. All completely illegal and currently being hunted off the Internet by entertainment industry lawyers. One of the most amusing asides was from a Walt Disney legal reply to a parent requesting "fair use" rights to use some clips from a Disney movie to put in his home video. He pleadingly promised them it was meant only for family viewing. "We currently deny all requests to use our material....". Even if you are impudent enough to ask, the answer is always no. At least one of the other studios replied that the current commercial rate was $700 to use a 30 second clip. I can see that being popular amongst parents making home movies. He also covered the current patent quagmire. A very interesting fact from his talk was that the total unit cost for a Chinese manufacturer to build a DVD player was around $26. However the total royalty fees they have to pay to western companies for the patent rights to build a player is $21 per unit, thus completely eliminating any profit they might make. No wonder the Chinese are currently creating their own digital video standard, completely incompatible with Western ones. It's the only thing that makes economic sense for them. This is almost certainly behind the Chinese refusal to use the new WiFi standards for wireless devices also.
I ended up making myself unpopular by publicly attacking the Washington-based economist who'd advised the Clinton Administration on "Intellectual Property" issues. It's a very personal issue for me as it affects my everyday life and work, so when he made the statement that "strengthening the patent system leads to
Do they have people who know absolutely nothing about computers writing these recommendations?
Go to AskWoody.com first and decide whether that update is going to break your computer! There's nothing good about automatic updating - it just breaks things and adds bloat!
Google spy for fbi/cia browser
and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes.
Windows Update can apply Linux kernel fixes? Damn, I'm impressed!!
Slashdot is full of self-diagnosed Asperger cases. The post to which you replied clearly emphasized the image these people assign to themselves, by stating that normal people are somehow flawed and mediocre, while the "sufferers" consider themselves to be superior in every way.
Just because you are timid, shy, like playing with toys, and insufferably arrogant does not make you a member of an elite club of ubermensch. Seriously.
Fanboys argue amongst each other about which browser is the best. This quickly snowballs into a heated debate about which OS is more secure, and which browser is most secure on what operating system. In the end, after the thread is left in a smoldering heap of baseless accusations, groundless conjecture and a little bit of superstition, we all end up looking like basement dwellers to the casual observer.
If you must know, my browser is made from alien technology and does some of them there fancy things.
He has many other fast
I cannot believe how naive most people are. Just because something is open source doesn't mean that your average user has the ability to check that an installed binary update matches the source code.
The backdoor is software auto upgrades. By upgrading to a special binary any government security organization, in cooperation with every major organization pushing software updates, can have access to everything you do on your computer - not just everything you do on the internet which is clearly a simpler task. Naturally every government agency will decree that auto updates and flash are highly desirable.
Is it simply a coincidence that at the very same time that every airport rolled out full body scanners, software suddenly became so unreliable and bug ridden that constant and automatic updates became necessary?
How will you work out that your binary matches the source? Have you ever done that? Has anybody ever done that?
Chrome is not in fact open source. It includes a bunch of open source code but also various closed-source components. Perhaps you confused Chrome and Chromium? They're not the same thing.
If you compile Chrome yourself, you're not using Chrome, of course (and in particular, some features that this particular security evaluation ticks as positives, like the bundled Flash, will be missing).
(There's the side issue that compiling yourself gives you no particular guarantees either if your compiler is in cahoots with the code you're compiling, but for now the chances of that for Chrome are low.)
Especially the file :
$HOME/.config/google-chrome/SingletonLock
Since Germany is saying that Google Chrome being the most secure browser, I'd like to bring in a journal I posted the other day, FWIW
http://slashdot.org/journal/277313/journal-unscientific-testing-of-browsers
In the test above Mozilla Firefox gave the best result, Google Chrome came a distant 2nd
And an update to my journal above ----
It's been 100 hours since I started that test and only Mozilla Firefox is still running, with 5 taps opened.
Google Chrome stopped running some 80 hours after launch.
Muchas Gracias, Señor Edward Snowden !
Assuming Google doesn't have a "sendCopyOfUsersDataToGoogle()" function buried in the Chrome code base.....which is a very real possibility, Chrome *might* be the most secure browser in that if anyone rapes the user, it will be Google themselves.
If Chrome is that well built, it might be worthwhile to use one of the open source recompilations that check for and remove spy code.
Still, you have to trust that the developers are good enough to spot it.
Who cares? Why you would want to read PDFs in a browser window when there are standard apps for doing that, is something I'll never understand. If you're a Windows user, just install Foxit and you'll never have to suffer the crap of Acrobat Reader again.
Additionally, they may not rape you now but can easily add the rape function via silent update.
Oh, right, I can disable updates... and that's more secure? Sorry, no it's not.
I only trust browsers that I compile myself -- Before you ask: Yes, I do read through every line of code & diff-logs of updates looking for evilness therein. I'm actually two of those "many eyes" out there that help improve security and fix bugs... I can't compile Chrome, I don't use it. IMHO, I can't trust Chrome -- It has something to hide, or else I would be able to. Maybe that "something" it's hiding isn't malicious. Can you prove it's not? No, you can't. Since alternative open source software with equivalent features exists It would be quite foolish to NOT use them instead... I need to trust the browser when I enter my credit card numbers online, not saying that Chrome isn't trust worthy, just that the alternatives are moreso.
So, Chromium & Firefox, yes... but never will I use Chrome.
It's fascinating... Not too many years ago ./ was a place where technophiles and geeks would share their knowledge... But today, for everyone to see, it's mainly a load of paranoid idiots spreading fud... looks like the (classical) media are doing very well shoving that "google invades your privacy more than a coloscopy invades your anus"-theme down peoples throats... ooooh and how much joy most people get from giving this deep-throat to the (classical) media...
but hey... nevermind... why thinking on your own when there's other people who willingly take this burden from you, right? after all: the media's main interest is to properly inform you so you make clever choices... they don't have lobby interests, right? why would they, after all?
right... hopefully there'll comes a time when taking all too shitty fud for granted and even spreading it significantly shortens once life-span...
paranoia is a medical condition... just saying...
*colonoscopy...