Posts Tagged ‘browser’



Microsoft Will Give European Users a Choice of Browsers

Published: October 8th, 2009

[Jennifer LeClaire, newsfactor.com] – In a move to close a decade-long chapter of competition concerns, Microsoft on Wednesday agreed to provide a choice of browsers in the European Union. The software giant usually configures Internet Explorer as the default browser for its Windows operating system, but agreed to test-market measures to give consumers an option to download and install competing browsers like Google Chrome and Mozilla’s Firefox.
"We welcome today’s announcement by the European Commission to move forward with formal market testing of Microsoft’s proposal relating to web browser choice in Europe," said Microsoft General Counsel Brad Smith. "We also welcome the opportunity to take the next step in the process regarding our proposal to promote interoperability with a broad range of our products."

The Ballot Screen
Microsoft will offer consumer choice through what it is calling a ballot screen. As Smith described it, the ballot screen will be displayed automatically and PC users can make any browser the default.
Users can even turn Internet Explorer off, although Smith said there’s no need to turn it off to make another browser the default. If the market testing is positive, the EC said it plans to make the ballot screen legally binding for the next five years.

(more…)

Tags: , , ,
Posted in IT Stuff | No Comments »

Google Chrome Frame makes IE more or less secure?

Published: October 3rd, 2009
Google Chrome Frame makes IE more or less secure?
There has been some back and forth finger pointing in the last few days between Google and Microsoft over Chrome Frame. According to multiple reports, Microsoft has said that the Chrome Frame IE plug-in (which embeds Google Chrome JavaScript and HTML 5) into IE 6,7 and 8, puts IE users at risk. It’s a claim that Google disagrees with.
From my perspective they’re both right … and wrong. Here’s why:
Chrome Frame, like any plug-in for any browser, does provide extra functionality and code. As such, from a purely objective point of view, it does present a broader potential attack surface and new attack vectors. Simply put, when there is more code, there is more code to attack that is potentially vulnerable.
As well, the known risk from all plug-ins (highlighted recently with Adobe’s Flash) is that users do not update them as often as they should, leaving them at risk.
At this early stage, it’s not clear to me how Chrome Frame is updated. Though Google Chrome itself has one of the best updating systems around, providing transparent automatic updates to users.
On the other side of the equation, Chrome (to date) has not been as widely attacked as IE. There have not been nearly as many (not even close) publicly known vulnerabilities in Chrome or Chrome specific malware or scripting (XSS, CSRF etc.) attacks.
Additionally with the JavaScript sandboxing that Chrome provides, which is not something IE 6 or 7 users have, they actually get  a degree of process isolation which mitigates a lot of script related risk.
Personally, I think that Chrome Frame provides the most value to older versions of IE, in particular IE 6. Yes of course those users should upgrade. But the reality is to date they haven’t for any number of reasons. In my experience those reasons typically include either ignorance or fear (or a combination of the two). Adding a plug-in is easier and less invasive.
The way I see it, Google is undercutting IE and Microsoft just doesn’t like that. Yes there are potential risks, just as there are with any plug-in. The native risks to IE 6 users in particular, likely far outweigh the theoretical risks from Chrome Frame.

There has been some back and forth finger pointing in the last few days between Google and Microsoft over Chrome Frame. According to multiple reports, Microsoft has said that the Chrome Frame IE plug-in (which embeds Google Chrome JavaScript and HTML 5) into IE 6,7 and 8, puts IE users at risk. It’s a claim that Google disagrees with.

From my perspective they’re both right … and wrong. Here’s why:

Chrome Frame, like any plug-in for any browser, does provide extra functionality and code. As such, from a purely objective point of view, it does present a broader potential attack surface and new attack vectors. Simply put, when there is more code, there is more code to attack that is potentially vulnerable.

As well, the known risk from all plug-ins (highlighted recently with Adobe’s Flash) is that users do not update them as often as they should, leaving them at risk.

At this early stage, it’s not clear to me how Chrome Frame is updated. Though Google Chrome itself has one of the best updating systems around, providing transparent automatic updates to users.

(more…)

Tags: , , , , ,
Posted in IT Stuff | No Comments »

Mozilla opposes Google Chrome Frame. No soup for you

Published: October 3rd, 2009
Mozilla opposes Google Chrome Frame. No soup for you
From the ‘Mozilla Agreeing with Microsoft’ files:
Microsoft and Mozilla are two organizations that tend not to agree on many different topics. When it comes to Google’s Chrome Frame, it’s a different story.
Mitchell Baker Chair of the Mozilla Foundation has come out swinging against Chrome Frame, which is a plug-in for Microsoft’s Internet Explorer providing Google Chrome rendering technology. Microsoft has said that Chrome Frame isn’t a good thing and Mozilla’s Baker sees it as leading to further browser fragmentation as well.
Baker sees Chrome Frame leading to a ‘browser soup’ where users (and developers to some extent) are using a ’soup’ of browser components which could lead to control and potential security issues.
“I predict positive results will not be enduring and — to the extent it is adopted — Chrome Frame will end in growing fragmentation and loss of control for most of us, including web developers,” Baker blogged.
Among the concerns that Baker has is how passwords, security settings, personalization, tagging and bookmarking will be handled across the Chrome Frame/IE hybrid.
In her view, due to the fact that various parts of the browser are no longer connected, it’s not clear that actions made in IE will have the same results if the user is using Chrome frame, which is essentially a browser-within-a-browser.
“Once your browser has fragmented into multiple rendering engines, it’s very hard to manage information across websites,” Baker said. “Some information will be manageable from the browser you use and some information from Chrome Frame.”
Certainly Baker’s concerns are legitimate, but isn’t the issue the same as the one that developers (and users) face, with other plug-ins and add-ons? The real issue here is control.
That is, Mozilla (and Microsoft) want the browser vendor to be in control. The Google Chrome Frame approach is an opposing view in some respects, where the developer gets control (if the user has the plug-in) by forcing the user to have a site render using Chrome Frame.
Baker warns that other developers could see value in Google’s approach which could lead to
browser-within-a-browser plug-ins for other sites and services. That would lead to more complexity and potential security issues.
“The result is a sort of browser-soup, where a given user action serves up some sort of response, but it’s not clear what the result will be: are my passwords and history stored in chrome frame? some other variant? in what I think of as “my” browser?” Baker said. “This makes the web less knowable, less understandable, and certainly less manageable.”

mozilla firefox 3From the ‘Mozilla Agreeing with Microsoft’ files:

Microsoft and Mozilla are two organizations that tend not to agree on many different topics. When it comes to Google’s Chrome Frame, it’s a different story.

Mitchell Baker Chair of the Mozilla Foundation has come out swinging against Chrome Frame, which is a plug-in for Microsoft’s Internet Explorer providing Google Chrome rendering technology. Microsoft has said that Chrome Frame isn’t a good thing and Mozilla’s Baker sees it as leading to further browser fragmentation as well.

Baker sees Chrome Frame leading to a ‘browser soup’ where users (and developers to some extent) are using a ’soup’ of browser components which could lead to control and potential security issues.

“I predict positive results will not be enduring and — to the extent it is adopted — Chrome Frame will end in growing fragmentation and loss of control for most of us, including web developers,” Baker blogged.

Among the concerns that Baker has is how passwords, security settings, personalization, tagging and bookmarking will be handled across the Chrome Frame/IE hybrid.

(more…)

Tags: , , , , ,
Posted in IT Stuff | 1 Comment »

Opera, Mozilla slam Microsoft IE8 default settings in Windows 7 Claims IE8 is anti-competitive

Published: May 12th, 2009

Browser makers Mozilla and Opera have accused Microsoft of force feeding Internet Explorer 8 (IE8) to users with Windows Update and silently changing the default browser on PCs.

Both companies, which make Firefox and Opera, respectively, are involved in the European Union’s anti-trust action against Microsoft, which was accused in January of “shielding” IE from competition by bundling the browser with Windows.

“Using the Windows Update channel to update Internet Explorer in any way that undermines user choices is a clear example of how Microsoft uses its monopoly position to damage competition in related products,” said Mitchell Baker, the chairman of Mozilla.

(more…)

Tags: , , , ,
Posted in IT Stuff | No Comments »