Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Chrome Google Security

German Government Endorses Chrome As Most Secure Browser 174

New submitter beta2 writes "Several articles are noting that the German IT security agency BSI is endorsing Google Chrome browser: 'BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation. ... BSI also recommended Adobe Reader X — the version of the popular PDF reader that, like Chrome, relies on a sandbox to protect users from exploits — and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes. To update applications, BSI gave a nod to Secunia's Personal Software Inspector, a free utility that scan a computer for outdated software and point users to appropriate downloads.'"
This discussion has been archived. No new comments can be posted.

German Government Endorses Chrome As Most Secure Browser

Comments Filter:
  • by warrax_666 ( 144623 ) on Saturday February 04, 2012 @03:02PM (#38929129)

    Yes, beacuse silent updates let you know which security problems you may have been exposed to.

  • by kermidge ( 2221646 ) on Saturday February 04, 2012 @03:19PM (#38929247) Journal

    I take a look at Chrome every few versions or so, but I do not use it, for various 'comfort' reasons; I haven't decided whether it's useful for me to install Chromium since I seem to get by just fine with Opera and Firefox.

    Unless it's absolutely needful to run anything from Adobe, I prefer to use open-source alternatives, because they suit my admittedly pedestrian needs.

    On Windows systems, I've used Secunia to good effect since their on-line scanner became available; later I used PSI on Vista and Windows 7. I found the later versions in particular to be very useful and easy to use. While I now run Linux, save for a few Windows virtual machines, I continue to highly recommend PSI to any general user running Windows.

  • Adobe worship much? (Score:5, Interesting)

    by icebike ( 68054 ) * on Saturday February 04, 2012 @03:19PM (#38929249)

    It would seem to me that "Chrome's habit of bundling Adobe Flash" would be a detriment. But that's just me.

    They went on to recommend Adobe Reader X. I agree that pdf readers in a sandbox make a lot of sense, its just that I have no particular reason to trust Adobe, since it was their doing that made PDFs unsafe [adobe.com] in the first place. With Chrome's built in PDF render engine, I find I seldom have to use the adobe plugin at all any more. (And when I do, I'm always suspicious).

    If Google wanted to do us all a favor they would to with Flash content what they did with PDF documents, and add their own in-browser render engine.

    That being said, I do like the sandboxing that Chrome supplies, and Google Chrome is my browser of choice.

    Some people don't like keying search terms in the URL bar, and other minor objections that, when investigated, all amount to "its not firefox". I've seen some reports of incredibly slow page fetches, which are usually traceable to external things (chrome likes to use multiple concurrent connections, and swamps some anti-virus packages that operate as a proxy server).

    For me, the speed can't be beat on any of the platforms I use (linux and windows - various flavors of each). I prefer Google's builds to those in the Chromium Open Source project but both work very well.

  • saw this coming (Score:1, Interesting)

    by slashmydots ( 2189826 ) on Saturday February 04, 2012 @03:23PM (#38929291)
    Well, IE is IE but the reason I'm really not surprised is all my repair customers who have Firefox give me an extra headache. You can uninstall Firefox completely then reinstall it from scratch with nothing preserved and you'll still have the MyWebSearch toolbar and basically any other malware that was on it before. You have to actually delete the plugins folder out in Program Files to actually clear it. The add/remove plugins menu is confusing and non-exhaustive compared to IE8 and 9. It's really, really annoying and bad from a security standpoint. Plus, you have to go into the options menu to permanently disable password-remembering which is just about the least secure thing you can do in a browser. They sure have gone downhill lately. I wouldn't be surprised if Mozilla hires the old Netflix CEO because they've been about that smart lately. So I guess chrome wins.
  • Maybe... (Score:2, Offtopic)

    by AlienIntelligence ( 1184493 ) on Saturday February 04, 2012 @03:45PM (#38929443)

    But this newest update they sent... is blowing my CPU util of the charts...

    I can open just Gmail, come back 8hrs later (ie, going to sleep), come
    back and my laptop fan is roaring like a jet taking off, utilization is well
    above 50%, with kernel involved and both cores.

    I don't know if it's new Chrome update interacting with SWF or something
    that they (Google) did to their pages. When I run Chrome taskman, it
    shows the tabs that have Google apps on them, just smoking the CPU.

    This isn't flamebait or trolling... it's a fact. I've made two bug reports,
    but it seems that there isn't a "me too" anywhere.

    Hoping maybe one of the geek peers here might have a similar issue?

    -AI

    • by Anonymous Coward on Saturday February 04, 2012 @05:03PM (#38929933)

      Start by upgrading that 40-characters-wide monitor of yours, then we'll talk about your Chrome problems.

    • by Grishnakh ( 216268 ) on Saturday February 04, 2012 @05:31PM (#38930089)

      I've been using Chromium for a few months with Gmail, and haven't had any problems at all. I wouldn't be too surprised if it's that Flash crap. I used to have all kinds of problems with Flash processes pegging the CPU when I used Firefox. Anything that Flash touches turns to shit.

  • by ChadL ( 880878 ) * on Saturday February 04, 2012 @03:49PM (#38929459) Homepage
    I use Firefox because it has NoScript and SSLEverywhere, that Chrome doesn't (or doesn't that have equivilent funcionality); thus making Firefox more secure for my usage paterns.
    • by Anonymous Coward on Saturday February 04, 2012 @07:01PM (#38930619)

      Sorta, except that when a security vulnerability is identified and exploited in Firefox that browser doesn't do anything to mitigate the extent of possible damage. Aside plugins themselves there have been vulnerabilities in common image libraries in the past which have been exploitable through a web browser. In Chrome (and IE) such would land arbitrary code within a sandbox, but in Firefox that code runs as the same context as your user and can trash your profile (or set up a zombie, which generally doesn't require any elevated privileges these days).

  • by Billly Gates ( 198444 ) on Saturday February 04, 2012 @04:00PM (#38929539) Journal

    Adobe in the same sentence as secure?

    I do not know what world they are living in but post 2008 since the death of IE 6 the number one infection of the web is not javascript or browser exploits but infected flash, java, and adobe files. They infect all platforms regardless of browser and is a nice run around since browsers generally have huge resources put in security development. I am shocked most geeks still allow flash and java enabled in work computer browsers outside the intranet and allow adobe acrobat to be installed.

    At home I use Foxit with javascript disabled by default as my pdf viewer and use lists in IE 9 to block most flash and ads. In Chrome I use adblock.

    Also Chrome is that secure because of one glaring feature that is a security risk. Chrome will click for you on every hyperlink and just not render it in front of you in order to *appear* faster when you do click on it. It is called network predictions. So the old tale, do not click on everthing! ... does not apply in Chrome and that scares me. I make sure I disable it under advanced options.

    So far I only trust IE 9 for security as Firefox offers no sandbox at all, but even IE 7 had a sandbox and was not secure although better than IE 6.

  • by tbird81 ( 946205 ) on Saturday February 04, 2012 @04:31PM (#38929755)

    Do they have people who know absolutely nothing about computers writing these recommendations?

    Go to AskWoody.com first and decide whether that update is going to break your computer! There's nothing good about automatic updating - it just breaks things and adds bloat!

  • by idbeholda ( 2405958 ) on Saturday February 04, 2012 @08:07PM (#38931055) Journal
    Fanboys argue amongst each other about which browser is the best. This quickly snowballs into a heated debate about which OS is more secure, and which browser is most secure on what operating system. In the end, after the thread is left in a smoldering heap of baseless accusations, groundless conjecture and a little bit of superstition, we all end up looking like basement dwellers to the casual observer.

    If you must know, my browser is made from alien technology and does some of them there fancy things.
  • by assertation ( 1255714 ) on Sunday February 05, 2012 @05:17AM (#38933527)

    Assuming Google doesn't have a "sendCopyOfUsersDataToGoogle()" function buried in the Chrome code base.....which is a very real possibility, Chrome *might* be the most secure browser in that if anyone rapes the user, it will be Google themselves.

    If Chrome is that well built, it might be worthwhile to use one of the open source recompilations that check for and remove spy code.

    Still, you have to trust that the developers are good enough to spot it.

    • Additionally, they may not rape you now but can easily add the rape function via silent update.

      Oh, right, I can disable updates... and that's more secure? Sorry, no it's not.

      I only trust browsers that I compile myself -- Before you ask: Yes, I do read through every line of code & diff-logs of updates looking for evilness therein. I'm actually two of those "many eyes" out there that help improve security and fix bugs... I can't compile Chrome, I don't use it. IMHO, I can't trust Chrome -- It has something to hide, or else I would be able to. Maybe that "something" it's hiding isn't malicious. Can you prove it's not? No, you can't. Since alternative open source software with equivalent features exists It would be quite foolish to NOT use them instead... I need to trust the browser when I enter my credit card numbers online, not saying that Chrome isn't trust worthy, just that the alternatives are moreso.

      So, Chromium & Firefox, yes... but never will I use Chrome.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...