Linked by Thom Holwerda on Thu 24th Sep 2009 19:17 UTC
Internet Explorer Earlier this week, Google launched Chrome Frame, a plugin for Internet Explorer 6/7/8 which replaces the Trident rendering engine with Chrome's rendering and JavaScript engine for better performance and superior standards compliance. Microsoft has responded to this release, claiming it makes Internet Explorer less secure. Note: What database category do I put this in? Internet Explorer? Google? Choices, choices!
Thread beginning with comment 386070
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Microsoft is right
by Laurence on Thu 24th Sep 2009 20:53 UTC in reply to "Microsoft is right"
Laurence
Member since:
2007-03-26

Mod me down, linux fanboys, but Microsoft is technically right.

Adding a third-party plugin, especially something that replaces the core browsing engine, does make IE less secure. With this plugin, IE can be compromised due to a security issue in IE code -or- Chrome's code. If a security flaw is found in Chrome's javascript rendering engine, any version of IE running this plugin will be vulnerable.

The same thing can be said about other plugins. Installing the Adobe Flash player plugin to IE or Firefox will make both less secure, since you are introducing additional code.

Microsoft is right because adding any plugin that expands software functionality will introduce new code that can potentially cause additional security problems.

Did Microsoft consider this before forcing a .NET add-on to be installed to Firefox via Windows Update? Certainly not.

Is this a marketing gimmick by Microsoft to scare people from using the plugin of one of their biggest competitors? Probably.

Is Microsoft wrong in saying this? No, they are technically correct.


You're logic doesn't really work because if 3rd party plugins are seen a security threat then it's IE which is insecure for allowing 3rd party plugins to install in the 1st place.

If you want to talk about a specific plug in (Chrome) reducing IEs security, then you have to look at what the plug in specifically performs - which is rendering. And that plug in specifically IS more secure than trident (as well as more standards compliant).

Mod me down, linux fanboys, but Microsoft is technically right.


I really don't see what Linux has to do with this.
If anything, Google have proven time and time again that Chrome's priority is Windows - so why make such a comment if you didn't want to come across as trolling?

Edited 2009-09-24 20:56 UTC

Reply Parent Score: 6

RE[2]: Microsoft is right
by Bill Shooter of Bul on Thu 24th Sep 2009 22:44 in reply to "RE: Microsoft is right"
Bill Shooter of Bul Member since:
2006-07-14

Well, everyone pretty much admits that in general plugins are a security problem. Chrome is trying to find a way to sandbox them to reduce security risks.

But I would assert that plugins in IE are especially a security risk. As they have historically been exploited a number of times. I think Safari plugins have been as well, but not 100% sure on that.

Reply Parent Score: 2