This is funny... When Microsoft is making the claim, they say they do more to secure their users than the alternatives. However, at least on 3 occasions I've been speaking to a MS employee or MS fan and mentioned that there are significantly fewer security problems with alternative OS's and browsers, and their response is "well no-one uses -insert product here- so nobody wastes their time trying to hack it".
"The spokesperson also referred us to the latest phishing and malware data from NSS Labs, the same security company that found IE8 was the most secure browser in August 2009 via two Microsoft-sponsored reports."
I don't know who funded the study but I'd much rather trust the Pwn2Own contest. Its all very well to say a browser is safe, but in real life when you have security and hacking experts at work on it, that's when you find out if the browser is secure or not.
I find it interesting that Chrome actually survived day one of the Pwn2Own contest. I would have thought Firefox would be the winner.
They got a point. IE has its own venerabilities and Chrome has some too, maybe less maybe more. Also we can factor the plugin since it can have its own security risks. So statically IE using the Chrome Frame is more exposed then IE alone.
It sounds like MS are clutching but they still raise a valid point.
BTW
I can't remember hearing that Mozilla are complaining about IE Tab.
Personally, it was great to see Microsoft spitting in the face of the company that is practically trying to save their product. However, this was by far one the greatest PR moves for chrome bar none. Lets see what kind of commercial Microsoft is going to use to attack Google for helping.
If Chrome Frame works the way I understand it does, with Chrome basically sitting in the rendering area of IE, taking UI commands from it and interpreting all the incoming markup/code itself then I would have to guess that the answer is no.
The only public facing interface should be Chrome's, but I'd have to do a bunch more research to confirm that for sure...
Ah, I hadn't realized that the individual website had control over whether Chrome Frame was used or not... That is a terrible idea. If the user elects to install Chrome Frame it should render every page except for exceptions set at the user's discretion.
I absolutely agree. Letting the website choose is just adding attack vectors.
It also ensures that sites that only work in IE continue to work. Google Frame simply lets someone visit sites that only work in IE and sites that need HTML5 without having to know which browser to use for which site.
Having the site control when GF is used is essential for this to work.
I understand the reasoning behind that, but ultimately it should be the user not the website that has control over whether Chrome Frame is activated or not. A user can always visit an IE-only website in FireFox, so it's not creating a new problem there.
Allowing the user control, rather than the website, means the user will get the benefit of Chrome Frame by default rather than as the exception and will stop a potential attacker from getting to choose their attack vector...
Personally I would propose that it would halve the attack surface area. When you have two browser's worth of security at work then something that slips through IE might get caught by Chrome.
In my mind having two browsers would be an advantage security wise.
They don't have to exploit both browsers. They just have to exploit a browser. Their argument is that you now have 2 potential entry points for attack instead of 1.
This holds as long as there's no exploit that affects IE, but doesn't affect google framed IE.
And there would be. I'd say, for IE6, there are probably a few.
And those who care about security don't use IE anyway.
I did not indicate in my comment that the article says so, I wrote that I SAID SO before. This is obviously the first step on the way to blocking it. Please try to read first and understand before complaining.
Comments are not for repeating what the articles say but to add your own opinion.
Also you're not my father to tell me how I should behave.
Here is the link where I said it in case you still don't get the context:
Just because many people agree with you doesn't mean you are right. It's often opportunism. M$ will surely try block it, either technically or by law. For the uninitiated M$ is the short version for Microsoft.
I may be childish, but it has been the unofficial acronym for at least a decade so obviously whole generations of children use it.
Last but not least: Voting everything down you don't agree with is childish. I argue with people and don't vote them down like some bury brigade just because I disagree.
That term simply doesn't come across well in a discussion held - ostensibly - by adults. It has the same effect as someone writing 'MAD LULZ G00G PWNED MS' and ultimately conveys nothing aside from prejudice.
How will they block google? There's already two newer versions of IE and users haven't updated to them, what makes you think the users will install an IE6 update to block chrome if they won't install an update to IE7 or 8?
Increasing avenues of attack?
I've heard that Chrome is currently has the most impressive security credentials, working hard at security does not equal effective security http://arstechnica.com/security/news/2009/03/chrome-is-the-o...