Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Says Google Chrome Frame Makes IE Less Secure

CmdrTaco posted more than 4 years ago | from the less-secure-than-what-exactly dept.

Google 459

Mark writes "The release of Google Chrome Frame, a new open source plugin that injects Chrome's renderer and JavaScript engine into Microsoft's browser, earlier this week had many web developers happily dancing long through the night. Finally, someone had found a way to get Internet Explorer users up to speed on the Web. Microsoft, on the other hand, is warning IE users that it does not recommend installing the plugin. What does the company have against the plugin? It makes Internet Explorer less secure. 'With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers,' a Microsoft spokesperson told Ars. 'Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.'"

cancel ×

459 comments

Sorry! There are no comments related to the filter you selected.

kettle/black (5, Funny)

Anonymous Coward | more than 4 years ago | (#29527551)

stones/glasshouses

Re:kettle/black (5, Insightful)

ta bu shi da yu (687699) | more than 4 years ago | (#29527607)

I know. Ho hum. Someone tell Microsoft to wake me up when they get around to actually making a decent browser. How many years has it been? 13 years?

Re:kettle/black (3, Insightful)

Anonymous Coward | more than 4 years ago | (#29527707)

Perhaps you don't remember, but IE 5 was LIGHTYEARS ahead of Netscape. There's a reason EVERYBODY dumped Netscape, and it wasn't just "it came with Windows", because at first, it didn't...

Also, IE7 and 8 (on Vista and Windows 7) has a bunch of really impressive security features, albeit they're still behind in standards. And "accelerators" are extremely useful.

That said, I still use Firefox (Somebody PLEASE make AdBlock Plus for Chrome and IE please! )

Re:kettle/black (5, Insightful)

Chabil Ha' (875116) | more than 4 years ago | (#29527873)

Perhaps you don't remember, but IE 5 was LIGHTYEARS ahead of Netscape.

Great, that happened *ten* years ago [wikipedia.org] . What has happened since? They've been chasing the Fox for past *five* years.

Re:kettle/black (2, Informative)

Anonymous Coward | more than 4 years ago | (#29528057)

Perhaps you don't remember, but IE 5 was LIGHTYEARS ahead of Netscape.

Great, that happened *ten* years ago [wikipedia.org] . What has happened since? They've been chasing the Fox for past *five* years.

Great, except I was responding to somebody who claimed that Microsoft hadn't made a DECENT browser in THIRTEEN years. 6 was fine when it came out, if nothing special, but 5, 7, and 8 have all had some pretty good features. Features that would make me drop AdBlock Plus? Hell no! But saying they can't make a 'decent' browser is just flamebait.

Re:kettle/black (1, Informative)

djnforce9 (1481137) | more than 4 years ago | (#29528073)

@Post #29527707:

"That said, I still use Firefox (Somebody PLEASE make AdBlock Plus for Chrome and IE please! )"

Somebody already did create ad blocking software for IE but unfortunately it's not freeware and won't work with Adblock plus subscriptions (at least it didn't when I last tried it).

The name of the addon is called Adblock Pro.

Re:kettle/black (3, Informative)

Anonymous Coward | more than 4 years ago | (#29528161)

Also, IE7 and 8 (on Vista and Windows 7) has a bunch of really impressive security features...

And even more impressive bloat, *especially* with regards to screen real estate, even with all the bars disabled. It's as if IE is parodying itself. [j-walkblog.com] Ever try using IE8 on a netbook? It doesn't work, you have to enter kiosk mode for it to be remotely useful. There's no thought to form or function, they just barfed menus all over the place and called it "progress".

Re:kettle/black (5, Funny)

Vindicator9000 (672761) | more than 4 years ago | (#29527835)

But really, no one should throw stones, right? As a kid, I was always taught that it's not nice to throw stones at people. Unless of course, you were trapped in a glass house and needed to get out. If you have a pile of stones next to you, go ahead and throw them. Then you won't be trapped anymore! So really, people in glass houses are the only ones who should throw stones. Right?

Re:kettle/black (2, Insightful)

Anonymous Coward | more than 4 years ago | (#29527877)

Dimitri martin's standup doesn't transfer well to text ;)

Re:kettle/black (3, Funny)

gyrogeerloose (849181) | more than 4 years ago | (#29528141)

people in glass houses are the only ones who should throw stones. Right?

Wrong. People in glass houses shouldn't undress.

Friends? (5, Funny)

Jeoh (1393645) | more than 4 years ago | (#29527559)

Friends don't let friends use Internet Explorer anyway.

Re:Friends? (5, Funny)

Mikkeles (698461) | more than 4 years ago | (#29527597)

'This is not a risk we would recommend our friends and families take.'

They have friends, much less family?

Re:Friends? (0)

Fwipp (1473271) | more than 4 years ago | (#29528021)

'This is not a risk we would recommend our friends and families take.'

They have friends, much less family?

would
Don't worry, they're just speaking hypothetically.

Well yes (4, Funny)

Canazza (1428553) | more than 4 years ago | (#29527571)

Ofcourse it makes it less secure, it lets you run Javascript faster, so that all those drive-by malware installers can execute faster!

Re:Well yes (1)

rjune (123157) | more than 4 years ago | (#29527907)

I still don't understand how IE could be made less secure. Surely, IE offers more options than just Javascript to install malware.

Re:Well yes (1, Troll)

Computershack (1143409) | more than 4 years ago | (#29528093)

I still don't understand how IE could be made less secure. Surely, IE offers more options than just Javascript to install malware.

Because on Vista, IE8 runs sandboxed.

Re:Well yes (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29528201)

IE7 and IE8 on Vista and later (Server 2008 and Windows 7) have some really impressive security, in fact. Everything is pretty well sandboxed, and if something DOES break, it's usually pretty well contained.

IE7 and IE8 combined have, oddly, exactly 100 vulnerabilities (88 for IE7 [secunia.com] , 12 for IE8 [secunia.com] ).

FireFox 3.0 alone has 114 [secunia.com] . FireFox 3.5 has 18 [secunia.com] . And, to be thorough, FireFox 2 has 154 [secunia.com] .

So. Yeah. Glass Houses, throwing stones, yada yada yada.

Well they would say that wouldn't they (5, Informative)

Chrisq (894406) | more than 4 years ago | (#29527573)

What do you expect; "This is great now our customers can access standards-compliant sites and have a faster, smoother web experience"?

Re:Well they would say that wouldn't they (5, Funny)

jgardia (985157) | more than 4 years ago | (#29527657)

I was expecting "Microsoft Says Google Chrome Frame Makes IE even Less Secure"

Re:Well they would say that wouldn't they (5, Insightful)

MadKeithV (102058) | more than 4 years ago | (#29527909)

"Microsoft pretends IE could possibly be made less secure by changing anything about it."

Re:Well they would say that wouldn't they (2, Insightful)

c-reus (852386) | more than 4 years ago | (#29528069)

"Microsoft releases new critical IE patch that accidentally disables the Chrome Frame"

Security issues with Google Chrome? (4, Insightful)

commodore64_love (1445365) | more than 4 years ago | (#29527585)

Dear Microsoft:

Citation please. Evidence. Facts. Or retract.

'k thanks,

Google

Re:Security issues with Google Chrome? (-1, Offtopic)

TheKidWho (705796) | more than 4 years ago | (#29527619)

Ok asshat, you do not speak for google.

Re:Security issues with Google Chrome? (2, Insightful)

Svartalf (2997) | more than 4 years ago | (#29527801)

Humor: (Noun)

1. a comic, absurd, or incongruous quality causing amusement: the humor of a situation.

2. the faculty of perceiving what is amusing or comical: He is completely without humor. (Something you seem to lack yourself...)

Re:Security issues with Google Chrome? (0, Offtopic)

Ash-Fox (726320) | more than 4 years ago | (#29527863)

Ok asshat, you do not speak for google.

Whoooooooosh!

Re:Security issues with Google Chrome? (0, Insightful)

Anonymous Coward | more than 4 years ago | (#29527633)

given googles horrible history with security and the fact MS's statement really just says it increases the attack surface, (pretty much a fact with any plugin). What exactly do you want evidence of?

Re:Security issues with Google Chrome? (5, Insightful)

selven (1556643) | more than 4 years ago | (#29527677)

Google has a horrible history with security?

Re:Security issues with Google Chrome? (3, Informative)

ByOhTek (1181381) | more than 4 years ago | (#29527749)

Every 6 months to a year it seems there is yet another goof up that lets users access other users email (gmail) or data (google docs).

While this is still better than the track record on many MS products, it still leads me to suspect the security of Google. Face it, they are good at distributing information, not hiding it... Now, unless *EVERY* Google security hole is already in IE, new holes will be added.

Re:Security issues with Google Chrome? (4, Insightful)

SanityInAnarchy (655584) | more than 4 years ago | (#29528143)

Every 6 months to a year it seems there is yet another goof up that lets users access other users email (gmail) or data (google docs).

Unless I'm missing something, most of this revolves around users accessing their data through HTTP over insecure wireless, neither of which is required by Google.

It can be as simple as using https://mail.google.com/

Re:Security issues with Google Chrome? (3, Insightful)

Anonymous Coward | more than 4 years ago | (#29528199)

Every 6 months to a year it seems there is yet another goof up that lets users access other users email (gmail) or data (google docs).

Your premise is wrong, hence your argument is wrong. All those goof-ups were not with the gmail you use, or the google docs you use. They were with contractual installations in colleges, etc. It's really like saying "Oh, hey, MS Exchange in X college got hacked, MS's security sucks!"

Re:Security issues with Google Chrome? (1)

Svartalf (2997) | more than 4 years ago | (#29527815)

It's called "sarcasm"...

Re:Security issues with Google Chrome? (5, Funny)

Spy der Mann (805235) | more than 4 years ago | (#29528079)

News: Vulnerability in google chrome
News: Vulnerability in Mozilla Firefox
News: Some part of Internet explorer is safe!

See? :)

Re:Security issues with Google Chrome? (0)

Anonymous Coward | more than 4 years ago | (#29527717)

Considering that it didn't increase it any more than any other plugin and the attack-surface because of Active-X is actually LARGER than with Mozilla or Chrome...

It's a bogus remark they made there. But then the crowd here has come to expect bogosity from Microsoft. If they were to meet up with the Devil, they'd have little trouble talking with the gent.

Re:Security issues with Google Chrome? (2, Insightful)

Jezza (39441) | more than 4 years ago | (#29528085)

Given that this is IE6, I think any talk about security is somewhat moot. Unless I don't understand it, this should make IE6 more secure - Chrome after all is a "modern" browser, and the page will be run inside that, and not actually touch the rest of IE6's feature set. I really don't see this at all, it strikes me that this is FUD. Maybe I'm missing the point here.

Anyway, if users actually cared about security they'd not be running IE6 - even Microsoft see the upgrade from that as "critical".

Re:Security issues with Google Chrome? (5, Interesting)

ShadowRangerRIT (1301549) | more than 4 years ago | (#29527739)

Well, technically, they may be right. It does lead to more attack surface, and many plugins have permissions the browser doesn't allow itself. And Microsoft product security has increased, to the point where I'm fairly confident that the security risks of their Javascript interpreter are comparable with other major browsers. And unless Google *forces* updates to the plugin, security patches will never be applied; few people run Windows Update, but even fewer update non-MS products.

Of course, those arguments mostly argue for rejecting the *plugin*. *Replacing* IE8 with Chrome (or your browser of choice) means you have only one program's attack surface to worry about again. I'm guessing this is the unspoken part of MS's argument.

Re:Security issues with Google Chrome? (1)

Runaway1956 (1322357) | more than 4 years ago | (#29528167)

"many plugins have permissions the browser doesn't allow itself."

Kinda bass ackwards? The OPERATING SYSTEM is supposed to allow or disallow permissions, not the browser. Oddly, I don't think your statement is bass ackwards - rather, MS has their security and convenience priorities bass ackwards.

I will agree that MS has cleaned up browser security a lot. I was actually impressed with IE7, when it was locked down for server use. Default installation of IE8 on Win 7 does seem decently secure. But - the whacko boys haven't had a lot of time to attack it yet, either. Past history says, give it a few months. There are sure to be some "OH SHIT! I DIDN'T THINK THEY COULD DO THAT!" posts, here and elsewhere.

Re:Security issues with Google Chrome? (1)

Yvanhoe (564877) | more than 4 years ago | (#29527855)

But it is about "our friends and families"! How could you be so desinvolt in a matter involving our FRIENDS and FAMILIES !

Re:Security issues with Google Chrome? (2, Insightful)

horatio (127595) | more than 4 years ago | (#29527939)

Wait, isn't it Microsoft that silently installs a plugin into Firefox during a Windows update session, and disables the "uninstall" functionality? Guy has some nerve to stand around and wag his finger at Google.

Re:Security issues with Google Chrome? (1)

Chaos Incarnate (772793) | more than 4 years ago | (#29528055)

They don't disable the uninstall; that's Mozilla's doing, not letting plugins in Program Files be removed from within the browser.

Re:Security issues with Google Chrome? (1)

mdm-adph (1030332) | more than 4 years ago | (#29528181)

This behaviour has changed in Firefox 3.5, anyway.

Re:Security issues with Google Chrome? (4, Insightful)

beelsebob (529313) | more than 4 years ago | (#29528049)

Inciteful as the statement is, it's true... There's no way it can be false. A browser containing IE's engine *and* WebKit has all the security holes from both, and all the security holes gained in pushing one into the other.

So yes, microsoft is right, but rather missing the point... If you're using a chrome frame, you're probably not using IE frames, which means that you're as secure as WebKit's security flaws.

Why you'd do that rather than just using chrome I have no idea though.

I agree (4, Insightful)

kimvette (919543) | more than 4 years ago | (#29527599)

This is not a risk we would recommend our friends and families take.""

. . . which is why one should run Firefox, konqueror, Mozilla, or Opera on Linux, Solaris, or BSD instead.

Re:I agree (1)

FlyingBishop (1293238) | more than 4 years ago | (#29528007)

Or Chrome, or Safari, or even Firefox 2 on Windows

I'm Taking Notes (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29527605)

This is not a risk we would recommend our friends and families take.

Yeah? And what kind of lube do you recommend for your customers when you bend them over?

Re:I'm Taking Notes (3, Funny)

siddesu (698447) | more than 4 years ago | (#29527673)

Sweet Shimmer Glitter Lube. In juicy apple, boysenberry, pink champagne or pina colada.

Re:I'm Taking Notes (1)

gEvil (beta) (945888) | more than 4 years ago | (#29528081)

What? No 'Hot Grits' flavor?

Re:I'm Taking Notes (1)

Orbijx (1208864) | more than 4 years ago | (#29528221)

I don't know whether to laugh, cry, or ask where I can order some of that.

It's alright (5, Funny)

Anonymous Coward | more than 4 years ago | (#29527613)

I'm not Microsoft's friend or family.

Of course (5, Insightful)

PhasmatisApparatus (1086395) | more than 4 years ago | (#29527615)

Of course it doubles the attack rate of malicious scripts... It makes Javascript run twice as fast.

In other news, Microsoft has said that Moores Law is a security risk, because viruses can install themselves twice as fast every 18 months.

Re:Of course (2, Insightful)

tolan-b (230077) | more than 4 years ago | (#29527839)

Attack surface not attack rate..

Re:Of course (1, Informative)

Anonymous Coward | more than 4 years ago | (#29528133)

Whooooosh!

Thanks (5, Insightful)

Anonymous Coward | more than 4 years ago | (#29527621)

You just made one of the most important arguments against Silverlight official.

Re:Thanks (4, Funny)

Yvan256 (722131) | more than 4 years ago | (#29527703)

Not only an argument directly from Microsoft against Silverlight but also against Flash!

Why is Microsoft helping us like that?

Re:Thanks (1, Troll)

gabebear (251933) | more than 4 years ago | (#29528061)

It's a great argument against Silverlight from a consumer's point of view. You have to load extra software which won't effect 99.9% of the pages you might visit.You aren't really adding any security, since the old crap is still there.

From a web developers point of view this could be HUGE. Most customers wouldn't have a problem installing a Google-based plugin, and after we get them to install the plugin WE NEVER NEED TO CODE FOR IE AGAIN!!!!! Really, IE8 isn't a terrible browser, but IE7 and IE6 are unforgivably bad. This takes care of all the IE6, IE7, and IE8 incompatible crap and lets you override their engines by adding one tag to your page.

Re:Thanks (1)

Svartalf (2997) | more than 4 years ago | (#29527783)

Yep...I'm betting that they realize this, but are hoping the unwashed masses won't twig onto what they just said there.

Textbook FUD (4, Interesting)

Lemming Mark (849014) | more than 4 years ago | (#29527639)

"Given the security issues with plugins in general and Google Chrome in particular"

O RLY?

I'm happy to believe that IE8 actually has a good security model. I'm happy to believe that Chrome is not without flaws. But, really, Google have gone through fairly considerable pain and implemented quite strict sandboxing techniques for Chrome, to contain any problems in the renderer. It's pretty solid. Maybe it's better than IE8, maybe not. But just hand waving and going "Oh yes, *especially* Chrome" as if it's common knowledge that it's insecure is simply FUD.

The point about increasing the attack surface area seems more valid, perhaps, though it really depends on how this plugin works. If there are really twice as many places available at once then yes, that is a worry. If you'd have to get through Chrome's security and then through IE8's security, that actually sounds quite good. Possibly the biggest security worry I see is in encouraging users to think that installing a large, scary plugin that basically replaces the guts of their browser is a normal occurrence that will make their internet experience better.

Re:Textbook FUD (2, Insightful)

selven (1556643) | more than 4 years ago | (#29527695)

You're not just adding the security of Chrome and IE, you're adding their insecurity as well.

Re:Textbook FUD (1)

Lemming Mark (849014) | more than 4 years ago | (#29527753)

I realise that's the risk they're referring to. But whether it works like that really depends on how it's architected.

If Chrome is using IE facilities to interact with the outside world, then that's exposing you to bugs in those IE facilities. If Chrome was using its own HTTP implementation, etc and basically just acting as an independent browser that happens to be embedded in an IE window then Chrome is going to be the one exposing bugs to the outside world.

I assume that it is somehow using IE facilities so that you get the impression of an integrated browser, which makes it more likely that IE is also being exposed for attack. But it's not instantly obvious that that's definitely the case. Maybe if I'd read the article about the Chrome Frame when that came out ... ;-)

Re:Textbook FUD (1)

Svartalf (2997) | more than 4 years ago | (#29527767)

Heh... Since the general user population on Windows will install damned near any sort of crap on their box because it's "nifty", "cool", etc. along with at least prior versions of IE gleefully doing it for them whether they wanted it or not- why would it be any different now?

Re:Textbook FUD (4, Insightful)

Just Some Guy (3352) | more than 4 years ago | (#29527849)

I'm happy to believe that IE8 actually has a good security model.

And I thought that included sandboxing plugins? How can any plugin be a serious security threat with MS went through such pains to make IE bulletproof?

Re:Textbook FUD (0)

Anonymous Coward | more than 4 years ago | (#29528139)

Mod++

Re:Textbook FUD (1)

gmuslera (3436) | more than 4 years ago | (#29527981)

Google have gone through fairly considerable pain and implemented quite strict sandboxing techniques for Chrome, to contain any problems in the renderer.

You said it. What you have in the plugin is the rendering engine, not the sandbox afaik. For that, IE sandbox should be used, the one that they claim that already protects from renderer bugs and plugins anyway.

Sandboxing not included? :-( (1)

Lemming Mark (849014) | more than 4 years ago | (#29528037)

Ah, OK, I hadn't realised that about it. Because of not reading TFPA (the fine previous article) on the plugin.

But - as you say - it's not really clear how Chrome makes things worse.

Also, it sounds like it's not then a case of:

Total vulnerabilities = IE8 vulnerabilities + Chrome vulnerabilities

but rather

Total vulnerabilities = IE8 vulnerabilities - IE8 renderer vulnerabilities + Chrome vulnerabilities - Every Chrome vulnerability that's *not* in the renderer

And it's not obvious to me that this total number is any worse than either browser in "vanilla" state would be expected to have.

Re:Textbook FUD (0)

Anonymous Coward | more than 4 years ago | (#29528027)

erm, I think you guys are missing the point (or maybe *I* am); google Chrome Frame *it's not* Chrome, it's just a *webkit* frame inside IE. This means that all the sandboxing techniques in Chrome (the browser) here are actually missing; so the MS statement (as far as IE8 - and IE7 to a certain extent - are concerned) is not that crazy

Yeah, I was somewhat wrong but still cry FUD on MS (1)

Lemming Mark (849014) | more than 4 years ago | (#29528105)

You should get modded up. Yes, others have also mentioned that it's just webkit (and V8, I guess). So Chrome's sandboxing isn't there, in that case. But it's still not clear to me why this would necessarily be worse. The MS statement still smells like FUD to me - they're basically suggesting that Chrome's rendering engine is obviously less secure than IE's but not really saying why. And if they're omitted the complexity of the rest of Chrome and just replaced the rendering engine it's still not really clear to me why the total attack surface would be any greater - there's still the same number of components in there as in the vanilla browser, just mixed up a bit.

Re:Textbook FUD (1)

jeanph01 (700760) | more than 4 years ago | (#29528035)

Well it seems that given the FUD Ms is doing on this plug-in we can deduct that they are very uneasy about it. This is the same kind of FUD they did with Dr-Dos or Netware. One thing is different now though, people are used to Ms making FUD statements and we are not eager to believe everything as is what they tell now. But, since this is a technical argument FUD, I expect Google to respond accordingly like they always do.

Google Frame is mainly aimed for corporations where IE is the main browser. This plugin in really a great great idea and change the game. This is what Google do best : change the game instead of going head to head with the competition. But going standard into corporate desktop will need a lot of proof of stability and security. Google can do it.

Good advice. (0)

Anonymous Coward | more than 4 years ago | (#29527641)

"Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."

Given that logic we shouldn't use Windows. Thanks Microsoft!

Double Standards (5, Insightful)

Anonymous Coward | more than 4 years ago | (#29527663)

So... forcing the .NET plug-in on Firefox users was OK, but a voluntary add-on from Google is a security risk? Good to know.

Re:Double Standards (2, Funny)

Anonymous Coward | more than 4 years ago | (#29528011)

Well, yes, you see, the .NET plug-in was meant to increase compatibility without increasing the risk of attack vectors.

Trust us, we know what is good for you,
Microsoft

Re:Double Standards (5, Informative)

gabebear (251933) | more than 4 years ago | (#29528189)

They not only add the .Net plugin to Firefox without asking you, they change the useragent string for Firefox... oh and the .Net plugin doesn't have a built-in uninstaller like every other plugin.

I thought I had a virus the first time I noticed it. http://voices.washingtonpost.com/securityfix/2009/05/microsoft_update_quietly_insta.html [washingtonpost.com]

Ingrates! (3, Funny)

dangitman (862676) | more than 4 years ago | (#29527671)

a new open source plugin that injects Chrome's renderer and JavaScript engine into Microsoft's browser, earlier this week had many web developers happily dancing long through the night.

Dancing Developers?? Get back to developing webs, like you're supposed to be doing! Didn't anybody tell you that you are no good at dancing?

Re:Ingrates! (0)

Anonymous Coward | more than 4 years ago | (#29528077)

Awwwe..
-Pouts and returns to her computer-
Fine. Party Pooper...

-Jessica-

Revisit this in a year's time (1)

Chrisq (894406) | more than 4 years ago | (#29527693)

Lets revisit this in a year's time. It will be interesting to see how many vulnerabilities are introduced by this compared to how many vulnerabilities in IE do not occur when browsing in a Chrome Frame. My guess is that it will be about even.

Absolute Zero (1)

kidblast (413235) | more than 4 years ago | (#29527699)

Did anyone else who read the headline think how is that possible?

Ralph (1, Funny)

drunken_boxer777 (985820) | more than 4 years ago | (#29527751)

As Ralph Wiggum would say:

That's unpossible!

By that logic... (2, Insightful)

MoOsEb0y (2177) | more than 4 years ago | (#29527795)

... we should ban flash, acrobat reader, quicktime, and dozens of other plugins that all have regularly reported vulnerabilities.

Re:By that logic... (1)

Tony Hoyle (11698) | more than 4 years ago | (#29527899)

Actually for some of those I think you'd get a loud cheer if they were banned..

This is just Microsoft saying that the sandboxing in IE8 doesn't work and a browser plugin can compromise the system. That's how I read it, anyway.

Security good, plugins bad? (0)

Anonymous Coward | more than 4 years ago | (#29527803)

So they made great progress improving the security of IE8, but "plugins in general" still have security issues? Am I the only one who sees a faint contradiction here?

Risk? I'll give you risk... (2, Funny)

pbhogan (976384) | more than 4 years ago | (#29527823)

Microsoft is not a risk we would recommend our friends and families take.

Families (5, Funny)

Thanshin (1188877) | more than 4 years ago | (#29527831)

This is not a risk we would recommend our friends and families take.

Especially the children. Think of the children!

He should have used "mortal danger" instead of simply "risk". Also, change "would recommend" for "let". And add some exclamations, for god's sake, this is serious.

Thus, the closing sentence should be:
"This is not a mortal danger we let our children take!"

However, once you've decided to push factless crap with fear mongering, at least do it with style.

I recommend:
"If you allow your children to install the google demon, your entire family will suffer an eternity of pain, in HELL!"

My family disowned me after I installed it. (5, Funny)

lawnsprinkler (1012271) | more than 4 years ago | (#29527843)

"This is not a risk we would recommend our friends and families take." The Microsoft representative further stated that "Allowing your children to use the Google Chrome Frame plugin is tantamount to child abuse. In fact, we're not so sure that anyone installing this is truly capable of feeling love. What kind of heartless monster would willingly install this on their loved ones' browser?"

What about Flash? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#29527845)

".... has doubled the attack area for malware and malicious scripts."

Can't the same thing be said about the Flash Player Plugin?

Re:What about Flash? (1, Informative)

PIBM (588930) | more than 4 years ago | (#29527917)

Nop, the multiplier would be much bigger than double.

Oh please (2, Insightful)

gibbo2 (58897) | more than 4 years ago | (#29527847)

Because people still using IE6 are really worried about their browser security...

Thanks Microsoft... (4, Interesting)

MickyTheIdiot (1032226) | more than 4 years ago | (#29527871)

I heard about this but I wasn't going to install it yet. I don't use a lot of I.E. stuff, but what I do is Javascript intensive, so now that I know that your don't like it at Microsoft I have now installed it. Thanks for the heads up... since you don't like it there must be a reason to give it a look.

Huh? Excuse me? (0)

Anonymous Coward | more than 4 years ago | (#29527883)

How could anyone possibly make IE less secure?

and, no, I don't think 8 is any better than previous versions!

Someone start a discussion on Honda U3 X (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29527885)

Just watch a demo on youtube. Less than 10 kg yet can maintain balance.

Quite interesting.

LESS secure? (-1, Troll)

gmuslera (3436) | more than 4 years ago | (#29527919)

If IE security is already zero, how this could be less secure? putting it into negative security numbers?

First, the plugin goes from the last "in theory" secure IE8, to the "come to hack me, im open" IE6. Is definitely a security improvement for older IE versions. For IE8, is debatable or future could tell if is more or less secure than the built-in renderer, but so far, history hasn't been on IE side regarding security.

Also is pretty specific. A very small percent of IE users will install the plugin (mostly wave beta testers mostly that refuse to give up IE?), probably most will have installed Chrome or Firefox. Doing a full site and trying to get there a lot of people to activate the plugin with a specific header tag (so it can't be as easily triggered as some maybe old IE renderer security bugs) and then putting the exploit is a bit doing it taking the long road, specially if you take into account how frequently are tried to exploit IE vulnerabilities and how much aggressive is google regarding security patches (not sure if the plugin use the same update channel than the browser, i.e.).

Also is interesting that they complain about this plugin that could improve their security overall, and don't do it for other plugins that definately lower their security, but that must be used to access (pretty much like the chrome frame plugin) to some essential content, like i.e. flash or acrobat (and odds are pretty high that silverlight too).

I can't believe it (1)

Alzheimers (467217) | more than 4 years ago | (#29527921)

It's simply not possible for IE to be less secure, even if they stuck giant yellow landing stripes with a big blinking arrow visible from space with the label "ATTACK ME" on it.

First Question that Comes to Mind (1)

rehtonAesoohC (954490) | more than 4 years ago | (#29527925)

Well, the first question that comes to my mind is this:

Why even bother using IE in the first place? The tab structure of Chrome is way better in my opinion. I'm not sure if IE8 supports tab dragging, but in Chrome, I love the ability to drag individual tabs out of the main window so that the tab becomes its own independent window. Often I'll have some code reference up on my main monitor, and I'll drag a hello world (or some test equivalent) page as a tab out of the main application. In IE, you'd have to run the program again to achieve the same result.

Barring asinine security policies that prevent you from being able to use Chrome altogether, I just don't see the benefit of a plugin at all when you could just be using Chrome. *shrug*

Sounds to me that Microsoft... (5, Insightful)

dgun (1056422) | more than 4 years ago | (#29527929)

..is scared.

So Microsoft, how does it feel? How does it feel to have a big bad company with a near monopoly in one market (Google in search) threaten your stake in a different market (browsers)?

Re:Sounds to me that Microsoft... (0)

Anonymous Coward | more than 4 years ago | (#29528115)

Mod parent up. Time they got the shaft for a change. And I can think of what size shaft I'd like to use on them....

I have great respect for Google (3, Funny)

Cro Magnon (467622) | more than 4 years ago | (#29527937)

But I doubt that even they could make IE less secure than it already is.

Hey! (1, Funny)

hesaigo999ca (786966) | more than 4 years ago | (#29527945)

>Microsoft Says Google Chrome Frame Makes IE Less Secure
Everyone knows Microsoft Is What Makes IE Less Secure!

~ there...fixed that for you.

That was quick. I'm impressed! (1)

mkdx (1314471) | more than 4 years ago | (#29527953)

MS was actually pretty fast in addressing this urgent security matter!
If only they were this prompt in addressing the security and standard complaints they have...

Windows (1)

RiotingPacifist (1228016) | more than 4 years ago | (#29527957)

did you mean "Horribly insecure operating system"?

I'm not saying that google should use thier position as #1 search provided to bitchslap slap microsoft but if i were them:
active X => did you mean "poorly thought put gaping security hole"?
fault hardware => did you mean "xbox"?
how do i get rid of malware? => did you mean "how do i install linux"?

One more thing (1)

rehtonAesoohC (954490) | more than 4 years ago | (#29528103)

Who wants to place bets on how long it will take before the "Windows Malicious Software Removal Tool" flags this plugin as malicious software and automatically removes it?

"But it's a security risk!" they'll say...

I seem to remember back when Microsoft first introduced the removal tool, that it flagged IE as harmful and deleted it.

For once, I agree with Microsoft... (0)

Anonymous Coward | more than 4 years ago | (#29528125)

I don't suggest anyone use ChromeFrame. It would double the attack-vector for malware. Unfortunately for Microsoft, the logical conclusion would be to simply switch completely to Google Chrome, as that would be the least susceptible browser of the two choices.

Will do Microsoft. Thanks for the heads-up.

Insecure....? (0)

Anonymous Coward | more than 4 years ago | (#29528145)

So that means that the plugin architecture of IE 8 is completely insecure ?....

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>