Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Barks Back At Microsoft Over Chrome Frame Security

Soulskill posted more than 5 years ago | from the oh-no-you-di'int dept.

Internet Explorer 150

CWmike writes "Google hit back at Microsoft on Friday, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer safer and more secure. 'Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users,' said a Google spokesman today. 'It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months.' On Thursday, Microsoft warned users that they would double their security problems by using Chrome Frame, the plug-in that provides better JavaScript performance and adds support for HTML 5 to Microsoft's browser."

Sorry! There are no comments related to the filter you selected.

So, which side (3, Interesting)

sopssa (1498795) | more than 5 years ago | (#29547715)

The company is also investigating bugs filed with the Chrome team by Microsoft developers, who reported that Chrome Frame broke IE8's privacy mode.

Why am I not surprised this feature wasn't tested at Google? ;)

But on an interesting note, this seems to be a direct attack against Microsoft by Google. Granted not that many users will probably install it (especially 'normal' users who just dont care), with this and Chrome OS it's clear that Google is going after MS.

Also, this is another avenue for Google to datamine everything about the internet. People dont usually think about it, but Google's analytics traffic code is all over the internet and probably 90% of the sites you visit is known to google. Another interesting thing is that Slashdot used to hide the tracking code under its own domain, so just blocking the analytics domain didn't work.

While I dont like some of the business practices by neither one, its hard to pick sides here. Atleast MS sells the products directly, while Google monetarizes them by ads. And by that very nature you lose lots of privacy.

Earlier there was also discussion that Chrome Frame is mostly provided for corporate users who are required to use IE and cant install other browsers. But how can they install this plugin then? It's normal exe and probably requires even more admin rights to get inside IE than just installing Chrome on your userbase. And other than that I dont see a point in wrapping another browser plugin to work inside browser. If people are knowledge about this plugin, they're knowledge about the actual Chrome browser too. And IE user experience and GUI sucks.

Re:So, which side (3, Interesting)

dread (3500) | more than 5 years ago | (#29547735)

Ummm. Not many users? Do you completely fail to comprehend how HARD Google could push this on IE6/7 users if they wanted to? And with their allies and partners I think they would have a very good chance of doing an 80-20 conversion on that user base. That's what's up for grabs, not the measly IE8 percentage points. IE6 and IE7 users accessing Youtube, google.com, gmail, google docs et al being gently pushed to install the plugin. Good thing too in my opinion. The sooner we can get that crap out the door and onto the crap heap of history the better for everyone.

Re:So, which side (1)

sopssa (1498795) | more than 5 years ago | (#29547743)

Yep, they could push it really hard to users, but what would be the point of that? They're already pushing Chrome on YouTube and other sites and its a better deal for them. Just visit YouTube with IE and you see the advertisement on bottom to test out Chrome browser.

Re:So, which side (1)

SanityInAnarchy (655584) | more than 5 years ago | (#29548191)

Compare that to how hard they push Chrome Frame, and other browsers (Chrome, Firefox, Opera, etc), on anyone wanting to test out Wave. How long until YouTube simply doesn't support IE6?

Re:So, which side (2, Insightful)

Eirenarch (1099517) | more than 5 years ago | (#29548437)

Today it is IE and how long before they decide to push Chrome Frame to Firefox, Opera and Safari users?

Re:So, which side (3, Insightful)

Bert64 (520050) | more than 5 years ago | (#29548927)

I don't think they will...
Firefox. Opera and Safari are being actively developed and are all roughly in the same league with chrome when it comes to standards support and performance.. It is just IE that lags so far behind, and breaks support for things so badly that it puts a considerable burden on companies like google having to support it.

Aside from the fact that Safari even uses the same rendering engine as chrome.

Google don't really care what browser you use, they were pushing people to use firefox before chrome came out, they just don't want people using a browser as outdated and broken as ie because it makes their job so much harder and limits some of the things they'd want to do.

Re:So, which side (0, Redundant)

SanityInAnarchy (655584) | more than 5 years ago | (#29549229)

You're obviously not a web developer.

I can develop a site in Firefox, with Firebug, Firecookie, and all the other nice developer tools. That means I can stay on Linux, OS X, whatever I'm comfortable with.

I can then test it out in Chrome, Opera, Safari, Konqueror, Epiphany -- hell, there's a fair chance it'll work on iCab -- and only require very minor tweaks.

Then I can test it out in IE, and discover I've got a few days of work. Especially if I wanted to target IE6. Easily 20-30% of my time developing a site is spent fighting with IE.

No other browser is that much of a bitch to support.

In other words: Google isn't doing this because they're evil, or because they want everyone to run Chrome. (Even if they did, so what? Chrome is open source.) They're doing it to make life easier on all web developers, including themselves. They're also doing it to make the web better, in general -- faster Javascript, HTML5 support, and better support for web standrads...

So, it really doesn't seem likely Google would care to port this to other browsers that actually work.

Re:So, which side (2, Insightful)

Eirenarch (1099517) | more than 5 years ago | (#29549523)

If I was not a web dev I may have believed your words. However some things in our project stopped working when Chrome was updated to v2 (they used to work in v1). I've seen perfectly valid HTML that renders differently in Firefox, Chrome and Opera (should I even mention IE?). While we all agree that IE6 is pain we should not put the blame on Microsoft. After all if we had to support versions of Netscape from the time of IE6 they would be pain too and I am sure MS want to see IE6 gone more than anyone else. IE8 is as different from the other browsers as they are among themselves. I have as much trouble fixing IE8 quirks as I have fixing Opera, Firefox and Chrome/Safari quirks. And if Google were all about standards then what is Gears? I personally see this Chrome Frame + Gears thing as the next ActiveX.

Re:So, which side (3, Informative)

AmberBlackCat (829689) | more than 5 years ago | (#29547889)

Everybody I know ends up with the Google toolbar, and most of them don't know how they got it. It's installed the same way as viruses; they just get some software installed, choose typical or default installation, and keep clicking yes till they get to the end. So surely Google could bundle the installer for this thing with the toolbar and everybody will have it. They just won't know what it is, why they have it, or how to get rid of it.

Re:So, which side (2, Funny)

Arancaytar (966377) | more than 5 years ago | (#29548023)

And then we could finally stop supporting IE in our web design and move on with the standards.

Hell yes.

Re:So, which side (1)

SanityInAnarchy (655584) | more than 5 years ago | (#29548209)

It's installed the same way as viruses

I honestly don't remember any virus being installed this way:

choose typical or default installation, and keep clicking yes till they get to the end.

I mean, I've seen Google Toolbar, OpenOffice, and other bits of software installed this way, but never did I see a checkbox in some installer for "Install virus?"

So surely Google could bundle the installer for this thing with the toolbar and everybody will have it. They just won't know what it is, why they have it, or how to get rid of it.

I can see why they might want to get rid of the toolbar. I have no idea why they'd want to get rid of this. It wouldn't hurt them in any way, it'd arguably make them more secure, and it'd make my life much easier as a web developer.

Re:So, which side (2, Informative)

hairyfeet (841228) | more than 5 years ago | (#29548807)

First of all, I think the word the guy is looking for is spyware/malware. Anybody who has had to remove coolwebsearch knows that nobody goes "yes, i would like a buggy, crashy, POS software that follows everything I do and reports it back. Oh yeah, can I have lots of popups and ads too?" so that is what he was going for I think. Most folks I have dealt with have no clue how they got "Googled" or Yahooed or Asked either. Hell even Java now will hit you with a toolbar when you apply an update if you're not careful, so its no wonder why folks look down on those damned toolbars.

Second I honestly don't get how this is supposed to make anyone more secure. Give Google more data to mine? Sure I can see that. But more secure? Lets think about it for a minute: First you have IE, and any and all vulnerabilities for it, and then you add Chrome on top, along with any and all vulnerabilities for it as well. So how exactly does running TWO browsers at the same time make for LESS vulnerabilities than simply running one? Because unless there is some hidden voodoo going on I just don't see it. It seems to me it would simply be better to push to get IE6 users to use ANYTHING other than that old POS, than it would be to add more crap on top of IE and double your attack vector. Or am I missing something?

Re:So, which side (0)

Anonymous Coward | more than 5 years ago | (#29548991)

You're missing the sanboxing chrome frame does in IE on windows XP which count for 72% of all systems worldwide. IE's sanboxing capabilities need integrity levels present only in Vista and forward. That's Google's point and it is a fair one.

Re:So, which side (1)

SanityInAnarchy (655584) | more than 5 years ago | (#29549275)

Anybody who has had to remove coolwebsearch...

And how does that get installed? Is there actually a checkbox somewhere for "install Cool Web Search"?

I honestly don't get how this is supposed to make anyone more secure.

You can argue that it doesn't, but to "not get it" is a bit stupid.

First you have IE, and any and all vulnerabilities for it, and then you add Chrome on top,

In other words, it makes things "less secure" in exactly the same way that Flash, Silverlight, Java, Windows Media Player, and any other plugin does.

Basically, Microsoft's whole argument is a very good argument not to install Silverlight. I don't think that's an argument they want to make.

unless there is some hidden voodoo going on

It's not exactly hidden that Chrome supports sandboxing on Windows XP, while IE requires Vista and above for that. So for anyone who didn't upgrade to Vista or Win7 -- which is probably most of the people who didn't upgrade from IE6 -- Chrome Frame is adding a layer of security on top of IE, for the sites that use it.

Add to this the sheer swiss-cheese that is IE6 already... How shall I put this... It's like wearing boxers and a helmet. No one's going to try to shoot you through the helmet, given that choice.

It seems to me it would simply be better to push to get IE6 users to use ANYTHING other than that old POS,

It would be, and they are doing that. In fact, the page that prompts you to install Chrome Frame also mentions other browsers.

But this helps for people who are reluctant to try a new browser, but certainly less reluctant to try a new plugin. It also helps where people are not allowed to install a new browser, but might be allowed to install a new plugin -- not saying that's sane, but that's a lot of corporate desktops.

Re:So, which side (1)

amn108 (1231606) | more than 5 years ago | (#29548379)

As much as I would agree with you on the typical Google toolbar installation patterns, it is not Googles fault users have no patience to read anything that they are supposed to when dialog boxes are shown to them. I have personally witnessed how users install software, and they have no clue what they are doing, so saying that "most of them don't know how they got it" is saying nothing at all. We have not had good computer learning in schools, and this is the harvest. I am not saying reading EULAs is a good thing, I am for moderate user interfaces, but then we either forbid third party product installations by law - so that users can click "Install, no questions asked" button without worrying about anything, or we teach them how important it is to actually read dialog boxes. Trouble is, we developers have abused dialog boxes for so long, it is no wonder users have no confidence nor patience to read them anymore. It is like asking them to read commercials, they would honestly ask you "And why would I do that?!"

Re:So, which side (2, Interesting)

MrCrassic (994046) | more than 5 years ago | (#29547757)

Well, from the article, I'm getting the gist that they are only fueling the fire further. IT departments should be doing what they can to GET OFF IE6 instead of using software like this to breathe new life into it!

Upgrading to IE7 and IE8, as specified in the article, makes this add-on irrelevant. On a side note, I'm also concerned about the heavy-handedness Google has nowadays. I understand that their products constitute a LARGE portion of internet traffic, but it's kind of scary to think that their analytics code IS all over the web....

Re:So, which side (1)

Runaway1956 (1322357) | more than 5 years ago | (#29548157)

Alright, so look at this addon as a tool to encourage MS and it's customers to abandon IE6. One by one, installations of IE6 are "infected" with the Google addon, MS doesn't like it very much, so they make a HUGE push to get rid of IE6.

As for IE7 & 8 - MS can always "update" them to refuse the plugin. Such a move is certainly not unheard of - hence my sig.

No one in the world with half a mind really wants IE6 anyway. Google is just helping those with less than half a mind to move forward! Win - win!

Re:So, which side (5, Insightful)

mystik (38627) | more than 5 years ago | (#29547759)

I'm from a small org, fully embracing the leading edge.

But I can See the following scenario:

1) Org has large internal App written for IE6 only. Can't upgrade so users are forced to have IE6 on their workstations
2) Org's IT admins are well aware of the security problems IE6 forces them to work around.
3) Roll out the Chrome plugin, and set things up so everything *but* the internal site uses Chrome.

Installing IE upgrades makes it difficult to leave an ie6 & ie_latest deployment side-by-side in a 'supported' fashion (Unless ms has a 'supported' way of doing this?)

Using the Chrome plugin lets the Org upgrade the browser to something maintained & more secure on their deployment, while allowing the archaic app to work as expected.

Re:So, which side (2, Insightful)

Marcika (1003625) | more than 5 years ago | (#29548061)

I'm from a small org, fully embracing the leading edge.

But I can See the following scenario:

1) Org has large internal App written for IE6 only. Can't upgrade so users are forced to have IE6 on their workstations 2) Org's IT admins are well aware of the security problems IE6 forces them to work around. 3) Roll out the Chrome plugin, and set things up so everything *but* the internal site uses Chrome.

Installing IE upgrades makes it difficult to leave an ie6 & ie_latest deployment side-by-side in a 'supported' fashion (Unless ms has a 'supported' way of doing this?)

Using the Chrome plugin lets the Org upgrade the browser to something maintained & more secure on their deployment, while allowing the archaic app to work as expected.

That's what Firefox with the IE Tab add-in is for. If you have control of your IT infrastructure, why settle for the intrusive kludge of Chrome Frame?

Re:So, which side (1)

dissy (172727) | more than 5 years ago | (#29548133)

That's what Firefox with the IE Tab add-in is for. If you have control of your IT infrastructure, why settle for the intrusive kludge of Chrome Frame?

Because it is very difficult to maintain a firefox deployment on a windows network.

Active directory and Group policy are tied in deep with IE. Firefox, not so much.

There are third parties that make the required MSI installers, at least for the browser.
Settings can not be pushed out through group policy, they have to be configured in advance and placed in the MSI installer.

This basically means you use the same method to push out the software, as you use to push configuration changes.

It does get the job done. It just isn't pretty. It also conflicts with anyone who has installed firefox manually, occasionally just blowing away profiles (only happened 3 times out of 150 workstations, so not too bad really, given firefox has done this by itself to me more than once in the past in a regular install)

Personally, I feel the pain of deployment is well worth the benefits of having firefox for internet browsing and IE only for intranet/webapps.

I'd love to believe Microsoft about the IE8 sandboxing security, but they are not exactly trustworthy at all in that area.
Plus we have the added problem of skipping vista for win7, so are currently still using XP with server 2003 backends.

Props to the maintainers of the MSI versions of firefox for corporate deployment however. Still far to go, but definately lots of progress has already been made.

The point is however, a lot of MS only shops will want to stick with the well integrated MS only tools. These tools exclude most all 3rd party software, so IE it is. And this seems to be a very good way to improve IE's security without resorting to maintaining a painful firefox deployment.

Re:So, which side (1)

dontclapthrowmoney (1534613) | more than 5 years ago | (#29548365)

Active directory and Group policy are tied in deep with IE. Firefox, not so much.

There are third parties that make the required MSI installers, at least for the browser. Settings can not be pushed out through group policy, they have to be configured in advance and placed in the MSI installer.

This basically means you use the same method to push out the software, as you use to push configuration changes.

Has anyone made a custom Group Policy template file (.adm) for Firefox? I've never needed one and I haven't googled for it now - I'd be very surprised if no-one had done this, at the very least for proxy settings etc.

I realise that tools like rsop.msc would show the firefox settings only as custom registry settings - no biggie though, and you would always push the ADM out to workstations if this became a problem (easier than updating the install itself, and I can't really think of a major reason to bother with this - still an option though if necessary for some reason).

Sometimes though it is easier to use a logon script to set up anything that is a preference, if you only have a few settings - for example, block internet except through the proxy, and if the user messes with it/breaks something then they log out/in which we all tell users to try before they call anyway.

Re:So, which side (1)

lukas84 (912874) | more than 5 years ago | (#29548551)

Custom ADM templates don't work for Firefox because Firefox doesn't use the registry for most settings, instead the prefs.js in %APPDATA%\Mozilla\.

Enterprise Deployment isn't anything Firefox, Opera or Chrome are aiming for.

Re:So, which side (1)

tomthegeek (1145233) | more than 5 years ago | (#29549103)

We use Frontmotion Firefox [frontmotion.com] on our network. From the website:

  • Active Directory deployable and upgradeable.
  • Active Directory management through Administrative Templates (*.adm).
  • Desktop Icon similar to IE.
  • Shell integration similar to IE.
  • Set Default browser
  • Macromedia Flash plug-in preinstalled
  • Detect and upgrades non-MSI installs.
  • Can upgrade 3rd party MSI's from patpaul/MIT [sourceforge.net] , Webheat.co.uk [webheat.co.uk] , and ZettaServe [zettaserve.com] .
  • Able to properly perform uninstalls and restores system associations
  • Enhanced functionality like disabled profile migration.

Re:So, which side (1)

SanityInAnarchy (655584) | more than 5 years ago | (#29548215)

Any organization smart enough to do that should be smart enough to replace IE6 with Firefox, and configure it to use IE Tab [mozilla.org] for the internal site.

Re:So, which side (1)

Jurily (900488) | more than 5 years ago | (#29547763)

But how can they install this plugin then? It's normal exe and probably requires even more admin rights to get inside IE than just installing Chrome on your userbase. And other than that I dont see a point in wrapping another browser plugin to work inside browser. If people are knowledge about this plugin, they're knowledge about the actual Chrome browser too.

When company policy or existing contracts force the sysadmins into IE, they might still have the option to install plugins.

And IE user experience and GUI sucks.

Irrelevant when you are verboten to use anything else.

Re:So, which side (1)

Runaway1956 (1322357) | more than 5 years ago | (#29548213)

"Irrelevant when you are verboten to use anything else."

I would argue with that. User satisfaction is never irrelevant. I'm doing a job - ANY JOB - and I have dozens of employees. 25% to 50% of my employees tell me that they know a better, faster, easier, more efficient way to do the job, but I insist on doing the job MY WAY, because I'm the boss. I will lose good employees who are dissatisfied, over time. I will attract poorer employees over time - employees who aren't bright enough to see these obviously better ways of doing the job.

Insisting on using outdated methods and/or technology because "I'm the boss!" is a cancer that will eat at the organization.

Verboten? How much do you enjoy working for an organization where improvements are verboten?

Re:So, which side (1)

lukas84 (912874) | more than 5 years ago | (#29548571)

You have never worked in a large enterprise, haven't you?

They're as bad as most governments. Sometimes even worse.

Re:So, which side (1)

Runaway1956 (1322357) | more than 5 years ago | (#29548691)

No, I've been scared off of large organizations ever since I served in the Navy. Are you agreeing that a stifling work environment attracts workers who are mediocrities, or worse? We all know people who show up just to get a paycheck. The guy who comes to work all fresh faced and raring to go doesn't get sucked into an environment where ideas are automagically quashed before he can properly verbalize them.

Re:So, which side (1)

Bert64 (520050) | more than 5 years ago | (#29549039)

In a large corporation, an attitude you describe will result in mediocre and/or lazy workers...
I know several perfectly capable people who work in such environments simply because its easy, they blend into the background and collect their pay without doing very much work at all. Most of their colleagues are as you describe, mediocre or worse and are easily manipulated.
They generally sit around doing their own thing all day, and their colleagues aren't smart enough to challenge them.

More Errors (4, Interesting)

WED Fan (911325) | more than 5 years ago | (#29548305)

I tested this plug-in:

  • On /. without plug-in, using IE8, I get no errors.
  • On /. with FF, I get no errors.
  • On /. with plug-in, using IE8, I get DEP errors.
  • On other sites, with plug-in, using privacy mode, I get multiple IE crashes.
  • On the same sites, disable the plug-in, in privacy mode, no errors.

I don't know about making it less secure, but it sure causes a bunch of "recovered" tabs and multiple errors.

Not Ready for Prime Time!

Re:More Errors (1)

TheRaven64 (641858) | more than 5 years ago | (#29549569)

Not Ready for Prime Time!

Well, duh. It's a Google product: It will be out of beta in a few years...

Sigh... shortsighted are we? (4, Insightful)

SmallFurryCreature (593017) | more than 5 years ago | (#29548631)

Google is at war and its goal is the liberate the browsers and allow them to be everything they can be.

Evil Microsoft has poor IE as a hostage and is doing terrible things with it. It could be so much but forced into ghetto conditions it is backwards and idiotic.

Direct war with the evil Microsoft is hard but Google is dropping supplies behind enemy lines to help as much as possible. Luxuries other browsers can take for granted are dropped in the form of javascript libraries so that IE can still at least somewhat come along no matter how slow.

Now with this new weapon of peace the evil Microsoft can be twarthed like never before, every IE that dares can now be free and standup like a real browser with all the features those in the free world have come to taken for granted.

There is not going to be one single succesful strategy to liberate the browser, but liberated it will be. Google needs freedom more then any true american company needs air to breath. The communist Microsoft (All for one OS and one OS for all) shall be vanquished. It will not happen overnight, but it will happen.

For the humor impaired: Google needs fast capable browsers because that is where it does its business. If MS can't produce a capable browser then it got 3 options: advertise other browser (firefox), produce its own to push the cutting edge (Chrome forced firefox to become quicker) and to augment the least capable browsers to support current standards. It will have to push hard from different directions to achieve this but success has already been made. MS has had to work very hard with IE and you can see from their response about this plugin in that they are very scared indeed about the browser becoming more capable.

This battle is NOT about getting people to install Chrome or Firefox, it is about having them surf the web with a capable browser so Google can push new features and not have to constintly cripple their application for an obsolete piece of software.

Re:Sigh... shortsighted are we? (1)

ToasterMonkey (467067) | more than 5 years ago | (#29549169)

I'm back here reporting behind 'enemy lines' and I see the 'repressed' citizenry are enjoying IE8, Safari, Opera, Firefox, and Chrome.. elsewhere IE6 is being enjoyed by people who don't care to know what a browser is. Are there any fronts to this war or is it all made up? *enjoys the local food and moves on*

Google software can fuck off (-1, Troll)

Anonymous Coward | more than 5 years ago | (#29547721)

Google dodged the point (1, Insightful)

gcnaddict (841664) | more than 5 years ago | (#29547731)

"It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months."

Irrelevant. The point is that it's another exploitable object, thereby expanding the exposed surface of attack. That's Microsoft's entire point. There's just no reason to get this installed in corporate networks where IE6 is being used (breaks most intranet sites), anyplace where IE7 is being used (there's IE8; upgrade to it), and anyplace where IE8 is being used (surface of attack expanded in exchange for little benefit). Downloading Chrome itself is fine, but this is nothing more than a veiled attempt at tricking users into using Chrome instead of legitimately gaining marketshare.

Re:Google dodged the point (0)

Anonymous Coward | more than 5 years ago | (#29547769)

It does not break intranet sites... Do you have any idea what you are talking about?

Re:Google dodged the point (-1, Flamebait)

sopssa (1498795) | more than 5 years ago | (#29547781)

It does break intranet sites if they're specially being made to work with IE (which everyone uses on the company). You'd be surprised how much of corporate code is specially made the work with IE and it doesn't work well or at all with other browsers.

Re:Google dodged the point (1, Interesting)

Anonymous Coward | more than 5 years ago | (#29547833)

To enable the plugin you need to alter the html: add some kind of header.

I would like to see an intranet site especially made to work with IE that enables the plugin by inserting html...I do not think there are any.

Re:Google dodged the point (0)

Anonymous Coward | more than 5 years ago | (#29547869)

Based on what did you just make that assumption? As others have also pointed out, the site has to OPT-IN to enable it to be used by Chrome-frame.

Cut the BS please.

Re:Google dodged the point (3, Informative)

Runaway1956 (1322357) | more than 5 years ago | (#29548263)

Coming to a community college near you: Reading Comprehension 101

The plugin sits idle UNTIL CALLED by a call ON THE SERVER. If the call isn't made by the intranet server, the plugin doesn't do anything, meaning IEx does what it would have done anyway.

Re:Google dodged the point (1)

ClosedSource (238333) | more than 5 years ago | (#29548881)

So essentially Google's argument is that you should download and install it because it doesn't do anything for 99.9% of internet sites.

Re:Google dodged the point (1)

Runaway1956 (1322357) | more than 5 years ago | (#29549037)

That remains to be seen. Web designer people may look at this as salvation from tweaking and retweaking for IE6. Some of them may or may not put a disclaimer on their site, "If you have problems viewing this site with IE6, you should upgrade to a more modern browser, or install Google's addon" complete with links to the addon, as well as the more popular browsers.

If such an approach were taken, who knows? Let's take another look in 3 months, then again in 6 months. Stuff happens, you know?

Re:Google dodged the point (1)

ClosedSource (238333) | more than 5 years ago | (#29549443)

I guess it depends whether the organization thinks the time, cost, and inconvenience involved with supporting IE6 is more significant than the possibility of losing users.

Even if they came to that conclusion, their agenda would be better served by having users update IE or switch to another browser rather than using an untested hybrid solution that Google might get bored with and stop supporting later on (it wouldn't be the first time).

Re:Google dodged the point (1)

drinkypoo (153816) | more than 5 years ago | (#29547829)

Irrelevant. The point is that it's another exploitable object, thereby expanding the exposed surface of attack. That's Microsoft's entire point.

Google avoids addressing this point because is a stupid one. An aircraft carrier is more secure than a leaky rowboat in spite of having a greater "surface of attack". It turns out that thick sheets of steel are more resistant to penetration than pieces of wood the same thickness or less. Who knew? IE is kleenex, you could cough a hole in that.

fixing that analogy (1)

RingDev (879105) | more than 5 years ago | (#29547957)

To run with your Aircraft Carrier vs Leaky row boat analogy...

This is more akin to putting a nuclear powered steam turbine engine from an air craft carrier into your leaky row boat.

Sure, it'll make your leaky row boat fast as hell and able to pull huge objects, but your leaky row boat is still leaky, over weight, and now requires a constrant stream of fuel.

The GP's point is in part accurate. CF does indeed increase the exposed surface of IE. If you are willing to live with that risk, do it, if not, don't.

I also find it odd that Google was complaring it to IE6. Isn't that kinda like MS comparing IE8 with Chrome Alpha or Fire Fox 1.0? The only option for IE6, IMO, is to get rid of it. Developers need to abandon support for it, force users to upgrade to IE8, or to switch to FF or Chrome. But comparing their plug-in with an 8 year old browser is disengenuous.

-Rick

Re:fixing that analogy (2, Insightful)

drinkypoo (153816) | more than 5 years ago | (#29548007)

But comparing their plug-in with an 8 year old browser is disengenuous.

It would only be disingenuous if their plug-in didn't plug into that 8-year-old browser, which is still one of the dominant browsers today.

Re:fixing that analogy (1)

Runaway1956 (1322357) | more than 5 years ago | (#29548341)

"but your leaky row boat is still leaky, over weight, and now requires a constrant stream of fuel."

"Aye, Captain, I'll pull into the next Exxon station for more nuclear rods!"

Alright, asshat comment completed, I agree with "force users to upgrade to IE8, or to switch to FF or Chrome." I'm quite tired of hearing about some lame ass in-house trash that only works in IE6. NO ONE WANTS IT, so dump it!

Illegal analogy detected. Please fix your posting. (0, Offtopic)

140Mandak262Jamuna (970587) | more than 5 years ago | (#29547987)

Your posting is rejected because you included an aircraft carrier analogies. To be standard compliant for slashdot users, please reframe it as a car analogy.

Re:Illegal analogy detected. Please fix your posti (1, Funny)

Anonymous Coward | more than 5 years ago | (#29548167)

Fear not!

Google has released a plug-in that automatically converts non-compliant analogies on Slashdot into either car or house-front-door-unlocked analogies

I believe it can optionally do automated library of congress conversions as well as append random critique regarding the nature of Slashdot's CSS.

Standards Exist for a Reason (1)

raftpeople (844215) | more than 5 years ago | (#29548955)

It's like you are talking a different language, can you use a car analogy please?

Re:Google dodged the point (4, Informative)

jlp2097 (223651) | more than 5 years ago | (#29547831)

There's just no reason to get this installed in corporate networks where IE6 is being used (breaks most intranet sites)

BS! Chrome Frame is entirely opt-in i.e. the website has to include a meta-tag indicating that the site should be displayed in Chrome Frame instead of IE Trident. This is the point of Chrome Frame: allow all these corporations (mostly) to keep their IE6 and maybe IE7 while still having the possibilty to access all these new & shiny ajaxy webapps (like Wave).

Oh please no... (1)

rmdyer (267137) | more than 5 years ago | (#29549449)

... the website has to include a meta-tag indicating that the site should be displayed in Chrome Frame instead of IE ...

The very last thing I want as a system administrator are hundreds of thousands of sites (if not millions, or more) requiring the user to have Google Chrome, or the Chrome Frame plugin, before the site can be used. Web sites should be designed using web standards, and not require specific browsers for use. Talk about pot calling kettle black! Plugins should be handlers for the primary browsers functions, not over reaching take over my browser leaches.

Re:Google dodged the point (1)

noidentity (188756) | more than 5 years ago | (#29547839)

OK, so your logic is different than installing Chrome on the same machine, because with this plugin, a site can select whether to use it? I was going to rebut your point, but I think I get it now. What if the user could tell this Google plugin to entirely disable IE's native HTML rendering/JavaScript/etc.? I guess that would be somewhat pointless, since you might as well just use Chrome to begin with...

Re:Google dodged the point (1)

Gothmolly (148874) | more than 5 years ago | (#29547881)

"...The point is that it's another exploitable object..."

You've just described the entire Windows operating environment, where everyone runs as Administrator. I don't think MS can make this argument with a straight face.

Re:Google dodged the point (2, Insightful)

sopssa (1498795) | more than 5 years ago | (#29547905)

Welcome to 98. Not everyone runs Windows as admin, especially if its a shared computer (like in family). For that matter, its just aswell possible to run Linux as root to do your everyday things. This has been said countless of times already, but it's not the OS's fault; it's the users fault and how they're using their system. Linux is just as vulnerable to a stupid user than Windows is.

Re:Google dodged the point (0)

Anonymous Coward | more than 5 years ago | (#29548259)

Whilst I agree with the sentiment, Windows carries a different approach and mindset..

I can happily run everything as admin in windows and never really notice or care, it just happens out of the box, by default, as normal. The instability this can cause is usually considered the 'way its supposed to work'.

Also, for most people, if they are using just userland rights on a windows box, they'll occasionally find themselves jumping through hoops for one (badly written) application or another, just to make it work.

Assuming you ignored the rather common 'omfg dont run stuff as root' messages that most distros provide, after few hours of running everything as root in linux and you'll eventually see the benefit of keeping that log-in for special occasions only.

Hoop jumping in linux for userland stuff still exists but its not as much a hacky workaround as it tends to be in Windows.

Things have been changing in windows land since Vista in this regard, but most 'general users' will tell you those new features are annoying and intrusive.

Re:Google dodged the point (1)

Runaway1956 (1322357) | more than 5 years ago | (#29548389)

Alright, I'll admit. Outside of the corporate world, at least 3 or 4 percent of users run as a restricted user.

Among the other 95% + we find gamers whose games won't run unless they are Admin, we find people who routinely install apps from the web and can't be bothered to "Run as" Administrator, we find OEM machines with a single default user who has Admin rights - I could go on.

No, you don't get away with pointing to Vista and Win7 - they have NOT been widely adopted by the public. Most of the computing public is still running XP, and are unlikely to upgrade soon. (Recession, remember? A lot of people who MIGHT upgrade to Win7 don't have money to spend on frivolities!)

Re:Google dodged the point (4, Informative)

daniel142005 (906427) | more than 5 years ago | (#29547891)

Do you have any idea why they released Chrome Frame in the first place? Its because Google got tired of Microsoft not meeting web standards. Google will be releasing Wave soon and the majority of the population would not be able to use it because IE does not support HTML5. Chrome Frame is just as secure as IE if not more, not to mention, if a bug or exploit is found with Chrome or Chrome Frame, it takes Google hours to days to push out a fix.

"There's just no reason to get this installed in corporate networks where IE6 is being used"

Do you have any clue what Chrome Frame even does? It does not force EVERY website to use itself. Only websites that request it or websites that you told to use it. And believe it or not, there are a lot of newer applications in the business environment that do not work with IE6 or even IE7/8.

"anyplace where IE8 is being used (surface of attack expanded in exchange for little benefit)"

I guess you are unaware of exactly how much IE8 does not include compared to Firefox/Safari/Chrome, and your obviously not a web developer. Most of the time websites have to have code dedicated for IE otherwise the website will not work right. Google is sick of Microsoft not following standards and them as well as everyone else having to waste their time to make patches so it will work in IE.

Re:Google dodged the point (0)

Anonymous Coward | more than 5 years ago | (#29548005)

I guess you're unaware what "surface of attack" means. Security has nothing to do with meeting web standards, and obviously all you care about is using some new fancy HTML5 feature rather than thinking about what installing software, or making requirements of your users actually entails. One thing you're right on though, Chrome Frame is not an altruistic venture from Google, it's done to support their own software and the expansion of their own market.

Re:Google dodged the point (1)

jesser (77961) | more than 5 years ago | (#29547899)

Yes, Chrome Frame increases your attack surface, because by default, it lets each site choose whether to use IE's engine or Chrome's engine. But I see Chrome Frame as a temporary measure to allow intranet sites to be updated one at a time. From that perspective, it's safer in the long run than remaining stuck with IE6.

Furthermore, if you configure Chrome Frame to force one engine or the other for all non-intranet sites, it's about as secure as whichever engine you pick. More to the point, it's then safer than having everyone use both IE and Chrome, because a site can encourage users to try opening it in the other browser just by looking broken.

Re:Google dodged the point (0)

Anonymous Coward | more than 5 years ago | (#29547903)

The thing is, that it in fact does _not_ break intranet sites (You have to opt-in for using it) and most people are still on XP:

(71.79% according to hitslink.) [hitslink.com]

Sanboxing features on IE require integrity levels that are present from Vista on (not present in XP). So google makes quite a valid point. Also the surface of attack is also raised with silverlight and flash plugins (or any plugins for that matter), I don't see Microsoft communicating this fact enough. ;)

Microsoft dodged the point (0)

Anonymous Coward | more than 5 years ago | (#29548093)

Microsoft: Making that claim - double security issues - in some countries would get you into very hot water. MS has not said much about Adobe, who has a not so good (security) track record.

Clearly any hacker will avoid Google addins like the plauge (because they will be fixed fast), and go for the nice, static, unpatched MS code.

The likely NEW risks are those in the code path of new HTML5 features and functions, and not the plugin.

Whatever MS's whinges, Google will fix it. MS is probably doing a mental, as Yahoo like plugins will come After Chrome. We have seen MS use policy to favor its own product/family before, so Google doing the same is not news - but it is also not a security thing.

Re:Google dodged the point (2, Insightful)

SanityInAnarchy (655584) | more than 5 years ago | (#29548275)

The point is that it's another exploitable object, thereby expanding the exposed surface of attack. That's Microsoft's entire point.

It didn't stop Microsoft from writing Silverlight -- or ActiveX, for that matter. Seems they're only concerned about "expanding the exposed surface of attack" when it's something they don't like.

There's just no reason to get this installed in corporate networks where IE6 is being used (breaks most intranet sites)

It's opt-in, by the site. The default IE6 engine will still be used for those intranet sites, unless the intranet sites explicitly ask for Chrome Frame -- and if that ever happens, there's a strong possibility that these intranet sites are ready for other browsers.

Downloading Chrome itself is fine, but this is nothing more than a veiled attempt at tricking users into using Chrome instead of legitimately gaining marketshare.

And bundling IE with the OS wasn't? How about exposing IE's HTML engine as a standard ActiveX component?

I'm not suggesting that either of these things could be reversed now, but understand that at the time this decision was made, Netscape was still being sold in stores, and I believe it did have a majority marketshare.

But you know what? At this point, I don't care if Google has to hire assassins to kill off Microsoft's IE team, as long as the end result is the same: We can finally start developing to web standards, and stop having to spend half our time figuring out how to work around IE's bugs. Hell, it means we can actually use exciting new features like HTML5, and stop using Flash unnecessarily, just because IE doesn't support <video>.

(Ok, yes, it would be very sad if people had to die over this, but you get the point.)

Re:Google dodged the point (1)

dread (3500) | more than 5 years ago | (#29548315)

But seriously, this argument is wholly inane and false.

1: IE6 - it would break intranet sites. NO it wouldn't as it wouldn't get used unless the proper meta tag is IN THE PAGE. Is this insanely hard to understand? IE6 would keep chugging along until a page that asked nicely for the plugin came around. Then it would be used. The intranet would remain untouched.

2: IE7 - upgrade to IE8. Do you have any idea of how many organisations are avoiding upgrading to IE8 specifically because they aren't sure that everything is going to work properly. You are arguing that they have to upgrade (to a product that is measurably worse than the competition at handling new, javascript-heavy web applications) rather than take advantage of a plugin that will solve their immediate pain point (performance for certain apps) while not disturbing their current setup.

3: Veiled attempt at tricking users into using Chrome instead of legitimately gaining marketshare.
Please, enlighten me - exactly how does one "legitimately gain marketshare"? This is just plain old stupid. Market share is built by providing a good product and having people use it. Time will tell if Chrome Frames is a good product and if people will use it. You are not the judge of what is a legitimate route to market or not. Sorry. The arbiter of that is the market.

Re:Google dodged the point (1)

Bert64 (520050) | more than 5 years ago | (#29549047)

Silverlight is another exploitable object too...
People concerned about security should probably be using the full blown chrome, which is generally regarded as having a better security model than other browsers.

Not surprising. (1)

Capsy (1644737) | more than 5 years ago | (#29547741)

Despite being a user of Vista, Zune, and a former XBOX owner, I'm not overly fond of Microsoft's stance on software. Zune needs to be open sourced so developers and modders can start creating utilities for it that matter. Microsoft adopted a "we-will-handle-it-ourselves-and-drag-the-competition-under-our-wheels" approach to software and the way the internet should be "browsed." As such, everyone is commiting herecy and blasphemy when they try to make a better program for the same function that Microsoft's software already does. For instance, look at Linux. Although it's not quite as compatible for gaming as Windows is, more and more gamers are turning to Linux, quite simply for the ease of use, and the fact they can modify their installations to fit their needs. Even down to programming something for it. All Google is guilty of, besides being asses about Android, is making a perfectly legitimate program and essentially offering to keep on top of it ("...and defenses from emerging online threats that are available in days rather than months") better than even Microsoft does. Do I smell corporate greed?

Re:Not surprising. (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#29547761)

For instance, look at Linux. Although it's not quite as compatible for gaming as Windows is, more and more gamers are turning to Linux, quite simply for the ease of use, and the fact they can modify their installations to fit their needs.

I see trolling here, but lets not get into this.

Re:Not surprising. (1)

Capsy (1644737) | more than 5 years ago | (#29547775)

Not trolling. I USE WINDOWS. What part of this didn't you understand? The point I was making is that Microsoft feels like they have the right to "block out the sun" over all other developers and companies. There's a term for it, and I'm not referring to a monopoly. I'm thinking of Facism.

Re:Not surprising. (1, Insightful)

amiga3D (567632) | more than 5 years ago | (#29547801)

Wanting all the market for themselves? That's greed. Pure and simple.

Re:Not surprising. (1)

Capsy (1644737) | more than 5 years ago | (#29547841)

That's what I'm saying. Microsoft has been a monster ever since Gates decided he could market Microsoft. And by monster, I mean greedy, myopic little worm.

Re:Not surprising. (0)

Anonymous Coward | more than 5 years ago | (#29547877)

Are you really a Zune user? I've never seen one of those before.

Re:Not surprising. (1)

Capsy (1644737) | more than 5 years ago | (#29547963)

If Zune were to be open sourced, I'm pretty sure the Zune Touch could compete with iPod Touch. And yes, I use Zune.

hmmm (0, Troll)

chelroms (1642993) | more than 5 years ago | (#29547751)

the two big companies is getting very serious about this... lets see whats next... i am interested about this two... http://www.techandgizmo.com/ [techandgizmo.com]

Does anyone care? (5, Insightful)

amiga3D (567632) | more than 5 years ago | (#29547765)

I'm thinking that IE users' primary concern is not security or they'd be using something else to begin with.

Re:Does anyone care? (2, Insightful)

AmberBlackCat (829689) | more than 5 years ago | (#29547897)

I'm thinking that IE users' primary concern is not security or they'd be using something else to begin with.

True, their primary concern is the browser working when they go to the website.

Re:Does anyone care? (3, Informative)

Shikaku (1129753) | more than 5 years ago | (#29547953)

It doesn't activate on EVERY website. RTFA. It requires a meta tag. Google released this so that IE users can use Google Wave because IE doesn't support HTML5. It can also be used on other websites. I think it's a great move by Google, to smack Microsoft in the face to actually step up to standards.

Re:Does anyone care? (2, Insightful)

Anonymous Coward | more than 5 years ago | (#29548051)

You realise HTML 5 isn't a standard right? It's a wish list, and the last time people started implementing standards early we got layers rather than divs and had to live with that pain for years. MS had the same problem with XML/XSL/XSLT where they implemented a draft standard which then changed, and then they were slagged for implementing early. But then all web designers care about is getting fancy video it seems rather than learning from the mistakes already made.

Re:Does anyone care? (2, Insightful)

mister_playboy (1474163) | more than 5 years ago | (#29548619)

Right now we are stuck with Flash... so HTML5, standard or not, would be much preferable.

Re:Does anyone care? (0)

Anonymous Coward | more than 5 years ago | (#29549181)

You are willfully misunderstanding the HTML standards process. Any feature not supported by at least two browsers cannot ever be part of a full standard. Saying HTML5 is not a standard, so not supporting it is not a big deal is quite dishonest.

Re:Does anyone care? (0)

Anonymous Coward | more than 5 years ago | (#29548987)

I'm thinking that IE users' primary concern is not security or they'd be using something else to begin with.

That's not true. Imagine telling your mother that her browser is "insecure," and that it's putting her computer at risk for "those scary virus things." Everybody knows that security is a good thing; the problem is that most of them aren't aware that IE is insecure.

Emergency Security Update (2, Funny)

140Mandak262Jamuna (970587) | more than 5 years ago | (#29547983)

Microsoft announced that even though XP, Win97, Win2K, IE5 etc have been end of lifed, and will not be supported anymore, it has issued a special security update that will freeze IE5, IE6, IE7 and IE8 if Google Chrome Frame plug in is detected. After the update IE will first send a browser agent string pretending to be Google Chrome Frame, and if the website responds to it, it will crash IE and the OS with a BSOD with the message, "See? I Told ya, Google Chrome Frame is bad. It crashes everything".

The new motto in Microsoft is "Windows 7 is not done, until Chrome Frame wont run".

fuck you (0)

Anonymous Coward | more than 5 years ago | (#29548785)

what the fuck is Win97, you cocksucker???

Chrome Frame sucks for me (3, Interesting)

dword (735428) | more than 5 years ago | (#29547985)

I'm a Firefox / Chrome fan and I just installed the Google Chrome Frame to see how it behaves. I installed Windows XP SP2 less than 24 hours ago and since then I've only installed my drivers, Firefox and the Google Chrome Frame; I went to a couple of innocent websites with IE6 and they both crashed the browser.

PS: Web developer here - Yes, IE6 sucks but it is not THAT unstable.

Re:Chrome Frame sucks for me (3, Interesting)

JasonBee (622390) | more than 5 years ago | (#29548111)

I'm a Firefox / Chrome fan and I just installed the Google Chrome Frame to see how it behaves. I installed Windows XP SP2 less than 24 hours ago and since then I've only installed my drivers, Firefox and the Google Chrome Frame; I went to a couple of innocent websites with IE6 and they both crashed the browser.

PS: Web developer here - Yes, IE6 sucks but it is not THAT unstable.

Which web sites? I'd love to test your observation as I have multiple VMs with various IE versions installed on various WinXP flavours.

Please tell us.

Re:Chrome Frame sucks for me (5, Informative)

IamTheRealMike (537420) | more than 5 years ago | (#29548171)

ChromeFrame isn't activated unless the website asks for it. So you were just testing the reliability of IE6, not Chrome.

Re:Chrome Frame sucks for me (4, Informative)

dword (735428) | more than 5 years ago | (#29548357)

I guess IE6 is THAT unstable. Thanks :)

Re:Chrome Frame sucks for me (1)

blackfrancis75 (911664) | more than 5 years ago | (#29548391)

FFS RTFM, and ppl stop modding this shit up.

Re:Chrome Frame sucks for me (1, Informative)

Anonymous Coward | more than 5 years ago | (#29548721)

Just to be sure it wasn't CF, try adding the cf: prefix to the URL. This will force IE to use CF for that page. E.G., in your address bar put "cf:http://tech.slashdot.org/story/09/09/26/0257216/Google-Barks-Back-At-Microsoft-Over-Chrome-Frame-Security" (w/o quotes obviously).

secure? on windows? (1)

sakura the mc (795726) | more than 5 years ago | (#29548159)

how can a piece of software claim to be secure when windows is a compromised piece of shit to begin with???

Barks back? (1)

whatajoke (1625715) | more than 5 years ago | (#29548285)

So Google "barks back" but Microsoft "hits back"?

Strategic mistake (3, Interesting)

blind biker (1066130) | more than 5 years ago | (#29548347)

Microsoft has nothing to gain in this war of wards. They should have known it before they started it: now Google has more than just an excuse to publicize/raise the awareness of IEs security holes, educating the public on phishing, in the process. This will will definitely raise the interest of at least some IE users who would have not otherwise bothered themselves with Google's add-on.

I can see how MS got suckered into this, though: they just can't stand someone walking into their turf. Their predator instinct is just too strong, and makes them do stupid things.

Well played, Google.

Re:Strategic mistake (3, Interesting)

at_slashdot (674436) | more than 5 years ago | (#29548493)

The more Microsoft makes fuss about Chrome Frame the more people will find out about this options. A negative campaign when it comes from a negative company is positive.

Re:Strategic mistake (0)

Anonymous Coward | more than 5 years ago | (#29548663)

That's a logical fallacy.

Re:Strategic mistake (3, Funny)

mister_playboy (1474163) | more than 5 years ago | (#29548799)

Publicity has nothing to do with logic, smartypants.

Re:Strategic mistake (3, Insightful)

westlake (615356) | more than 5 years ago | (#29548967)

The more Microsoft makes fuss about Chrome Frame the more people will find out about this options.

The only "fuss" I'm hearing about Chrome Frame is on Slashdot. The geek needs to remember that to almost everyone else Google remains simply a search engine.
 

Re:Strategic mistake (1)

pearl298 (1585049) | more than 5 years ago | (#29548609)

Microsoft is used to dealing with much smaller adversaries who can be intimidated or simply ignored.

I am thinking of the MSWord/XML patent fuss as the latest example.

What is new is that Google is big enough to take on Microsoft and at their own game! Including Microsoft's favourite game of FUDD!

What I am seeing is that Microsoft is being "attacked" on many fronts at once.

Remember IBM and their attempts to kill off the PC not that long ago?

stop pussy-footing around (1)

RiotingPacifist (1228016) | more than 5 years ago | (#29548637)

Goggle should stop pussy-footing around and add a warning box to thier mainpage that tells a user how many publicly announced unpatched exploits there are for the users browser & os. or "Microsoft press statement" => did you mean lies?

what did they expect? (1)

po134 (1324751) | more than 5 years ago | (#29548753)

Did they expect something like "Thank you google for fixing some of the problems we had on a browser we don't want to code for anymore" ?
Cause it's true they face new security problems that won't be fixed by microsoft with monthly critical updates as it is a plugin and not the basic application.

If they want HTML5/Google Apps, they can install (1)

Ilgaz (86384) | more than 5 years ago | (#29549433)

I share everyones passionate hate against IE especially since I have to run a Virtual emulator to run that IE (for testing sites) but entering a browser that way, relying on a meta flag which can be implemented by anyone and trusting users to differentiate between a browser engine and UI sounds too much to me.

I believe users need exact same rights to install a browser rather than a ActiveX control so they better advertise their browser instead of plugging into others. They should also check the market for why exactly their browser isn't that much used, why some users have very serious privacy concerns about them lately and why a certain team at Google insists on driving people and companies nuts by insisting on that absurd "updater" policy.

What if MS plugged into Google browser and enabled IE engine whenever a site looks for IE? This has no end. People can't differentiate between an engine and a UI, even on slashdot you see comments like "but Safari is closed source", think about ordinary users and who will they contact when Google engine fails browser?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?