Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Government Endorses Chrome As Most Secure Browser

Posted by Soulskill on from the taking-the-browser-war-across-the-pond dept.

New submitter beta2 writes "Several articles are noting that the German IT security agency BSI is endorsing Google Chrome browser: 'BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation. ... BSI also recommended Adobe Reader X — the version of the popular PDF reader that, like Chrome, relies on a sandbox to protect users from exploits — and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes. To update applications, BSI gave a nod to Secunia's Personal Software Inspector, a free utility that scan a computer for outdated software and point users to appropriate downloads.'"

6 of 174 comments (clear)

  1. Re:Maybe... by Justin_Schuh · · Score: 5, Informative

    As an engineer on Chrome security this particular FUD really bothers me. The BSI takes privacy very seriously, and would never make such a recommendation if Chrome did anything like what you suggest. To the contrary, Chrome has an exceptionally responsive privacy team and a very clear and simple privacy policy. It identifies any feature that can exchange data with Google services, and provides clear instructions for opting out. More importantly, the vast majority of features that can exchange any such data are explicitly opt-in.

  2. Re:Maybe... by Anonymous Coward · · Score: 5, Informative

    I haven't read TFA, but headline says "most secure browser", not most private.

  3. Adobe worship much? by icebike · · Score: 5, Interesting

    It would seem to me that "Chrome's habit of bundling Adobe Flash" would be a detriment. But that's just me.

    They went on to recommend Adobe Reader X. I agree that pdf readers in a sandbox make a lot of sense, its just that I have no particular reason to trust Adobe, since it was their doing that made PDFs unsafe in the first place. With Chrome's built in PDF render engine, I find I seldom have to use the adobe plugin at all any more. (And when I do, I'm always suspicious).

    If Google wanted to do us all a favor they would to with Flash content what they did with PDF documents, and add their own in-browser render engine.

    That being said, I do like the sandboxing that Chrome supplies, and Google Chrome is my browser of choice.

    Some people don't like keying search terms in the URL bar, and other minor objections that, when investigated, all amount to "its not firefox". I've seen some reports of incredibly slow page fetches, which are usually traceable to external things (chrome likes to use multiple concurrent connections, and swamps some anti-virus packages that operate as a proxy server).

    For me, the speed can't be beat on any of the platforms I use (linux and windows - various flavors of each). I prefer Google's builds to those in the Chromium Open Source project but both work very well.

    --
    Sig Battery depleted. Reverting to safe mode.
  4. Re:Yes, because... by heypete · · Score: 5, Insightful

    Perhaps not, but the vast majority of users don't care. Many users are not unlike my mother, who constantly clicks "Later" or "Not Now" whenever programs ask to install updates. For this reason, her computer is routinely several months behind the current updates.

    Having Chrome auto-update silently and without needing admin rights (as it by default installs itself only for the user that opened the installer, not system-wide) is enormously convienient (and the right choice) for most people.

  5. Extensions can enhance security of Firefox by ChadL · · Score: 5, Interesting

    I use Firefox because it has NoScript and SSLEverywhere, that Chrome doesn't (or doesn't that have equivilent funcionality); thus making Firefox more secure for my usage paterns.

  6. Re:Maybe... by Justin_Schuh · · Score: 5, Informative

    I don't see innuendo or unsubstantiated accusations as adding anything to the conversation. But I do think it's useful to address the technical portion of your claim.

    If I hit a 404, Chrome phones home with the URI I was trying to reach. And what do you do with that data, I wonder?

    I think you undermine the legitimacy of your question by trying to manufacture some evil ulterior motive here. The simple fact is that people often mistype URLs (or clip portions when pasting them), so it's helpful when the correct URL can be easily determined. And if you read through the privacy policy I linked above, you'll see that it very clearly describes what occurs in this scenario:

    In order to offer suggestions of alternative or similar webpages, the browser sends Google the URL of the page you're trying to reach whenever the web address does not resolve or a connection cannot be made. Information is logged and anonymized in the same manner as Google web searches. Any parameters in the URL are removed before the URL is sent. The logs are used to ensure and improve the quality of the feature.

    So, the submission of the URL is no different than if you'd stripped the parameters and pasted the URL into Google from an anonymous incognito window. If you're uncomfortable with that, then the same link provides instructions for disabling the feature.