Linked by Thom Holwerda on Sun 10th Jun 2012 22:36 UTC
Google So, Google has made it very hard to install Chrome extensions outside of the Chrome Web Store - out of security concerns. In addition, they sprung this on users and extension developers without much consultation or consideration for their concerns. As always - understandable to protect users, but the handling has an almost Apple-like bluntness to it. Next up: how to jailbreak your browser?
Permalink for comment 521531
To read all comments associated with this story, please click here.
Alfman
Member since:
2011-01-28

darknexus,

"Speaking from tech support experience, I'd say if a user doesn't know enough to google for that switch, they have no business side-loading. The more checkboxes you give users, the more they will check out of annoyance just to avoid the alert dialogs, and then your security becomes null and void."

The spread of malware happens because users lack the tools to make informed decisions. Often the choice is between "run" and "do not run" and the only information presented is to identity the software. Even knowledgeable users will be at a complete loss to know if something is harmful, so I fully agree that this type of security model is flawed. But I disagree very strongly with the "remedy" of a walled garden (even if more savvy users can disable it). It'd be both more open and more secure to add metadata about what the extension does and then enforce it in a sandbox. Given the right tools & information, users may be even more secure than simply trusting everything in google's repository.

Reply Parent Score: 2