Google's recent release of Google Chrome Frame wasn't entirely expected, though that's not to say it wasn't welcome. Some people questioned the usefulness of it, whilst others were overjoyed. Regardless of public opinion, it was to be expected that Microsoft wouldn't be entirely pleased about the whole idea, and they've just given their official thoughts on the software, according to the lads at Ars Technica.To give you a quick overview of Google Chrome Frame, the aim is for it to give Internet Explorer the rendering and javascript engines of the Chrome browser, which is of benefit to web developers and obviously users also. However, with great power comes great responsibility, and in this case, Microsoft believes that the security of its web browser has been compromised. In an email to Ars Technica, Microsoft stated, "With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers. Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."
In short, Microsoft believes that the Chrome Frame doubles the risk to a user when browsing the Internet. This is, quite simply, a bit ridiculous. Ars Technica said, "Somehow we doubt there is a significant amount of malware specifically targeting Chrome, and for whatever exists, we're pretty sure most would fail when encountering IE + Google Chrome Frame. These Web attacks would be written to be able to circumvent Chrome's security measures and would simply not expect Internet Explorer's security layers," which makes sense. To add to that, Google is constantly updating its browser with security updates and other features, to ensure that it stays secure for those who use it.
There are many reasons as to why Chrome Frame isn't as big of a security risk as Microsoft makes it out to be, though no software is perfect. It will be interesting to see if Google has anything further to say on the matter, but they'll probably keep quiet from this point on.
Experience developing for IE > examples; sites usually use hacks to get around some of IE's standards support.
I do web development, I've had to use hacks to deal with Firefox, Safari, and Opera also, not just IE. I haven't developed for Chrome enough to know about it.
IE is progressing with standards support on the same timeline as every other browser, FF2 in many ways was no better than IE6 in meeting standards, Mozilla was just really loud about the ways they were meeting standards and IE wasn't. Which was a good move as a challenge to IE to improve its standards, but it was kind of misleading. FF3, released around the same time as IE8, is the first version thats good on standards.
And I'm not sure what the big deal about HTML5 is, I'd rather have CSS3 implemented first.
Last edited by brianshapiro on 25 Sep 2009 - 21:17
I also have to use hacks for FF etc so how is IE the only bad giy?
It's not, yet many people think that it's only IE that uses hacks. All this hack business started with silly Netscape and it's stupid quirks mode. So thank them for this mess.
If anything, rendering wise, all this chrome frame does is shows that IE8's only real weakpoint performance wise is in javascript. Since in the end, the way I read it, chrome frame uses chromes javascript engine basically.
and 90% of people are dumb. So what? How does bad sites prove anything?
HTML5? Not till 2023. Until then everything is non-standard.
HTML? Why do you have to use !non-standard! <element> tag for flash movies for Firefox, Chrome and Safary?
CSS?
-moz-inline-box, -webkit-border-radius, -moz-border-radius, -moz-box-shadow, -moz-selection, e.originalTarget, getBoxObjectFor(), getBoundingClientRect() etc etc etc. Doesn't that ring your "non-standard proprietary extensions" bell?
XML? Firefox is the only browser taht has faulty non-standard implementation of XSL transforms.
And I'm seeing more and more titles like "Firefox CSS Magic: Consider this post an evolving receptacle for Firefox-specific CSS tricks."
Last edited by RealFduch on 25 Sep 2009 - 22:25
HTML5? Not till 2023. Everything until then is non-standard extensions.
HTML? Why do you have to use !non-standard! tag for flash movies for Firefox, Chrome and Safary?
CSS?
-webkit-border-radius, -moz-border-radius, -o-border-radius etc etc etc. Doesn't that ring your "non-standard proprietary extensions" bell?
XML? Firefox is the only browser taht has faulty non-standard implementation of XSL transforms.
+1
You said it man.
I beg to differ
HTML5? Not till 2023. Until then everything is non-standard.
HTML? Why do you have to use !non-standard! <element> tag for flash movies for Firefox, Chrome and Safary?
CSS?
-moz-inline-box, -webkit-border-radius, -moz-border-radius, -moz-box-shadow, -moz-selection, e.originalTarget, getBoxObjectFor(), getBoundingClientRect() etc etc etc. Doesn't that ring your "non-standard proprietary extensions" bell?
XML? Firefox is the only browser taht has faulty non-standard implementation of XSL transforms.
And I'm seeing more and more titles like "Firefox CSS Magic: Consider this post an evolving receptacle for Firefox-specific CSS tricks."
In all fairness, the CSS hacks that Firefox implements extend the CSS 2.1 specification, the hacks the developers use for IE are to bring it into line with the CSS 2.1 specification. This doesn't apply to IE8 obviously, but then, neither does the Chrome plugin aside from the script engine.
Microsoft has been working to increase standards compliance with IE 7 and 8, and 8 supports standards fairly well. I agree that standards support is necessary, but they are making strides in this direction.
May main problem with it now, though, is it's JavaScript engine. It's extremely slow (compared to FF, and certainly compared to Chrome or Safari) and sometimes finicky. I feel sorry for anyone that has to suffer through how awful and slow IE is...
For the last time, IE8 is compliant with CURRENTLY RATIFIED web standards. HTML5 and CSS3 are NOT ratified standards yet.
FFS
Did you miss the word "Recommendation" on each of those documents you linked to? Both directly underneath the title of the document and in the vertical-text image on the upper left?
Here's an idea for Google. Quit making everything you touch phone home like a lost step child!!
Here's another too. Quit making things, period!!
Well I tell you what then, take these recommendations and ignore them, and then see how well you do as a web developer. A recommendation doesn't need to be labelled as a standard to be a standard, all it needs is mass adoption.
If we're just going to go with what is used the most, then by default, all the funky stuff IE does that people hate, since they're used more, are standards automatically.
Yet that's hardly the case, in my opinion a "standard" can't be a standard if each browser treats it differently. Which means you have to use hacks, be it for older things with IE, or even newer ones for the other browsers. Whenever a hack is needed period, that "standard" (HTML5/CSS3) isn't standard since you have to do different things to get it to work.
I hope this makes sense to people.
If we're just going to go with what is used the most, then by default, all the funky stuff IE does that people hate, since they're used more, are standards automatically.
Yet that's hardly the case, in my opinion a "standard" can't be a standard if each browser treats it differently. Which means you have to use hacks, be it for older things with IE, or even newer ones for the other browsers. Whenever a hack is needed period, that "standard" (HTML5/CSS3) isn't standard since you have to do different things to get it to work.
I hope this makes sense to people.
Just because it's a component of the worlds most broken operating system doesn't make it widely used, or a standard, at all. Its not even a recommendation. ActiveX is a part of IE, yes, but it's not widely used, not even slightly, its also proprietary technology, which by definition excludes it from being a standard.
HTML, CSS and so forth are written recommendation which the majority of decent web developers use to make their websites accessible to everyone, and that is what makes them industry standards.
If a hack is required to make a PDF work on a different PDF reader, that doesn't make the PDF standard any less of a standard, it just makes the developers of the reader incompetent. The same applies to Internet Explorer and CSS. CSS is still the standard method of styling web pages, the hacks are required due to the [former] incompetence of the Internet Explorer designers.
Well... for example, take the Acid 3 test with IE8... it pathetically fails
Yeah. And take for exaple that recent XSS vulnerability in all Ruby on Rails sites (twitter for example)... IE8 (unlike Chrome) failed to be vulnerable too.
And how many websites do you know that use any of the things tested in the acid3 test? Or even the acid 2 test for that matter?
Razorfold, do you understand the concept of standards and "proper" coding? That's what Acid test is about. Now answer your question. How many website use HTML codes?
HTML? Why do you have to use !non-standard! <element> tag for flash movies for Firefox, Chrome and Safary?
...
I think this is my favourite part of this post, mainly for the complete lack of understanding behind it.
(Hint: Firefox, like Safari, Chrome, Opera and even IE, uses the standard <object> tag)
That's the biggest load of BS I've ever heard.
Ever heard of something called the ACID test?
HTML? Why do you have to use !non-standard! <element> tag for flash movies for Firefox, Chrome and Safary?
...
I think this is my favourite part of this post, mainly for the complete lack of understanding behind it.
(Hint: Firefox, like Safari, Chrome, Opera and even IE, uses the standard <object> tag)
No they use <embed> (not <element>
Well, considering that CSS3 isn't a standard yet, I fail to see yours, or anyone else's reasoning behind it. When all the browsers support CSS 3 and can pass the acid 3 test then the acid 4 test will be out and you'll still be screaming "but IEx doesn't pass the acid 4 test." Truly pathetic.
hahahhha
No sale for your bias here, sorry.
No sale for your bias here, sorry.
No, people don't know any better. Most people think that Microsoft is their operating system, and Word is their browser. When something breaks on a website, they have no idea whether is is the OS, Windows, Paint, the website, the developer, or the Internet which is the problem. They just move on, hope for the best.
No sale for your bias here, sorry.
No, people don't know any better. Most people think that Microsoft is their operating system, and Word is their browser. When something breaks on a website, they have no idea whether is is the OS, Windows, Paint, the website, the developer, or the Internet which is the problem. They just move on, hope for the best.
Exactly. Most people who do know what a browser is and that there is more than
one use firefox (probably). Just because the majority of people use IE doesn't mean anything because that's the browser people have by default.
Security by obscurity? "They wouldn't guess you have Chrome Frame" bla bla bla..
How lame!
P.S. Don't forget the story when Firefox had url parsing vulnerability which could be exploited by starting firefox from IE?
P.P.S. If some people see an ActiveX control that plays video as a security thread, then what is an ActiveX control that communicates with internet, executes scripts and stores local data?
How lame!
Uh, that's not security by obscurity. That concept is about hiding things and hoping no one will find it, such as a password. But this is about creating a VERY TINY FRACTION for malware to target. Do you think they'll care to do that, when they don't even care much for Mac, which has 10% of the market? Of course not!
Anyway, the only hilarious part about all this, is that Microsot is admitting the IE plugin infrastructure is insecure. If an insecure component (according to them) can take over their browser due to their own damn platform's support and blessings, what the hell does that say about Microsoft? Google hasn't violateed any rules here, they haven't hacked IE or anything to get this done. They've written a plugin to the paper, and Microsoft is immediately taking the crybaby stance because it's about a competitor that has TEN TIMES as good performance as IE. Never mind Google Chrome winning the Pwn2Own contest, and their tight security via their sandboxing model.
Go away, troll!
A new version once a year doesn't cut it.
One of the main reasons Google started working on their own browser was because they weren't happy with the speed/progression of the established browsers, and since Chrome has been about both Opera and Firefox have made significant improvements in their javascript engines to be able to compete.
The fact that Microsoft's web browser's rendering and javascript engine can be hijacked from a 3rd party just shows how lousy their security model is. I'm not saying other browsers are immune to this. But if Google can do it, what is stopping anyone else....nothing...
User ignorance is going to be a tough one to overcome i'm afraid...
Just like Firebug "hijacks" web page rendering in Firefox....
User ignorance is going to be a tough one to overcome i'm afraid...
/sarcasm
User ignorance is going to be a tough one to overcome i'm afraid...
I am with you on this.
LOL, so you have a problem with innovation that leads to IE gaining 10x as good performance and HTML 5 support? No demand for it? What about all the next generation web services being held captive by IE 6/7/8 and their lack for HTML 5 support? I can tell you haven't read the IEBlog comment section lately. There are complaints from web developers for almost each of their posts there, having to remind them about cross-browser interoperability through better standards support. It's sometimes as if they're living in their corporate bubble.
Google is going to use this to push Google Wave, and it'll sure make life easier for a number of developers. This is far more useful to many than a Flash plugin, or PDF integration.
You were already told about HTML5 and Chrome non-standard behaviors. Now go away and stop spreading your lies.
How do you know there is no demand for it? It is not up to you, or Microsoft, or Micorsoft lackeys to say what is or is not in demand. What do you care, don't use it. You should be happy, a different company has gone out of there way to make one of Microsofts products useable. A lot of people are stuck on ie6, now they can keep using it, and get the benefits of a modern browser.
What lies? Google already has near release versions of Wave being used by beta tester. This service runs perfectly in every browser but IE. Google is also trying to increase the 'desktop-like' qualities of their web apps with local caching and drag and drop operations.
Those aren't lies, they're facts.
I think every IE user I know at work has at least 1 or 2 pointless toolbars running. I feel sorry for them.
What's more a secure threat, an addon that shows video files or an addon that communicates with internet, executes scripts and stores local data, etc?
I think every IE user I know at work has at least 1 or 2 pointless toolbars running. I feel sorry for them.
Ummmm....plugins for ANY browser do that, though
Because it's about Google, a competitor.
I think every IE user I know at work has at least 1 or 2 pointless toolbars running. I feel sorry for them.
Ummmm....plugins for ANY browser do that, though
That wasn't his point. The point was that "why are they complaining now".
I think every IE user I know at work has at least 1 or 2 pointless toolbars running. I feel sorry for them.
Ummmm....plugins for ANY browser do that, though
That wasn't his point. The point was that "why are they complaining now".
Isn't it obvious? Because Chrome Frame poses much more threat some Google Toolbar. For example it makes you vulnerable to RoR XSS attacks on lots of sites (like twitter).
No it doesn't, since it's already fixed.
His point was that with Google Frame installed, you are now vulnerable to exploits that could affect Chrome but not stand-alone IE.
2nd - Users of IE 6 (which i assume is at the heart of why this came up) use the rendering engine in IE because specific websites like intranets and software with tie-ins to browser presentations (in business thats called time keeping software, payroll software, human resources staff software, accounting software) are designed directly for the use and configuration of the IE engine in 6. If these people could use Chrome or FF and have these software packages render properly then IE 6 could actually be allowed to rest in peace. However, (and most "website" developers who cry boo-hoo over "standards" dont tell you) is that it will cost billions world wide to change and update this software, the majority of which has no direct relationship or use of the "internet" as all the people here that keep complaining about IE6 and there web standards would let you believe. It will cost billions and years of commitment to get these old software choices to change, So much of that business architecture was developed when there was no idea that a "cloud" would ever exist and no one saw the internet as more than what existed in the mid 90's. If Microsoft suddenly said IE6 RIP and we will send an update to kill it, you would have major world wide companies and even some governments who will crash and be dead in the water without IE6 and its "non-standards". To those who say will "why dont they just all get new software and every company and corporation needs to keep up to date with the pc i just got at home, if i can do it why cant they" all I say to you is The world is bigger than if your layourt looks right on facebook or if you can properly add a video to your youtube page.
Finally - Here is an idea, instead of everyone whining about IE6 and its non-standards why dont companies make their browsers like FF, Chrome, Opera, Safari, with an add-on so that your new browser can manage to dumb itself down to the IE6 engine as needed specifically for intranets and other needs like that. If you can do that, then maybe then I would believe that IE6 will go away, until then deal with it!
Last edited by TechGuyPA on 25 Sep 2009 - 23:11
What the world needs is the web equivalent of the millenium bug drive. Get all the web developers to upgrade IE6 applications to standards compliant applications, and then let the whole world move on. Unfortunately such a scenario would cost far too much than to simply keep IE6 forever.
FYI, when installed all pages will be rendered with IE's default rendering engine unless the page specifies it wants to use Chrome Frame at which point the rendering engine will be swapped on the fly for that page and that page only.
Though I really can't for the life of me understand who would really have a need for this. It seems like a waste to me...
Now we have what's called a "non-issue".
even on sites that don't have the chrome frame meta tag....
i'm sure those people who're stuck with IE6 in their offices aren't allowed to use google wave too... so this add-on is kind of useless....
my company's firewall basically blocks everything that doesn't originate from a fixed set of IPs, no interwebz, no facebooks, no msn.... IE6 is used just for intranet stuff.
however the isolated "internet stations" located at lobbies do install the latest stuff, Opera, FF, IE8, Chrome etc. Strangely there're few users, even during lunchtime or breaks...
And who knows if ChromeFrame respects security settings such as disabling script or plugins for certain zones. In general it seems like a solution looking for a problem; if you want to use Chrome, just use Chrome, rather than trying to create a frankenstein hybrid of Chrome and IE.
People must choose Chrome or IE (in this case) but I don't like that mess that Google is creating with Chrome Frame.
That is probably the reaction Google is expecting to result from "Frame".
I'm actually really good at making my websites completely perfect across the browsers, it's easy to cleanly get around IE6's niggles!
Microsoft might sound protective about their IE 8 because they have the right to be. They have been sued for being a monopoly then they are bitched at after they open up and other companies crap blames MS for being the problem. So the world will never be happy with ONE PRODUCT that does it all very well because that product doesn't exist. If it did it would be broken down into other parts because it would look like a MONOPOLY!
You now have freedom of choice more than ever yet we still go back to MS to blame. If you don't like it - don't use it. Why argue over it. IE 6 will still be around when you come back and read about it a year from now. So get used to it.
As if MS doesn't do that. When are you people going to learn?
Lol
In its default configuration, Microsoft has control over IE. If a security issue pops up, Microsoft patches it.
If you're using Google's plugin, and there's a security issue, Microsoft can't patch it, and, if exploited, Microsoft will probably be blamed for it.
That being said, the browser this plugin is mostly targeted toward (IE6) is primarily used in enterprises. Enterprises normally use IE6 because they need IE6's rendering engine.
This plugin will be a very niche product.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.