Forgot your password?
typodupeerror
Internet Explorer Google Microsoft Technology

Google Barks Back At Microsoft Over Chrome Frame Security 150

Posted by Soulskill
from the oh-no-you-di'int dept.
CWmike writes "Google hit back at Microsoft on Friday, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer safer and more secure. 'Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users,' said a Google spokesman today. 'It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months.' On Thursday, Microsoft warned users that they would double their security problems by using Chrome Frame, the plug-in that provides better JavaScript performance and adds support for HTML 5 to Microsoft's browser."
This discussion has been archived. No new comments can be posted.

Google Barks Back At Microsoft Over Chrome Frame Security

Comments Filter:
  • So, which side (Score:3, Interesting)

    by sopssa (1498795) * <sopssa@email.com> on Saturday September 26, 2009 @07:12AM (#29547715) Journal

    The company is also investigating bugs filed with the Chrome team by Microsoft developers, who reported that Chrome Frame broke IE8's privacy mode.

    Why am I not surprised this feature wasn't tested at Google? ;)

    But on an interesting note, this seems to be a direct attack against Microsoft by Google. Granted not that many users will probably install it (especially 'normal' users who just dont care), with this and Chrome OS it's clear that Google is going after MS.

    Also, this is another avenue for Google to datamine everything about the internet. People dont usually think about it, but Google's analytics traffic code is all over the internet and probably 90% of the sites you visit is known to google. Another interesting thing is that Slashdot used to hide the tracking code under its own domain, so just blocking the analytics domain didn't work.

    While I dont like some of the business practices by neither one, its hard to pick sides here. Atleast MS sells the products directly, while Google monetarizes them by ads. And by that very nature you lose lots of privacy.

    Earlier there was also discussion that Chrome Frame is mostly provided for corporate users who are required to use IE and cant install other browsers. But how can they install this plugin then? It's normal exe and probably requires even more admin rights to get inside IE than just installing Chrome on your userbase. And other than that I dont see a point in wrapping another browser plugin to work inside browser. If people are knowledge about this plugin, they're knowledge about the actual Chrome browser too. And IE user experience and GUI sucks.

    • Re: (Score:3, Interesting)

      by dread (3500)

      Ummm. Not many users? Do you completely fail to comprehend how HARD Google could push this on IE6/7 users if they wanted to? And with their allies and partners I think they would have a very good chance of doing an 80-20 conversion on that user base. That's what's up for grabs, not the measly IE8 percentage points. IE6 and IE7 users accessing Youtube, google.com, gmail, google docs et al being gently pushed to install the plugin. Good thing too in my opinion. The sooner we can get that crap out the door and

      • by sopssa (1498795) *

        Yep, they could push it really hard to users, but what would be the point of that? They're already pushing Chrome on YouTube and other sites and its a better deal for them. Just visit YouTube with IE and you see the advertisement on bottom to test out Chrome browser.

        • Compare that to how hard they push Chrome Frame, and other browsers (Chrome, Firefox, Opera, etc), on anyone wanting to test out Wave. How long until YouTube simply doesn't support IE6?

          • Re: (Score:2, Insightful)

            by Eirenarch (1099517)
            Today it is IE and how long before they decide to push Chrome Frame to Firefox, Opera and Safari users?
            • Re:So, which side (Score:4, Insightful)

              by Bert64 (520050) <(bert) (at) (slashdot.firenzee.com)> on Saturday September 26, 2009 @11:34AM (#29548927) Homepage

              I don't think they will...
              Firefox. Opera and Safari are being actively developed and are all roughly in the same league with chrome when it comes to standards support and performance.. It is just IE that lags so far behind, and breaks support for things so badly that it puts a considerable burden on companies like google having to support it.

              Aside from the fact that Safari even uses the same rendering engine as chrome.

              Google don't really care what browser you use, they were pushing people to use firefox before chrome came out, they just don't want people using a browser as outdated and broken as ie because it makes their job so much harder and limits some of the things they'd want to do.

          • How long until YouTube simply doesn't support IE6?

            Soon. [techcrunch.com]

        • I wish it weren't so, really. It's an abomination and we knew it when the thing was released, but there it is. Friends don't let friends use IE6. It's common and more reasonably secure browsers aren't supported on sites that require IE6. Enterprises need IE6 for intranet sites and they can't afford to or aren't able to rewrite sites to adhere to standards [w3.org].

          They could choose to fix this problem by requiring their development teams to adhere to standards, but that's not the direction they're going -- inste

      • Re:So, which side (Score:4, Informative)

        by AmberBlackCat (829689) on Saturday September 26, 2009 @08:05AM (#29547889)
        Everybody I know ends up with the Google toolbar, and most of them don't know how they got it. It's installed the same way as viruses; they just get some software installed, choose typical or default installation, and keep clicking yes till they get to the end. So surely Google could bundle the installer for this thing with the toolbar and everybody will have it. They just won't know what it is, why they have it, or how to get rid of it.
        • Re: (Score:3, Funny)

          by Arancaytar (966377)

          And then we could finally stop supporting IE in our web design and move on with the standards.

          Hell yes.

        • It's installed the same way as viruses

          I honestly don't remember any virus being installed this way:

          choose typical or default installation, and keep clicking yes till they get to the end.

          I mean, I've seen Google Toolbar, OpenOffice, and other bits of software installed this way, but never did I see a checkbox in some installer for "Install virus?"

          So surely Google could bundle the installer for this thing with the toolbar and everybody will have it. They just won't know what it is, why they have it, or how to get rid of it.

          I can see why they might want to get rid of the toolbar. I have no idea why they'd want to get rid of this. It wouldn't hurt them in any way, it'd arguably make them more secure, and it'd make my life much easier as a web developer.

          • Re: (Score:3, Informative)

            by hairyfeet (841228)

            First of all, I think the word the guy is looking for is spyware/malware. Anybody who has had to remove coolwebsearch knows that nobody goes "yes, i would like a buggy, crashy, POS software that follows everything I do and reports it back. Oh yeah, can I have lots of popups and ads too?" so that is what he was going for I think. Most folks I have dealt with have no clue how they got "Googled" or Yahooed or Asked either. Hell even Java now will hit you with a toolbar when you apply an update if you're not ca

            • Anybody who has had to remove coolwebsearch...

              And how does that get installed? Is there actually a checkbox somewhere for "install Cool Web Search"?

              I honestly don't get how this is supposed to make anyone more secure.

              You can argue that it doesn't, but to "not get it" is a bit stupid.

              First you have IE, and any and all vulnerabilities for it, and then you add Chrome on top,

              In other words, it makes things "less secure" in exactly the same way that Flash, Silverlight, Java, Windows Media Player, and any other plugin does.

              Basically, Microsoft's whole argument is a very good argument not to install Silverlight. I don't think that's an argument they want to make.

              unless there is some hidden voodoo going on

              It's not exactly hidden that Chrome supports sandboxi

              • Re: (Score:3, Informative)

                by hairyfeet (841228)

                Actually they put a little tiny thing on about page 8 or so of the EULA with language like "In order to give you this awesome shareware title for absolutely free, you agree to install our partners software so they can give you fabulous offers. This software may transmit information in order to better serve you with offers that pertain to your surfing habits" etc. Believe me, as a PC repairman going on 15 years I have run into the "toolbar tango" more times than I can count and it always feels sleazy. Why Go

                • We all now IE6 equals total swiss cheese that can turn a box into a virus laden whore faster than you can say coolwebsearch, so how exactly is having Chrome Frame for the very limited number of websites that will call it actually helpful?

                  That's actually a valid point, and one I thought about pretty much right after I hit submit...

                  The conclusion I came to was, again, it's not likely that this would be a target for malware authors when IE6 is already such an easier target it's not even funny. As to how it improves things, any content within a site that uses this should be somewhat safer.

                  Take a contrived example: Suppose I make a photo gallery app. I allow my users to upload photos, among other things. Or maybe it's a forum avatar, whatever. S

        • by amn108 (1231606)

          As much as I would agree with you on the typical Google toolbar installation patterns, it is not Googles fault users have no patience to read anything that they are supposed to when dialog boxes are shown to them. I have personally witnessed how users install software, and they have no clue what they are doing, so saying that "most of them don't know how they got it" is saying nothing at all. We have not had good computer learning in schools, and this is the harvest. I am not saying reading EULAs is a good

        • It's installed the same way as viruses;

          The last virus I got piggy-backed a firefox XPI. But that was Firefox 1.5

          Viruses are sneaky. What you're thinking of is called crapware. If you want a fine example of bundled crapware, check out the CCleaner installer, or perhaps the MediaCoder one.

          You can uninstall Google Toolbar fully from the control panel. I don't mind it, because it seems to remove that infobar-refreshpage-runaround to download files.

    • Re: (Score:3, Interesting)

      by MrCrassic (994046)

      Well, from the article, I'm getting the gist that they are only fueling the fire further. IT departments should be doing what they can to GET OFF IE6 instead of using software like this to breathe new life into it!

      Upgrading to IE7 and IE8, as specified in the article, makes this add-on irrelevant. On a side note, I'm also concerned about the heavy-handedness Google has nowadays. I understand that their products constitute a LARGE portion of internet traffic, but it's kind of scary to think that their analyt

      • Alright, so look at this addon as a tool to encourage MS and it's customers to abandon IE6. One by one, installations of IE6 are "infected" with the Google addon, MS doesn't like it very much, so they make a HUGE push to get rid of IE6.

        As for IE7 & 8 - MS can always "update" them to refuse the plugin. Such a move is certainly not unheard of - hence my sig.

        No one in the world with half a mind really wants IE6 anyway. Google is just helping those with less than half a mind to move forward! Win - win!

    • Re:So, which side (Score:5, Insightful)

      by mystik (38627) on Saturday September 26, 2009 @07:29AM (#29547759) Homepage Journal

      I'm from a small org, fully embracing the leading edge.

      But I can See the following scenario:

      1) Org has large internal App written for IE6 only. Can't upgrade so users are forced to have IE6 on their workstations
      2) Org's IT admins are well aware of the security problems IE6 forces them to work around.
      3) Roll out the Chrome plugin, and set things up so everything *but* the internal site uses Chrome.

      Installing IE upgrades makes it difficult to leave an ie6 & ie_latest deployment side-by-side in a 'supported' fashion (Unless ms has a 'supported' way of doing this?)

      Using the Chrome plugin lets the Org upgrade the browser to something maintained & more secure on their deployment, while allowing the archaic app to work as expected.

      • Re: (Score:3, Insightful)

        by Marcika (1003625)

        I'm from a small org, fully embracing the leading edge.

        But I can See the following scenario:

        1) Org has large internal App written for IE6 only. Can't upgrade so users are forced to have IE6 on their workstations 2) Org's IT admins are well aware of the security problems IE6 forces them to work around. 3) Roll out the Chrome plugin, and set things up so everything *but* the internal site uses Chrome.

        Installing IE upgrades makes it difficult to leave an ie6 & ie_latest deployment side-by-side in a 'supported' fashion (Unless ms has a 'supported' way of doing this?)

        Using the Chrome plugin lets the Org upgrade the browser to something maintained & more secure on their deployment, while allowing the archaic app to work as expected.

        That's what Firefox with the IE Tab add-in is for. If you have control of your IT infrastructure, why settle for the intrusive kludge of Chrome Frame?

        • by dissy (172727)

          That's what Firefox with the IE Tab add-in is for. If you have control of your IT infrastructure, why settle for the intrusive kludge of Chrome Frame?

          Because it is very difficult to maintain a firefox deployment on a windows network.

          Active directory and Group policy are tied in deep with IE. Firefox, not so much.

          There are third parties that make the required MSI installers, at least for the browser.
          Settings can not be pushed out through group policy, they have to be configured in advance and placed in the MSI installer.

          This basically means you use the same method to push out the software, as you use to push configuration changes.

          It does get the job done

      • Any organization smart enough to do that should be smart enough to replace IE6 with Firefox, and configure it to use IE Tab [mozilla.org] for the internal site.

    • by Jurily (900488)

      But how can they install this plugin then? It's normal exe and probably requires even more admin rights to get inside IE than just installing Chrome on your userbase. And other than that I dont see a point in wrapping another browser plugin to work inside browser. If people are knowledge about this plugin, they're knowledge about the actual Chrome browser too.

      When company policy or existing contracts force the sysadmins into IE, they might still have the option to install plugins.

      And IE user experience and GUI sucks.

      Irrelevant when you are verboten to use anything else.

      • "Irrelevant when you are verboten to use anything else."

        I would argue with that. User satisfaction is never irrelevant. I'm doing a job - ANY JOB - and I have dozens of employees. 25% to 50% of my employees tell me that they know a better, faster, easier, more efficient way to do the job, but I insist on doing the job MY WAY, because I'm the boss. I will lose good employees who are dissatisfied, over time. I will attract poorer employees over time - employees who aren't bright enough to see these obvio

    • More Errors (Score:5, Interesting)

      by WED Fan (911325) <akahigeNO@SPAMtrashmail.net> on Saturday September 26, 2009 @09:36AM (#29548305) Homepage Journal

      I tested this plug-in:

      • On /. without plug-in, using IE8, I get no errors.
      • On /. with FF, I get no errors.
      • On /. with plug-in, using IE8, I get DEP errors.
      • On other sites, with plug-in, using privacy mode, I get multiple IE crashes.
      • On the same sites, disable the plug-in, in privacy mode, no errors.

      I don't know about making it less secure, but it sure causes a bunch of "recovered" tabs and multiple errors.

      Not Ready for Prime Time!

      • Not Ready for Prime Time!

        Well, duh. It's a Google product: It will be out of beta in a few years...

    • by SmallFurryCreature (593017) on Saturday September 26, 2009 @10:40AM (#29548631) Journal

      Google is at war and its goal is the liberate the browsers and allow them to be everything they can be.

      Evil Microsoft has poor IE as a hostage and is doing terrible things with it. It could be so much but forced into ghetto conditions it is backwards and idiotic.

      Direct war with the evil Microsoft is hard but Google is dropping supplies behind enemy lines to help as much as possible. Luxuries other browsers can take for granted are dropped in the form of javascript libraries so that IE can still at least somewhat come along no matter how slow.

      Now with this new weapon of peace the evil Microsoft can be twarthed like never before, every IE that dares can now be free and standup like a real browser with all the features those in the free world have come to taken for granted.

      There is not going to be one single succesful strategy to liberate the browser, but liberated it will be. Google needs freedom more then any true american company needs air to breath. The communist Microsoft (All for one OS and one OS for all) shall be vanquished. It will not happen overnight, but it will happen.

      For the humor impaired: Google needs fast capable browsers because that is where it does its business. If MS can't produce a capable browser then it got 3 options: advertise other browser (firefox), produce its own to push the cutting edge (Chrome forced firefox to become quicker) and to augment the least capable browsers to support current standards. It will have to push hard from different directions to achieve this but success has already been made. MS has had to work very hard with IE and you can see from their response about this plugin in that they are very scared indeed about the browser becoming more capable.

      This battle is NOT about getting people to install Chrome or Firefox, it is about having them surf the web with a capable browser so Google can push new features and not have to constintly cripple their application for an obsolete piece of software.

      • I'm back here reporting behind 'enemy lines' and I see the 'repressed' citizenry are enjoying IE8, Safari, Opera, Firefox, and Chrome.. elsewhere IE6 is being enjoyed by people who don't care to know what a browser is. Are there any fronts to this war or is it all made up? *enjoys the local food and moves on*

      • Google is at war and its goal is the liberate the browsers and allow them to be everything they can be.

        Evil Microsoft has poor IE as a hostage and is doing terrible things with it. It could be so much but forced into ghetto conditions it is backwards and idiotic.

        Direct war with the evil Microsoft is hard but Google is dropping supplies behind enemy lines to help as much as possible. Luxuries other browsers can take for granted are dropped in the form of javascript libraries so that IE can still at least somewhat come along no matter how slow.

        Now with this new weapon of peace the evil Microsoft can be twarthed like never before, every IE that dares can now be free and standup like a real browser with all the features those in the free world have come to taken for granted.

        There is not going to be one single succesful strategy to liberate the browser, but liberated it will be. Google needs freedom more then any true american company needs air to breath. The communist Microsoft (All for one OS and one OS for all) shall be vanquished. It will not happen overnight, but it will happen.

        You, my friend, are truly talented, and could have a career in marketing.

        Seriously, I bow before your creativity.

    • by jhfry (829244)

      Earlier there was also discussion that Chrome Frame is mostly provided for corporate users who are required to use IE and cant install other browsers. But how can they install this plugin then? It's normal exe and probably requires even more admin rights to get inside IE than just installing Chrome on your userbase.

      I imagine that Google consider this the holy grail. If they can sell a google product to major corporations, have it run smooth and fast like it does in Chrome, and still allow that company to have their managed IE installs... it's an easy sell.

      Essentially what they have done is told corporate IT folks that they only need to get management to approve a "plug-in" rather than a replacement web browser. I work for the government and I suspect with a decent business case I could get this to pass, but I know t

  • "It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months."

    Irrelevant. The point is that it's another exploitable object, thereby expanding the exposed surface of attack. That's Microsoft's entire point. There's just no reason to get this installed in corporate networks where IE6 is being used (breaks most intranet sites), anyplace where IE7 is being u
    • by drinkypoo (153816)

      Irrelevant. The point is that it's another exploitable object, thereby expanding the exposed surface of attack. That's Microsoft's entire point.

      Google avoids addressing this point because is a stupid one. An aircraft carrier is more secure than a leaky rowboat in spite of having a greater "surface of attack". It turns out that thick sheets of steel are more resistant to penetration than pieces of wood the same thickness or less. Who knew? IE is kleenex, you could cough a hole in that.

      • To run with your Aircraft Carrier vs Leaky row boat analogy...

        This is more akin to putting a nuclear powered steam turbine engine from an air craft carrier into your leaky row boat.

        Sure, it'll make your leaky row boat fast as hell and able to pull huge objects, but your leaky row boat is still leaky, over weight, and now requires a constrant stream of fuel.

        The GP's point is in part accurate. CF does indeed increase the exposed surface of IE. If you are willing to live with that risk, do it, if not, don't.

        I

        • Re: (Score:3, Insightful)

          by drinkypoo (153816)

          But comparing their plug-in with an 8 year old browser is disengenuous.

          It would only be disingenuous if their plug-in didn't plug into that 8-year-old browser, which is still one of the dominant browsers today.

        • "but your leaky row boat is still leaky, over weight, and now requires a constrant stream of fuel."

          "Aye, Captain, I'll pull into the next Exxon station for more nuclear rods!"

          Alright, asshat comment completed, I agree with "force users to upgrade to IE8, or to switch to FF or Chrome." I'm quite tired of hearing about some lame ass in-house trash that only works in IE6. NO ONE WANTS IT, so dump it!

        • That makes no sense what-so-ever. You have taken the argument about security and turned it to a stability test.
      • Your posting is rejected because you included an aircraft carrier analogies. To be standard compliant for slashdot users, please reframe it as a car analogy.
        • Re: (Score:1, Funny)

          by Anonymous Coward

          Fear not!

          Google has released a plug-in that automatically converts non-compliant analogies on Slashdot into either car or house-front-door-unlocked analogies

          I believe it can optionally do automated library of congress conversions as well as append random critique regarding the nature of Slashdot's CSS.

      • It's like you are talking a different language, can you use a car analogy please?
    • by jlp2097 (223651) on Saturday September 26, 2009 @07:48AM (#29547831) Homepage Journal

      There's just no reason to get this installed in corporate networks where IE6 is being used (breaks most intranet sites)

      BS! Chrome Frame is entirely opt-in i.e. the website has to include a meta-tag indicating that the site should be displayed in Chrome Frame instead of IE Trident. This is the point of Chrome Frame: allow all these corporations (mostly) to keep their IE6 and maybe IE7 while still having the possibilty to access all these new & shiny ajaxy webapps (like Wave).

      • ... the website has to include a meta-tag indicating that the site should be displayed in Chrome Frame instead of IE ...

        The very last thing I want as a system administrator are hundreds of thousands of sites (if not millions, or more) requiring the user to have Google Chrome, or the Chrome Frame plugin, before the site can be used. Web sites should be designed using web standards, and not require specific browsers for use. Talk about pot calling kettle black! Plugins should be handlers for the primary browsers functions, not over reaching take over my browser leaches.

        • Re:Oh please no... (Score:4, Insightful)

          by TheRaven64 (641858) on Saturday September 26, 2009 @01:44PM (#29549607) Journal

          Web sites should be designed using web standards, and not require specific browsers for use.

          That's rather the point. IE6 is not standards-compliant, while the Chrome frame is. If you deploy a standards-compliant web site, it won't work in IE6, but it will work in IE6 with the Chrome Frame Plugin. It provides a way of 'supporting' IE6 without actually having to write a broken web site. Just set the meta tag so that when an IE 6 user comes along they use the plugin and let everyone else use their browser.

          There was a similar thing done a few years ago (2002?), where someone made an ActiveX control containing the Gecko engine. It wasn't used much back then because downloading 3MB of plugin for a site was too much effort for most people. Google, however, has a lot more ability to push things like this to end users.

    • OK, so your logic is different than installing Chrome on the same machine, because with this plugin, a site can select whether to use it? I was going to rebut your point, but I think I get it now. What if the user could tell this Google plugin to entirely disable IE's native HTML rendering/JavaScript/etc.? I guess that would be somewhat pointless, since you might as well just use Chrome to begin with...
      • Yes, that's the point. A malicious site being visited by someone with IE6 + the Chrome frame can choose to exploit any security hole in IE6, the Chrome frame, or any other plugins that may be installed. This is worse than having just IE (because holes in Chrome can not be exploited while running IE) or just Chrome (because holes in IE can not be exploited while running Chrome).

        Microsoft's argument is a good one, but the logical response to it is to run Chrome, rather than IE and the Chrome plugin. Oh, a

    • by Gothmolly (148874)

      "...The point is that it's another exploitable object..."

      You've just described the entire Windows operating environment, where everyone runs as Administrator. I don't think MS can make this argument with a straight face.

      • Re: (Score:3, Insightful)

        by sopssa (1498795) *

        Welcome to 98. Not everyone runs Windows as admin, especially if its a shared computer (like in family). For that matter, its just aswell possible to run Linux as root to do your everyday things. This has been said countless of times already, but it's not the OS's fault; it's the users fault and how they're using their system. Linux is just as vulnerable to a stupid user than Windows is.

        • Alright, I'll admit. Outside of the corporate world, at least 3 or 4 percent of users run as a restricted user.

          Among the other 95% + we find gamers whose games won't run unless they are Admin, we find people who routinely install apps from the web and can't be bothered to "Run as" Administrator, we find OEM machines with a single default user who has Admin rights - I could go on.

          No, you don't get away with pointing to Vista and Win7 - they have NOT been widely adopted by the public. Most of the computing

        • Everyone who uses UPS Worldship runs as an admin. I know, we've had to put up with that -- and I wish I could say it was one of the factors in our switching to FedEx.

          Our laptop users must run as admins so they can install whatever print drivers are required when they're on the road at different customer sites. Unless we're missing something really big, there is no "allow user to install printer drivers" security option in XP.

          And as far as Linux being as vulnerable to a stupid user, wow you need some more
    • by daniel142005 (906427) on Saturday September 26, 2009 @08:06AM (#29547891)

      Do you have any idea why they released Chrome Frame in the first place? Its because Google got tired of Microsoft not meeting web standards. Google will be releasing Wave soon and the majority of the population would not be able to use it because IE does not support HTML5. Chrome Frame is just as secure as IE if not more, not to mention, if a bug or exploit is found with Chrome or Chrome Frame, it takes Google hours to days to push out a fix.

      "There's just no reason to get this installed in corporate networks where IE6 is being used"

      Do you have any clue what Chrome Frame even does? It does not force EVERY website to use itself. Only websites that request it or websites that you told to use it. And believe it or not, there are a lot of newer applications in the business environment that do not work with IE6 or even IE7/8.

      "anyplace where IE8 is being used (surface of attack expanded in exchange for little benefit)"

      I guess you are unaware of exactly how much IE8 does not include compared to Firefox/Safari/Chrome, and your obviously not a web developer. Most of the time websites have to have code dedicated for IE otherwise the website will not work right. Google is sick of Microsoft not following standards and them as well as everyone else having to waste their time to make patches so it will work in IE.

    • by jesser (77961)

      Yes, Chrome Frame increases your attack surface, because by default, it lets each site choose whether to use IE's engine or Chrome's engine. But I see Chrome Frame as a temporary measure to allow intranet sites to be updated one at a time. From that perspective, it's safer in the long run than remaining stuck with IE6.

      Furthermore, if you configure Chrome Frame to force one engine or the other for all non-intranet sites, it's about as secure as whichever engine you pick. More to the point, it's then safer

    • Re: (Score:3, Insightful)

      The point is that it's another exploitable object, thereby expanding the exposed surface of attack. That's Microsoft's entire point.

      It didn't stop Microsoft from writing Silverlight -- or ActiveX, for that matter. Seems they're only concerned about "expanding the exposed surface of attack" when it's something they don't like.

      There's just no reason to get this installed in corporate networks where IE6 is being used (breaks most intranet sites)

      It's opt-in, by the site. The default IE6 engine will still be used for those intranet sites, unless the intranet sites explicitly ask for Chrome Frame -- and if that ever happens, there's a strong possibility that these intranet sites are ready for other browsers.

      Downloading Chrome itself is fine, but this is nothing more than a veiled attempt at tricking users into using Chrome instead of legitimately gaining marketshare.

      And bundling IE with the OS wasn't? How about exposi

      • by jsebrech (525647)

        What chrome frame has also demonstrated beyond a doubt is that microsoft could have shipped a solution that preserved IE6 compatibility and upgraded web standards at the same time. They didn't because they didn't want to.

        Microsoft is going to keep delaying the web's advance as long as possible. They only way to get things done is to side-step them.

        • Re: (Score:3, Interesting)

          What chrome frame has also demonstrated beyond a doubt is that microsoft could have shipped a solution that preserved IE6 compatibility and upgraded web standards at the same time. They didn't because they didn't want to.

          I'm not entirely sure about that. Microsoft did try roughly this strategy -- there was a plan to make IE7 (I think?) default to IE6 rendering, unless you sent some header to tell IE to render in "standards-compliant mode".

          This is effectively the same thing -- it turns IE6 into a browser that's still IE6 until you do whatever you have to do to enable Chrome Frame, which is roughly like "standards-compliant mode".

          The difference is, this isn't meant to be any kind of solution. IETab in Firefox is a solution. A

    • by Bert64 (520050)

      Silverlight is another exploitable object too...
      People concerned about security should probably be using the full blown chrome, which is generally regarded as having a better security model than other browsers.

  • Despite being a user of Vista, Zune, and a former XBOX owner, I'm not overly fond of Microsoft's stance on software. Zune needs to be open sourced so developers and modders can start creating utilities for it that matter. Microsoft adopted a "we-will-handle-it-ourselves-and-drag-the-competition-under-our-wheels" approach to software and the way the internet should be "browsed." As such, everyone is commiting herecy and blasphemy when they try to make a better program for the same function that Microsoft'
  • Does anyone care? (Score:5, Insightful)

    by amiga3D (567632) on Saturday September 26, 2009 @07:31AM (#29547765)
    I'm thinking that IE users' primary concern is not security or they'd be using something else to begin with.
    • Re: (Score:3, Insightful)

      by AmberBlackCat (829689)

      I'm thinking that IE users' primary concern is not security or they'd be using something else to begin with.

      True, their primary concern is the browser working when they go to the website.

      • Re:Does anyone care? (Score:4, Informative)

        by Shikaku (1129753) on Saturday September 26, 2009 @08:21AM (#29547953)

        It doesn't activate on EVERY website. RTFA. It requires a meta tag. Google released this so that IE users can use Google Wave because IE doesn't support HTML5. It can also be used on other websites. I think it's a great move by Google, to smack Microsoft in the face to actually step up to standards.

        • Re: (Score:2, Insightful)

          by Anonymous Coward
          You realise HTML 5 isn't a standard right? It's a wish list, and the last time people started implementing standards early we got layers rather than divs and had to live with that pain for years. MS had the same problem with XML/XSL/XSLT where they implemented a draft standard which then changed, and then they were slagged for implementing early. But then all web designers care about is getting fancy video it seems rather than learning from the mistakes already made.
          • Re: (Score:3, Insightful)

            Right now we are stuck with Flash... so HTML5, standard or not, would be much preferable.

          • Re: (Score:3, Informative)

            by TheRaven64 (641858)
            You seem to have missed the fact that HTML5 is not following the same standards process as previous versions of HTML. It is being developed incrementally (parts of the spec are in flux, parts are fixed) and it requires two independent implementations to exist (like IETF standards) before any part is finalised.
      • by amiga3D (567632)
        Sad to see you marked troll. Actually that's exactly true. All they care about is if it works. Security is the very last thing on their mind. Once I move people to Firefox they generally are very happy with it but they are always scared to leave what they know. Once they've used firefox though they never want to use IE again.
  • by 140Mandak262Jamuna (970587) on Saturday September 26, 2009 @08:28AM (#29547983) Journal
    Microsoft announced that even though XP, Win97, Win2K, IE5 etc have been end of lifed, and will not be supported anymore, it has issued a special security update that will freeze IE5, IE6, IE7 and IE8 if Google Chrome Frame plug in is detected. After the update IE will first send a browser agent string pretending to be Google Chrome Frame, and if the website responds to it, it will crash IE and the OS with a BSOD with the message, "See? I Told ya, Google Chrome Frame is bad. It crashes everything".

    The new motto in Microsoft is "Windows 7 is not done, until Chrome Frame wont run".

  • by dword (735428) on Saturday September 26, 2009 @08:30AM (#29547985)

    I'm a Firefox / Chrome fan and I just installed the Google Chrome Frame to see how it behaves. I installed Windows XP SP2 less than 24 hours ago and since then I've only installed my drivers, Firefox and the Google Chrome Frame; I went to a couple of innocent websites with IE6 and they both crashed the browser.

    PS: Web developer here - Yes, IE6 sucks but it is not THAT unstable.

  • Strategic mistake (Score:4, Interesting)

    by blind biker (1066130) on Saturday September 26, 2009 @09:47AM (#29548347) Journal

    Microsoft has nothing to gain in this war of wards. They should have known it before they started it: now Google has more than just an excuse to publicize/raise the awareness of IEs security holes, educating the public on phishing, in the process. This will will definitely raise the interest of at least some IE users who would have not otherwise bothered themselves with Google's add-on.

    I can see how MS got suckered into this, though: they just can't stand someone walking into their turf. Their predator instinct is just too strong, and makes them do stupid things.

    Well played, Google.

  • I share everyones passionate hate against IE especially since I have to run a Virtual emulator to run that IE (for testing sites) but entering a browser that way, relying on a meta flag which can be implemented by anyone and trusting users to differentiate between a browser engine and UI sounds too much to me.

    I believe users need exact same rights to install a browser rather than a ActiveX control so they better advertise their browser instead of plugging into others. They should also check the market for w

    • You mean what if Microsoft released a plugin [silverlight.net] and required it to be installed for some of their sites to work properly? I don't know, I can't think what would happen in that case; probably people would just install the plugin and let it take over running the web app.
    • by jsebrech (525647)

      Users don't know what a browser engine is. They don't even know what a browser is. They know that if they click on the big blue e, they can google the internet, and that's pretty much all they know.

      The reason they're not switching to chrome is because even if they do manage to click and install it, they won't even realize that they have to click the chrome icon instead of the ie icon to browse the web. And even if they get as far as realizing that, they won't like chrome because it looks too different.

Facts are stubborn, but statistics are more pliable.

Working...