Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Chrome Google Security

German Government Endorses Chrome As Most Secure Browser 174

New submitter beta2 writes "Several articles are noting that the German IT security agency BSI is endorsing Google Chrome browser: 'BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation. ... BSI also recommended Adobe Reader X — the version of the popular PDF reader that, like Chrome, relies on a sandbox to protect users from exploits — and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes. To update applications, BSI gave a nod to Secunia's Personal Software Inspector, a free utility that scan a computer for outdated software and point users to appropriate downloads.'"
This discussion has been archived. No new comments can be posted.

German Government Endorses Chrome As Most Secure Browser

Comments Filter:
  • by warrax_666 ( 144623 ) on Saturday February 04, 2012 @04:02PM (#38929129)

    Yes, beacuse silent updates let you know which security problems you may have been exposed to.

  • by kermidge ( 2221646 ) on Saturday February 04, 2012 @04:19PM (#38929247) Journal

    I take a look at Chrome every few versions or so, but I do not use it, for various 'comfort' reasons; I haven't decided whether it's useful for me to install Chromium since I seem to get by just fine with Opera and Firefox.

    Unless it's absolutely needful to run anything from Adobe, I prefer to use open-source alternatives, because they suit my admittedly pedestrian needs.

    On Windows systems, I've used Secunia to good effect since their on-line scanner became available; later I used PSI on Vista and Windows 7. I found the later versions in particular to be very useful and easy to use. While I now run Linux, save for a few Windows virtual machines, I continue to highly recommend PSI to any general user running Windows.

  • Adobe worship much? (Score:5, Interesting)

    by icebike ( 68054 ) * on Saturday February 04, 2012 @04:19PM (#38929249)

    It would seem to me that "Chrome's habit of bundling Adobe Flash" would be a detriment. But that's just me.

    They went on to recommend Adobe Reader X. I agree that pdf readers in a sandbox make a lot of sense, its just that I have no particular reason to trust Adobe, since it was their doing that made PDFs unsafe [adobe.com] in the first place. With Chrome's built in PDF render engine, I find I seldom have to use the adobe plugin at all any more. (And when I do, I'm always suspicious).

    If Google wanted to do us all a favor they would to with Flash content what they did with PDF documents, and add their own in-browser render engine.

    That being said, I do like the sandboxing that Chrome supplies, and Google Chrome is my browser of choice.

    Some people don't like keying search terms in the URL bar, and other minor objections that, when investigated, all amount to "its not firefox". I've seen some reports of incredibly slow page fetches, which are usually traceable to external things (chrome likes to use multiple concurrent connections, and swamps some anti-virus packages that operate as a proxy server).

    For me, the speed can't be beat on any of the platforms I use (linux and windows - various flavors of each). I prefer Google's builds to those in the Chromium Open Source project but both work very well.

    • by ewanm89 ( 1052822 ) on Saturday February 04, 2012 @04:36PM (#38929385) Homepage
      Yes, I would point out it uses the same chromium sandbox. But yes, adobe have only just started to secure it.
    • it's called HTML5, and it will eventually kill flash

      'It would seem to me that "Chrome's habit of bundling Adobe Flash" would be a detriment. But that's just me.'

      and you are wrong. people want to see flash. and if a browser did not offer them flash, they simply wouldn't use the browser

      so give google credit for meeting users half way: "look, you want flash, and you don't care about your security, so we are going to give you what you want in the most secure way possible, in spite of yourself"

      don't hold against google their attempts to maximize security within the parameters of user expectations. of course, there will always be people who will judge google, and others, against absolute ideal security standards. and such people will only be called insightful on slashdot. the rest of us understand the needs of satisfying real world users

    • by gparent ( 1242548 ) on Saturday February 04, 2012 @05:04PM (#38929567)

      Bundling of Flash is a plus because basically everyone ends up installing it, and by having it in the browser, then theoretically it's kept up to date better for non-technical users. I don't know if there's a way to disable it for the very paranoid though, I'd hope so.

      • by icebike ( 68054 ) * on Saturday February 04, 2012 @05:23PM (#38929707)

        Yes, you can disable Flash in Chrome, either by keying in the address bar "about:plugins" with no quotes,
        or by using the menus and navigating to /Options / under the hood / Content settings button / Disable link.

        On Android, you have the option of running Flash only on demand, (my preferred way), but on Google Chrome you really don't have that option in the same easy way.

        I leave flash on most of the time on those platforms that have the horsepower to handle them. I don't like it, its an annoyance, but its not worth the fight to get rid of it everywhere when I still need it in some few places.

        • by George Rypysc 3 ( 917245 ) on Sunday February 05, 2012 @12:37AM (#38932147) Homepage

          I'm not familiar with the Android Flash only on demand feature but Chrome can be configured to run Flash only when you click on it:
          1. Type in URL: chrome://flags and enable the
          "Click to play" option (Enables a "click to play" option in the plug-in content settings.)
          2. Restart Chrome.
          3. Type in URL: chrome://settings/content and under "Plug-ins" choose "Click to play" instead of the default "Run automatically".
          From now on, Flash will only run if you click on it.

    • by AverageWindowsUser ( 2537474 ) on Saturday February 04, 2012 @08:15PM (#38930717)

      Perhaps Google Chrome is the only browser than can take care of Flash Cookies and (the many) Flash Vulnerabilities in a secure manner. Good thing flash is free. I'd never pay to install a security hole in my computer.

    • by makomk ( 752139 ) on Sunday February 05, 2012 @06:24AM (#38933563) Journal

      Chrome's built in PDF reader is a proprietary bundled plugin, and I think it's largely developed by Adobe too. Certainly it's not available to users of the open source Chromium; neither is the bundled Flash plugin. (Of course, downloading the Flash plugin installer from the Adobe website will try and install Google's proprietary version Chrome if you're a Windows user and not very careful about which download you choose. Apparently it even does it silently and without prompting unless you manage to find and download the none-Chrome installer.)

    • by evilviper ( 135110 ) on Sunday February 05, 2012 @10:55PM (#38938631) Journal

      Chrome feels fast because the ui stays responsive while the browser is busy. But on rendering any huge and complex pages, Firefox wipes the floor with chrome, not to mention Chrome using obscene amounts of RAM, which makes it an unusable nightmare on machines just a few years older.

  • saw this coming (Score:1, Interesting)

    by slashmydots ( 2189826 ) on Saturday February 04, 2012 @04:23PM (#38929291)
    Well, IE is IE but the reason I'm really not surprised is all my repair customers who have Firefox give me an extra headache. You can uninstall Firefox completely then reinstall it from scratch with nothing preserved and you'll still have the MyWebSearch toolbar and basically any other malware that was on it before. You have to actually delete the plugins folder out in Program Files to actually clear it. The add/remove plugins menu is confusing and non-exhaustive compared to IE8 and 9. It's really, really annoying and bad from a security standpoint. Plus, you have to go into the options menu to permanently disable password-remembering which is just about the least secure thing you can do in a browser. They sure have gone downhill lately. I wouldn't be surprised if Mozilla hires the old Netflix CEO because they've been about that smart lately. So I guess chrome wins.
  • Maybe... (Score:2, Offtopic)

    by AlienIntelligence ( 1184493 ) on Saturday February 04, 2012 @04:45PM (#38929443)

    But this newest update they sent... is blowing my CPU util of the charts...

    I can open just Gmail, come back 8hrs later (ie, going to sleep), come
    back and my laptop fan is roaring like a jet taking off, utilization is well
    above 50%, with kernel involved and both cores.

    I don't know if it's new Chrome update interacting with SWF or something
    that they (Google) did to their pages. When I run Chrome taskman, it
    shows the tabs that have Google apps on them, just smoking the CPU.

    This isn't flamebait or trolling... it's a fact. I've made two bug reports,
    but it seems that there isn't a "me too" anywhere.

    Hoping maybe one of the geek peers here might have a similar issue?


  • by ChadL ( 880878 ) * on Saturday February 04, 2012 @04:49PM (#38929459) Homepage
    I use Firefox because it has NoScript and SSLEverywhere, that Chrome doesn't (or doesn't that have equivilent funcionality); thus making Firefox more secure for my usage paterns.
    • by Anonymous Coward on Saturday February 04, 2012 @08:01PM (#38930619)

      Sorta, except that when a security vulnerability is identified and exploited in Firefox that browser doesn't do anything to mitigate the extent of possible damage. Aside plugins themselves there have been vulnerabilities in common image libraries in the past which have been exploitable through a web browser. In Chrome (and IE) such would land arbitrary code within a sandbox, but in Firefox that code runs as the same context as your user and can trash your profile (or set up a zombie, which generally doesn't require any elevated privileges these days).

  • by Billly Gates ( 198444 ) on Saturday February 04, 2012 @05:00PM (#38929539) Journal

    Adobe in the same sentence as secure?

    I do not know what world they are living in but post 2008 since the death of IE 6 the number one infection of the web is not javascript or browser exploits but infected flash, java, and adobe files. They infect all platforms regardless of browser and is a nice run around since browsers generally have huge resources put in security development. I am shocked most geeks still allow flash and java enabled in work computer browsers outside the intranet and allow adobe acrobat to be installed.

    At home I use Foxit with javascript disabled by default as my pdf viewer and use lists in IE 9 to block most flash and ads. In Chrome I use adblock.

    Also Chrome is that secure because of one glaring feature that is a security risk. Chrome will click for you on every hyperlink and just not render it in front of you in order to *appear* faster when you do click on it. It is called network predictions. So the old tale, do not click on everthing! ... does not apply in Chrome and that scares me. I make sure I disable it under advanced options.

    So far I only trust IE 9 for security as Firefox offers no sandbox at all, but even IE 7 had a sandbox and was not secure although better than IE 6.

  • by tbird81 ( 946205 ) on Saturday February 04, 2012 @05:31PM (#38929755)

    Do they have people who know absolutely nothing about computers writing these recommendations?

    Go to AskWoody.com first and decide whether that update is going to break your computer! There's nothing good about automatic updating - it just breaks things and adds bloat!

  • by idbeholda ( 2405958 ) on Saturday February 04, 2012 @09:07PM (#38931055) Journal
    Fanboys argue amongst each other about which browser is the best. This quickly snowballs into a heated debate about which OS is more secure, and which browser is most secure on what operating system. In the end, after the thread is left in a smoldering heap of baseless accusations, groundless conjecture and a little bit of superstition, we all end up looking like basement dwellers to the casual observer.

    If you must know, my browser is made from alien technology and does some of them there fancy things.
  • by assertation ( 1255714 ) on Sunday February 05, 2012 @06:17AM (#38933527)

    Assuming Google doesn't have a "sendCopyOfUsersDataToGoogle()" function buried in the Chrome code base.....which is a very real possibility, Chrome *might* be the most secure browser in that if anyone rapes the user, it will be Google themselves.

    If Chrome is that well built, it might be worthwhile to use one of the open source recompilations that check for and remove spy code.

    Still, you have to trust that the developers are good enough to spot it.

    • Additionally, they may not rape you now but can easily add the rape function via silent update.

      Oh, right, I can disable updates... and that's more secure? Sorry, no it's not.

      I only trust browsers that I compile myself -- Before you ask: Yes, I do read through every line of code & diff-logs of updates looking for evilness therein. I'm actually two of those "many eyes" out there that help improve security and fix bugs... I can't compile Chrome, I don't use it. IMHO, I can't trust Chrome -- It has something to hide, or else I would be able to. Maybe that "something" it's hiding isn't malicious. Can you prove it's not? No, you can't. Since alternative open source software with equivalent features exists It would be quite foolish to NOT use them instead... I need to trust the browser when I enter my credit card numbers online, not saying that Chrome isn't trust worthy, just that the alternatives are moreso.

      So, Chromium & Firefox, yes... but never will I use Chrome.

[Crash programs] fail because they are based on the theory that, with nine women pregnant, you can get a baby a month. -- Wernher von Braun