Earlier this week, Google launched Chrome Frame, a plugin for Internet Explorer 6/7/8 which replaces the Trident rendering engine with Chrome’s rendering and JavaScript engine for better performance and superior standards compliance. Microsoft has responded to this release, claiming it makes Internet Explorer less secure. Note: What database category do I put this in? Internet Explorer? Google? Choices, choices!
Google Chrome Frame is not a replacement for the Trident engine, but rather an opt-in plugin; web developers can add a meta tag to their web pages which makes sure the pages in question will be rendered with the Chrome engine instead of Trident. Using some JavaScript magic, web developers can prompt users to install Chrome Frame.
It’s a very cheeky move by Google. We all know that while Internet Explorer has made some strides in the standards compliance and speed areas of browser development, it still lags behind considerably compared to the competition. No HTML5, an outdated JavaScript engine, and not even things like CSS3. Since Microsoft isn’t particularly quick with updates, this is a nice intermediary solution – albeit a bit convoluted.
As was to be expected, Microsoft isn’t all too pleased. They decided to use the ol’ scare-‘m tactic, and claim it makes Internet Explorer less secure. “With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers,” a Microsoft spokesperson told Ars Technica, “Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.”
This statement needs some explaining, especially the part where Microsoft says Google Chrome “in particular” has security issues. According to Ars, they are referring to when Chrome was first released, and it contained a few widely publicised security issues, which were quickly fixed. These days, Chrome is quite secure, was the only browser left standing in the pwn2own contest (for whatever that’s worth), and security experts claim the sandboxing technology is hard to break out of.
The part about plugins being a security issue are of course true, as stuff like Flash has often seen extensive exploits. However, there are not a whole lot of Chrome exploits out there, and even if there are, those are for Chrome – not Chrome in conjunction with Internet Explorer. In addition, what about Silverlight? Flash? Those are plugins too.
All in all, Redmond had to say something, so they decided to take this route. I personally doubt Chrome Frame will make much of a real-world splash, but I also believe that’s not really what Google was after; this is a publicity issue, a public slap in the face of Microsoft.
And I like it. This is how you compete.
When someone fixes your crap for you, you thank them. And Google Chrome Frame is basically a copy of Chrome, sans, er… the chrome. It uses the same automatic, silent update system as Chrome. Any security flaws can literally be fixed for all users within 24 hours. You have no argument left Microsoft. Get your act together and instead of scaremongering, fix your crap.
I am also utterly displeased with Microsoft’s response to this.
FUDing around never made Microsoft look good, and with motivations as transparent as here (“let’s hold HTML5 back until we get Silverlight shoved down people’s throats”) is shooting themselves in the foot publicity wise.
Yes, dear Microsoft, it will hinder your controlling the internet protocols, but PLEASE will you give it a rest and start playing nicely?
Unfortunately, FUD from Microsoft is likely to be at least somewhat effective. The less technically-inclined are likely to actually listen to what Microsoft says, and if they do and they have the say as to what plugins get installed on their corporate network, then lo and behold, Chrome Frame won’t get installed on their corporate network, and Microsoft won that small piece of the battle.
Anyone who really pays attention and actually knows anything about the issue will know that it’s pure FUD, but unfortunately, FUD still affects what people think – especially when the people doing the listening aren’t all that well-informed. So, this move may very well look stupid, but from Microsoft’s point of view, it’s likely better to spout FUD than admit that Google is actually helping to clean up Microsoft’s mess.
This would all be true and of great importance if Microsoft’s reputation was still what it once was.
However, Microsoft’s reputation is very heavily tarnished. They have virtually no credibility left. Their announcement is clearly and demonstrably self-serving (and very transparent) FUD. Everyone with half a brain can see it for what it is.
Microsoft might even be digging a bigger hole for themselves here, if that was even possible.
More and more that seems to be asking a lot from people in general.
The people who read Microsoft press releases on Ars and the less technically-inclined usually don’t overlap.
Since 99% of the people that are going to hear about this either “know better” or don’t have much respect for what Microsoft says, I don’t think that this was a wise move.
In this case, like Thom previously stated, this is a slap in the face for the IE team at MS. Thanking google (a competitor in the browser market) would be like saying thank you for showing us that the work we’ve been doing for the last few years has been completely and utterly useless. If they had conceded that, it would have meant a restructuring of that team for sure.
Hopefully they can get this right next time around now that the’ve been shown a lesson.
How have they been shown a lesson? They don’t want people to use IE6 and they don’t want an outside company to encourage its use. Did you notice that IE8 contains an IE7 compatibility mode but not one for IE6? That’s because they want people to dump IE6, not use hacks to keep it working.
As I stated earlier the real problem is with IT department heads, not MS.
Even though this plug-in has obvious benefit to some it is going to allow a lot of el cheap-o companies to extend the life of their Windows 2000 workstations.
Which they could have done anyway by installing another browser such as Firefox, etc…. so you need to narrow your statement further:
It will allow *users* in el-cheapo companies moronic companies that demand usage of only an outdated version of IE browser to finally view the modern internet.
These same companies could allow dual-browsers, or could upgrade IE for their users, but they choose not to for some reason… and now Google has provided another option for them to consider.
And what’s wrong with Windows 2000? If placed behind a firewall (for security reasons), it’s still a perfectly usable OS that still runs most modern windows software without problems.
Well of course that is always an option but for a lot of companies adding a plug-in to IE6 is much more appealing than adding a browser that isn’t designed to be used with active directory. Most people have no idea has to how entrenched IE is in the workplace due to active directory integration/central updating.
Doesn’t matter anyway, according to the Google Frame download page, it only supports XP SP2 and newer. (responding to your previous assertion that this allows corporations to continue using Windows 2000)
Edited 2009-09-26 00:11 UTC
What is exactly is being fixed? MS already has a fix for IE6, it’s called IE8. They just aren’t forcing the update because a lot of software was built around IE6.
If you want to direct your anger anywhere it should be at IT departments who refuse to upgrade or even install an alternative browser along IE6. A lot of IT departments will only upgrade if they absolutely have to.
IE6 only has about 9% share in North America and will continue to drop in the next few years as many businesses dump old xp machines for windows 7.
The problem is that IE8 is also lagging behind! Its the same crap with MSIE as always. All browsers support feature X but IE. All browsers support feature Y but IE. Same old story, again and again and again.
And if there would bei IE20, and if they even would force it down everybody’s ass, you could bet again on the fact that it would be missing standard features, has its own opinion on CSS, etc. and so on.
What are you saying? That people would be better off with IE6+Chrome plugin than IE8? That’s a terrible idea from a security standpoint.
The real problem is that there is a large contingent of people that don’t want anyone to use IE8 simply because it is made by Microsoft. They’re ideologically driven and have no desire to judge software based upon technical merit.
It doesn’t seem to matter that IE8 follows strict standards by default since there are just as many negative posts about IE8 as there were about IE6. If IE20 ever comes out we’ll probably have to endure a thousand posts about how it doesn’t follow standards because it hasn’t adopted a 3 month old Skynet proposal.
Browser evangelism has really gotten old, especially on tech sites which are already visted by people that are more likely to use an alternative browser. It’s preaching to the choir and I have to deal with enough religion/politics in real life.
No, I’m not saying that at all. People should use IE8 if they want to. They will use an inferior product given current competition, but then at least it is not a terrible product anymore like its predecessors.
Note that the Chrome plugin is also available for IE8 and for a reason. The only thing I state is that it is true that IE8 is still missing important features that other browsers already have, and it is valid to call the Chrome plugin a fix for that. It is also true that if you look at the history of IE, Microsoft is very reluctant to participate in the evolution of browsers. As a matter of fact, IE7 and 8 are only there as they finally lost their monopoly on the market. Now they are playing catch up, but always only up to the point where they would start to bleed. And they try to avoid the endorsement of any standard which does not benefit them, probably just out of caution, just not to loose anything on the market…
Microsoft’s strategy unfortunately does not benefit the customers, as it stalls the state of the web. The features missing in IE8, btw, are all listed in the original Chrome Frame article…
Edited 2009-09-25 08:54 UTC
What are those important features? Draft proposals like HTML5?
We already went through this in another thread.
I don’t mind if you bash IE but at least provide specifics. IE8 supports 4.01 strict which is a massive improvement compared to IE6.
I’ve worked on webpages and have had the hell of dealing with IE6. However IE8 hasn’t been a problem so I think a lot of bashing is a mindless echo.
It depends hugely on your customer base. If you’re writing web apps for consumers, broadly speaking they’re reasonably up to date.
If, like me, you’re writing webapps for schools and local government (or, unlike me, for corporations) you’ll be supporting IE6 and loathing every minute of it for some years.
Um, dude, Chrome doesn’t “fix your crap for you.” Chrome has an abysmal security record.
Um, dude, no.
http://arstechnica.com/microsoft/news/2009/09/microsoft-google-chro…
Do try to keep up with things.
Read for comprehension. I said that Chrome has an “abysmal security record.” There’s nothing in the paragraph that you provided that refutes the previous paragraph:
“Soon after Chrome was first released in September 2008, vulnerabilities were discovered and loudly trumpeted. The new browser was quickly labeled insecure days after it was made available, and remained so until a patched version was released.”
Read for comprehension yourself.
Chrome’s security record is superlative compared to IE’s security record. Absolutely wonderful … even if a very early version of Chrome did once have a security hole think about the long and utterly abysmal history of IE … shudder!!
If you are going to prattle about “ah but IE8 is much better, and ancient history about older IE browsers is not relevant” … then be advised that Google Chrome Frame has a PERFECT security record … because (according to that muddle-head thinking) we should not after all worry about previous versions.
Edited 2009-09-25 05:16 UTC
Because IE has such a stellar record. Keep smoking crack.
Thanks for the productive comment. I’m sure that increasing the malware attack surface area within IE6/7 is really going to help users. LOL!
Microsoft shills are on the way.
Interesting how the first posts never see such stupid and beside-the point-replies from Microsoft shills.
I guess they have a list which news outlets they have to shill first. Slashdot gets shilled first (has probably higher number of readers), and only after some time osnews is “worked on”.
Not to worry, the shills have another spot fire on this topic to try to stamp out over on slashdot, so they might not bother us here.
http://tech.slashdot.org/story/09/09/26/0257216/Google-Barks-Back-A…
Kroc, I do think it’s not as secure as normal Google Chrome, because I don’t think this uses process-seperation, does it ?
What I’d really like to understand is the meaning of “crap” in this context.
Microsoft was criticized for IE6 stagnation, so it re-formed the team and got to work. It was criticized for not having tabs, so it did tabs.
Then it was criticized for not being perfectly standards compliant, since IE5/6 predated the standards. So it worked on standards. And then it was criticized for that not being the default, so it broke IE5/6 compatibility – a huge leap in the dark – and shipped IE8, which gave everyone what they wanted, and struggled to gain any users in the process.
Now IE is just “crap.” Not a good analysis of a clear deficiency, just “crap.”
I don’t work on IE, but I feel really bad for those guys right now. They’ve tried hard to give people what they want, and the result is just dismissive, unconstructive criticism.
Really, if you, the reader, want to see further standards compliance in IE, the best thing you can do is use IE8 to send a clear message that if Microsoft embraces standards, you will embrace Microsoft.
Microsoft doesn’t embrace the standards.
Exactly those standards that can deliver a “rich, interactive, multimedia” performance from the web via a browser, those are the standards that Microsoft does NOT include in its browser.
Here is a short list where IE falls short:
http://en.wikipedia.org/wiki/Acid3#Standards_tested
IE8 incorporates only about 20% of that lot.
http://en.wikipedia.org/wiki/File:Acid3ie8rc1.png
Google Chrome Frame incorporates 100%.
http://en.wikipedia.org/wiki/File:Acid_3_Test_Chrome_2.0.170.0.jpg
The reason why IE does NOT incorporate those standards? It is pretty simple, really. If IE incorporated those standards, there would be no need for Silverlight (or Flash for that matter). If there is no need for Silverlight or Flash, then one can run a compliant browser (and therefore fully functional) on ANY platform.
That is worth repeating: One can run a compliant and fully functional browser on ANY platform. This was always the design intent of the web in the first place.
One doesn’t need Windows or IE to view the web in all its glory.
Edited 2009-09-25 03:06 UTC
Your theory is possible, although the official stance of the IE team is that Acid3 includes requirements that are not yet defined standards (HTML5, CSS3, etc.)
Microsoft previously got itself into trouble with IE4/5/6, trying to support things not fully standardized, ultimately resulting in a perception of non-standards compliance afterwards when the standards arrived. They are trying not to repeat a past mistake.
Other browsers are taking a different approach. FireFox 3.5 implements HTML5 video, for example, and did so before it was decided which codec(s) to use. A standard tag without a standard codec is not terribly useful. Obviously in the coming years we’ll discover whether FireFox implemented video support “correctly” or not.
This example is not isolated. Firefox, Chrome and Safari have all implemented standards that are not yet standards. It will be interesting to see what the state of things will be five years from now; it’s very unlikely that all of these implementations will be conformant with the final standard.
There are a very few tests in the acid3 suite that are not yet finalised W3C standards.
However, if one were to make a browser that passed only the acid3 subtests for standards that have been established for over, say, five years … then one would still socre over 90 on the acid3 tests.
IE8 scores just 20.
http://en.wikipedia.org/wiki/File:Acid3ie8rc1.png
The fact that MOST of the tests within acid3 are for standards that are over 5 years since they have become a W3C recommendation (and therefore stable) well and truly debunks this contention.
Here is just one example … the acid3 tests include some tests against SVG 1.1.
http://en.wikipedia.org/wiki/Scalable_Vector_Graphics
Over six years ago. IE still, after six years, includes absolutely no SVG functionality.
IE8 could at least quadruple its score against acid3 simply by incorporating agreed standards the have been stable and standard for over 5 years now.
That is how far behind IE is.
PS: from the same page: “SVG 1.0 became a W3C Recommendation on September 4, 2001”. Now I can almost hear your protest … “see, it isn’t stable”. Sorry, but that just isn’t so. SVG 1.1 is a superset of SVG 1.0, and not a revision of the earlier standard.
The only reason why there is any contention here is that the vested interests who want to require you to have their particular platform to view the web have sabotaged agreement on the codec(s) for the HTML5 standard.
It is not hard to replace a codec, or indeed support a few different codecs simultaneously. This is no reason to defer from going ahead with HTML5.
Every browser apart from IE supports HTML5 with Theora. Even Safari will support Theora if one simply downloads the codec.
Now, happily, with Google Chrome Frame, even IE8 will support this.
So it will become a defacto standard, even though the vested interests have successfuly delayed it becoming a formal de jure standard.
Edited 2009-09-25 03:41 UTC
Please read the list instead of quoting Microsoft fud and lies. ACID 3 does neither test for CSS3 nor for HTML5 all it does is to test against existing standards.
One of the reason why Microsoft falls flat for at least 20% is the absolute non compliance to any SVG.
The other 60% simply are bugs or half implemented other standards! The only thing IE8 is really good at is CSS 2.1 compliance, kudos to them that one is really excellent, the rest is still shoddy.
You claim that Microsoft doesn’t follow standards but you are aware that IE8 renders strict W3C standards by default, don’t you?
So don’t you mean that while they support current W3C standards you feel they should support more?
What you should have specifically said is that IE8 doesn’t pass the Acid 3 test, which contains draft CSS3 elements that may in fact be changed or removed in the final proposal.
Here we have people calling IE “crap” for not following draft standards that may not even be part of a proposal that in itself is merely a suggested guideline.
Funny how that is rarely noted. Of course why bother stating the details when you are ideologically driven and just want people to use something other than IE.
Why not just state that you just plain don’t want an MS browser to be dominate? It’s intellectually honest at least and you’ll find plenty of support.
It follows a small sub-set of W3C standards, but it doesn’t implement most of them.
No, I mean that IE8 doesn’t support most of the current W3C standards.
Which is what I said.
That is true as well.
Here is the list of W3C standards that acid3 tests.
http://en.wikipedia.org/wiki/Acid3#Standards_tested
Sorry, but there is no CSS3 tests there, the only CSS tests are CSS 2.1.
Did you actually read the list of tests included in acid3?
Which of these is still draft, do you think?
I can give you some help if you want:
– DOM Level 2 was published in late 2000.
– CSS level 2 was developed by the W3C and published as a Recommendation in May 1998.
– The first edition of ECMA-262 (ECMAScript) was adopted by the ECMA General Assembly of June 1997.
– Unicode 5.0 July 2006
– December 1997 HTML 4.0 was published as a W3C Recommendation
– December 1999 HTML 4.01 was published as a W3C Recommendation.
– SVG 1.1 became a W3C Recommendation on January 14, 2003.
– The HTML 4.01 specification references the data URI scheme
– XHTML 1.0 Strict is the XML equivalent to strict HTML 4.01, in January 2000 it was officially adopted as a W3C Recommendation.
– The HTTP 1.1 standard as defined in RFC 2068 was officially released in January 1997.
– SMIL 2.1 became a W3C Recommendation in December 2005.
That is because it isn’t actually true. That means that most people don’t “lie for Microsoft”, I suppose.
How many details did you want?
Since I have supplied the details, don’t you look more than a little silly now?
Sigh!
Please read the list of web standards tested by acid3, compare that to my list of dates provided above, and then point out which are still draft, and only then get on your high horse.
— I don’t suppose I am ever going to get an apology from you, am I? Oh well, c’est la vie.
Edited 2009-09-25 12:25 UTC
That’s true of the Wikipedia page. However the official page (http://www.webstandards.org/action/acid3) is quite clear that CSS3 is tested.
Your earlier point that this does not fully explain IE8’s low score remains valid.
I dream of a time when Internet discussions can be factual without escalating interpersonal conflict. It’s strange that web discussions tend to go to a level which would never occur face-to-face. I still don’t understand why.
Well I think you have learned a lesson in not putting too much faith in wikipedia.
Funny how your post was modded up and mine down even though the Acid 3 test clearly contains CSS3 elements:
http://www.webstandards.org/action/acid3
Interesting how your position has gone from “doesn’t embrace standards” to “supports a subset” in a few paragraphs.
Since IE8 supports HTML 4.01 strict please tell me what you mean by IE only supports a subset.
Your problem is interpretation. Either that or you just can’t read.
I never said IE supports NO standards.
I simply stated, correctly, that IE lacks support for most of the standards.
This is why IE gets a score of 20 (out of 100 tests) on acid3. IE does indeed support some of the standards … hence its score of 20.
http://www.osnews.com/permalink?386157
I also said that a very few of the tests in acid3 were against functions that were not yet stable, recommended standards.
http://www.osnews.com/permalink?386162
Agreed. But I also pointed out that if IE were to not bother with those few, and concentrate on passing ONLY the parts of acid3 that were stable, recommended standards of five years vintage or older, then it would get a score of over 90 on acid3.
Yet IE8 scores only 20.
What exactly is your point in continuing to utterly ignore all of these facts?
Edited 2009-09-26 11:52 UTC
Might I add that this is also the only way for IE to pass the acid3 test
Microsoft got one thing right – I would never, ever recommend any of my friends and family to use IE. Using IE is the worst fate, that even my enemy should be spared from.
That gets a 5? With such extreme rhetoric being praised it makes me wonder if I should just hang out at slashdot for a more authentic experience.
ROFLMAO!!!
Sadly, however, most corporate IT managers will probably believe what Microsoft says and refuse to allow the Chrome framework to be installed which, of course, is exactly what Microsoft is aiming for with this tactic.
Mod me down, linux fanboys, but Microsoft is technically right.
Adding a third-party plugin, especially something that replaces the core browsing engine, does make IE less secure. With this plugin, IE can be compromised due to a security issue in IE code -or- Chrome’s code. If a security flaw is found in Chrome’s javascript rendering engine, any version of IE running this plugin will be vulnerable.
The same thing can be said about other plugins. Installing the Adobe Flash player plugin to IE or Firefox will make both less secure, since you are introducing additional code.
Microsoft is right because adding any plugin that expands software functionality will introduce new code that can potentially cause additional security problems.
Did Microsoft consider this before forcing a .NET add-on to be installed to Firefox via Windows Update? Certainly not.
Is this a marketing gimmick by Microsoft to scare people from using the plugin of one of their biggest competitors? Probably.
Is Microsoft wrong in saying this? No, they are technically correct.
I agree, in principle, with the rest of your post. (Though I doubt the real-world difference will turn out to be significant.) But as a Linux advocate, I think it is reasonable to ask what purpose this quoted bit at the top of it was supposed to serve. Would not your post have been clearer and stronger without it?
Edited 2009-09-24 20:46 UTC
Simply because a large percentage of Linux users use it because they hate Microsoft as a company. I am tired of being modded down for saying something other than “OMG Microsoft sucks LOL!!!.”
I have nothing against Linux or Linux users. I use Linux, Windows, and *BSD. I use whatever is best for the job at hand. I just don’t like rabid fanboys.
I apologize if my comment offended anyone.
Simply because a large percentage of Linux users use it because they hate Microsoft as a company. I am tired of being modded down for saying something other than “OMG Microsoft sucks LOL!!!.”
I have nothing against Linux or Linux users. I use Linux, Windows, and *BSD. I use whatever is best for the job at hand. I just don’t like rabid fanboys.
I apologize if my comment offended anyone. [/q]
Kind of sad in this world where you have to make a disclaimer to appeal to morons. Religion use to be an opiate of the masses, but now it seems software is as well. Get everyone emotionally tied to something this idiotic and they won’t care about what really matters in life. Linux Sucks, Microsoft Sucks, Windows Sucks, FSF Sucks, chuck it all away and get a free $1 calculator and your life’s problems are solved. Or, just freaking enjoy what you have.
Texa$ In$trument$ $hill.
Eh, next time just mod him down for the use of a stereotype
Edited 2009-09-24 21:24 UTC
You’re logic doesn’t really work because if 3rd party plugins are seen a security threat then it’s IE which is insecure for allowing 3rd party plugins to install in the 1st place.
If you want to talk about a specific plug in (Chrome) reducing IEs security, then you have to look at what the plug in specifically performs – which is rendering. And that plug in specifically IS more secure than trident (as well as more standards compliant).
I really don’t see what Linux has to do with this.
If anything, Google have proven time and time again that Chrome’s priority is Windows – so why make such a comment if you didn’t want to come across as trolling?
Edited 2009-09-24 20:56 UTC
Well, everyone pretty much admits that in general plugins are a security problem. Chrome is trying to find a way to sandbox them to reduce security risks.
But I would assert that plugins in IE are especially a security risk. As they have historically been exploited a number of times. I think Safari plugins have been as well, but not 100% sure on that.
Technically right, maybe, but certainly not fair.
This additional code = more attack surface assertion is equally true about Silverlight. But they are not steering their “friends and family” away from Silverlight, now are they?
Bottom line, it’s the only thing Microsoft could do. They got served, as the kids say nowadays. Thanks, Google, for the entertainment!
They’re not wrong, they’re just assholes.
Technically, what you said is not right.
Each browser is built of two main parts:
1) HTML/CSS/Javascript handling part
2) Main application
What this plugin does, is to ‘replace’ the first part.
So its NOT ‘adding’ any security whole. If there is a security whole in trident (IE’s html/css/js handling stuff) it will not be applicable when this plugin is active.
And since this plugin, is actually webkit, and webkit is far more safer and cooler than trident, practically it will increase the damn security.
Right, but if there is even one vulnerability in WebKit, it is a vulnerability that would not have been there had the WebKit plugin not been installed. That is the genius of Microsoft’s statement. It doesn’t matter that WebKit makes IE more secure than it is now.
You are not getting my point. It ‘replaces’ the damn security bugs. So if you have it working on a web page, you are not affected by trident security treats.
Google disagree, perhaps unsurprisingly.
http://www.computerworld.com/s/article/9138522/Google_barks_back_at…
Microsoft’s statement was in no way “genius”, it was just self-serving FUD.
Edited 2009-09-26 12:24 UTC
I won’t mod you down (despite you attempted slurs) because I don’t do that, but I will gleefully point out the huge omissions in your (and Microsoft’s) logic.
Silverlight. ActiveX. Are these not plugins too? Given IE’s intrinsic very lackluster performance with ECMAscript, are these not required in order to get any king of interactive content over the web (albiet constrained to Windows clients) in the absensce of a standards-complaint capability such as Chrome Frame?
The other point of note is that Chrome Frame is open source. When one adds it as a plugin, one can see exactly what it does. It is auditable. It can be verified that it introduces no functions that are not in the interests of the owner of the client machine. Any flaws can readily be fixed by anyone (even if Google are somehow reluctant to fix one). None of these latter points are true for ActiveX or Silverlight.
Edited 2009-09-24 23:44 UTC
I’m not making any excuses for Microsoft but this sounds like a typical ‘cover-your-ass’ (CYA in my line of work) move. If Microsoft did not discourage the use of this google plugin then any security vulnerabilities that may come up due to the use of the plugin would fall back on them.
I think it was more of a move to tell users that they are using the google plugin at their own risk. So, this is not really a big deal.
Adding this plugin makes you vulnerable both to old standard ie bugs and to chrome bugs if any.
However, he forget to mention the simple solution: Just use chrome!
By that same logic, Silverlight makes IE less secure also…
So,
when will OSnews ask IE users to install this plugin too?
As it keeps improving, Gnash is slowly becoming a viable alternative to Adobe’s flash plugin:
http://www.phoronix.com/scan.php?page=news_item&px=NzU1Ng
http://www.phoronix.com/scan.php?page=news_item&px=NzU1MA
… at least for browser that can use it.
The second link, whereby Gnash might gain “H.264 VA-API GPU Video Acceleration For Flash” would I believe allow Gnash running on an open source OS to play h.264 video via the hardware facilities of the video card.
Since end users who have a compatible video card have already paid money for said card, wouldn’t that mean that said users have paid for any royalties that the card is encumbered with, and hence have a leagl right to use the codecs implemented on the card regardless of what OS they actually run?
As far as I can see, this seems to be a legal way to play h.264 video on Linux systems without any threat of lawsuit for patent infringements.
Now all we need is for the Chrome Frame plugin to offer the same. Perhaps using this method (i.e. incorporating elements of Gnash code into the Chrome Frame plugin, and also including a Theora decoder) embedded into the Chrome Frame plugin, as well as HTML5 sites it can also render Flash sites without requiring an Adobe plugin, so one doesn’t have to have a plugin for one’s plugin.
Edited 2009-09-25 00:36 UTC
Since this Google Chrome Frame plugin apparently works with IE6, and hence can suddenly transform IE6 into a modern, fast, compliant browser, will that mean the end of irritating campaigns as mentioned at this link?
http://www.wisdump.com/web-programming/campaigns-to-kill-the-web-br…
Edited 2009-09-25 00:49 UTC
Google Chrome Frame – ten times faster than IE8.
Getcha banchmarks here.
Get ’em while they are hot.
http://news.techworld.com/networking/3202572/internet-explorer-8-ru…
Opera is the most secure browser by far. It’s fast, stabile, and uses fewer resources. I really don’t GAS about html5 nor silverlight.
The internet will update itself without the lame help from ms, google, or any other entity which strives to control content.
I just switched from using k-meleonccfme.
Edited 2009-09-25 01:41 UTC
Even *less* secure? But… but… that’s like saying Chrome would make a strailer leak!
I voluntary installed Google Chrome Frame and you can actually force the WebKit engine by prefacing the URL with “cf”. Example: cf:http://acid3.acidtests.org/
Acid3 test scores 100%
Cheeky Google 
I am sure MS isn’t happy about this. May be they will block this with Windows Update so Google will have to catch up and re-enable it again if they do so. Pretty much like Apple and Palm.
Hopefully there is a switch in the registry to enable this feature on by default.
Edited 2009-09-25 09:42 UTC
I’m actually quite confused — what IS the definition of a browser nowadays? I used to define it by the HTML engine, but with WebKit that idea is now flawed.. I don’t understand if Google Chrome Frame is Internet Explorer or Chrome pretending to be Internet Explorer; if it’s the latter case then this is more of a marketing (albeit consumer-friendly) move for me..
Google Chrome Frame replaces the crap Trident rendering engine and their 1999 JavaScript engine with WebKit and V8.
Can you tell me if Google Chrome Frame can show this page properly?
http://tinyvid.tv/show/axnpp13n2qej
It works just fine in Firefox 3.5. AFAIK, it should work in Google Chrome Frame.
It doesn’t work in IE at all.
How about this page:
http://tinyvid.tv/show/2tbf9gddalxmh
(or the web app that it describes).
That should work too (but not in IE, of course).
Edited 2009-09-25 14:02 UTC
I think I know what Google is trying to do (and I like it!). Google knows that their Wave will become the next Facebook (in popularity) and it is a win-win situation for them. Users will either install Chrome where Google will get greater market share OR install Chrome Frame where Google will get market share anyway!
So Google gets greater market share either way! This is just too funny
Now, imagine all of the IE users in the world utilizing Chrome Frame from their IE browsers (because they want to use Wave). Google’s market share will sky rocket!
Even if it’s not Chrome they choose, say it’s Firefox, then Firefox gets the market share so this move is also good for Firefox! I have a bad feeling, something tells me MS will make an update to block this.
Even funnier though, when they ask the user to install a browser, Opera isn’t listed – well based on the screenshot
Edited 2009-09-25 09:55 UTC
If Microsoft makes a move towards blocking this, I guess the EU competition commissioner will be informed by google right away.
And the EU competition commissioner are not really known for handing out uselessly small fees.
If Microsoft makes an attempt to block this, they will get issued a fine none of us has seen before, I am quite sure about that. The EU commissioner will say: “Fining them obviously did not change their behavior, when they repeat their actions, we need to make sure the message sinks in this time around”
The only positive news from this is that we know that Microsoft is still up to its old Anti-Trust tricks.
Hello Intel Moblin!
Guys can we stop thinking “geeky†for one moment, yes IE is less secure and Google has improved their Javascript engine yada yada. But this doesn’t matter in the business world, if you are the CEO of a multi-billion dollar corporation you don’t want the competition providing replacement and/or corrective functionality for your software stack regardless of what it does, this is not the FOSS world. In the proprietary world it would be seen as weak to formally accept any patches from the competition and would definitely hurt your business. Shareholders and board members would not accept this, thus your business shouldn’t either.
i wonder if anyone imagined that this kind of scenario wouldnt have happened if there were tight controls on windows as they are on things like the iPhone, imagine if there were a MS Windows App Store, they could simply drop out the google chrome plugin just saying that it replace “core features” of their product.
Isnt this kind of frightening?