Power Sellers Unite

elgato · Joined: 24 Feb 2005 Posts: 16923 Location: Texas

Microsoft does not recommend that Internet Explorer users install Google Chrome Frame, in order to avoid having more security issues.

The release of Google Chrome Frame, a new open source plugin that injects Chrome's renderer and JavaScript engine into Microsoft's browser, earlier this week had many web developers happily dancing long through the night. Finally, someone had found a way to get Internet Explorer users up to speed on the Web. Microsoft, on the other hand, is warning IE users that it does not recommend installing the plugin. What does the company have against the plugin? It makes Internet Explorer less secure.

"With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers," a Microsoft spokesperson told Ars. "Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take." The spokesperson also referred us to the latest phishing and malware data from NSS Labs, the same security company that found IE8 was the most secure browser in August 2009 via two Microsoft-sponsored reports.

Some of the points Microsoft makes in its statement are controversial, though it's not all simple PR talk. Plugins and add-ons are definitely a huge security issue; they usually remain unpatched longer than most and often end up doing more damage than vulnerabilities in the actual browser. As for IE + Google Chrome Frame potentially allowing for double the damage because the browser mutant would be open to a wider range of attacks, we're going to have to call foul. Somehow we doubt there is a significant amount of malware specifically targeting Chrome, and for whatever exists, we're pretty sure most would fail when encountering IE + Google Chrome Frame. These Web attacks would be written to be able to circumvent Chrome's security measures and would simply not expect Internet Explorer's security layers.

more.. link to news article

elgato · Joined: 24 Feb 2005 Posts: 16923 Location: Texas

Related:

"Researchers find flaws in Google Chrome OS systems"

Flaws could undermine Google's focus on security of Chrome-powered devices.
Since Google's Chrome operating system is built to be used connected to the web, users' files and work will mostly be saved in the cloud. Using Google Docs applications for example, automatically stores the work on Google's servers so you can access it from anywhere across a variety of devices.

Google believes this is the future of computing, and its Chrome OS is designed specifically for Cloud-based use. It also allows Google to talk up security, as your documents are stored and well protected in the Cloud, whereas if somebody were to steal your Chromebook, they won't find all of your files on your HDD like they will if they steal your notebook PC.

However, researchers at an independent security firm say that Chrome's reliance on web computing also makes it vulnerable in other ways. WhiteHat Security researcher Matt Johansen was paid $1,000 by Google for reporting a flaw in the Chrome OS note-taking application that he successfully exploited to hijack a Google Mail account.

Since then, Johansen has said he found the same basic flaw with many other applications (or extensions). "This is just the tip of the iceberg," he told Reuters. "This is just evolving around us. We can see this becoming a whole new field of malware."

more.. link to news article

things4u · Joined: 21 Jan 2007 Posts: 1200

Well isn't this just special looks like goggle is getting like MS and putting together soft ware that is flawed and hoping that it is accepted buy the consumer and then saying oops we need to make a patch and fix this tiny security problem :lol: :lol: more and more not ready for prime time applications being shoved down every ones throat and causing a lot of grief to the end user like you or me.

why can't they write a hack proof code to start with :?: :?: :?: :?: :?: :?: :?: :?: :?: :?: :?: :?: :?: :?: :?: :?:

like the money processing business as it is called now or on line banking it is only safe as you PC or device is and most aren't that safe to begin with even if you use layer protection they still get around it and using security soft ware that you pay for isn't all that great either it to does get hacked often and easily and your left hanging and they assume no lialibility for lack of security in their product and the problem.

doing all your finances on line is just plain and simple a stupid risk that some take in the hope of saving a small amount of time, the best thing to do is to hurry up and slow down and do it the old way till they get a really good safe way to do it now and in the future and don't believe that your safe doing it now. because if your hacked or the institution that you are working with gets hacked it will cost you more time than you saved and you credit takes a beating you have to ask your self is it really worth taking the chance ???