Google’s new browser has been upgraded with a hardy coat of security armor to protect it for the tough fight ahead as it comes out of beta.’ -
The browser market is, according to some analysts, saturated. Firefox is making slow gains and leader Microsoft’s Internet Explorer has waned slightly, but the pair holds the vast majority of the market. Opera also holds a small market share, continuing to eke out gains, as does Apple’s Safari browser, buoyed by the increased in MacBook and iPhone shipments.
Coming into this market, Google faced a tough battle with its first browser offering, Chrome. And while many lauded Google for trying new things with the browser, others criticized it for crashes and lack of certain features found in Firefox. While Chrome was expected to “kill” smaller browsers like Opera, while stealing market share from the big guys like Microsoft, the opposite actually happened—Chrome slid from its initial market share, while Opera climbed.
Now at last Google’s Chrome browser is out of beta and is a full-fledged product. However, for a giant used to dominating every field it tries its hand in, the prospect of lack of adoption is a strange one for Google.
In order to try to prevent such an outcome, Google has outfitted the final version of its browser with arguably the toughest security foundation found on the market today.
Firefox and Microsoft’s internet explorer, as well as Safari and Opera, invest vast resources in making browsing a secure experience. However, on a base level these browsers give the browser and its scripts some level of access to the user’s computer, putting its file system and hardware at risk.
Google’s Chrome takes a different approach, giving each tab and the javascripts in it, its own “sandbox”. By “sandboxing” Google makes sure that scripts and plug-ins are cut off from your computer, essentially negating many common attacks that foil other browsers.
Ian Fette, security product manager for Google describes, “I think Google was very proactive in terms of what we’ve been doing around trying to help prevent users from being infected with malware. On the Web browser, we’re trying to do everything we can to make sure that users are not becoming affected with malware, and a big part of that is the sandboxing technology.”
The mechanism is a second layer of defense, he says, that will prevent the system from harm even if the browser is hijacked. He states, “It’s designed to prevent malware from getting installed on the system, from being able to start again when you close the browser and restart the computer; it’s designed to help prevent malware from being able to read files on your file system … it’s really a defense-in-depth mechanism.”
While ambitious, the armor does have some admitted Achilles’ heels. First, it depends on Windows APIs for its sandbox approach, so if these could be circumvented, access to the system-at-large might be obtained. Some legacy systems – which use file systems like FAT32 that do not have security descriptors – will not be able to receive the same level of protection from the system. Other potential gaps are also noted.
Google’s Chrome has also been outfitted with other security perks like an Incognito mode, essentially the same as Microsoft’s InPrivate mode, nicknamed the “porn mode”, featured on Microsoft’s upcoming Internet Explorer 8. The mode, while not fail-safe, makes it so far less cookies and other information is allowed to be stored on your computer.
Google’s SafeBrowsing API is used to blacklist known malicious sites.
Mr. Fette feels Google has the edge when it comes to security. He states, “I think the biggest advantage that we have is that Chrome is the first browser built from scratch after bad guys started exploiting other browsers. We’ve had the luxury of looking at the security problems other browser vendors have had, and designing around those from the very beginning.”
While Google Chrome may indeed be more secure, the real question is – will customers bite?
The browser market is, according to some analysts, saturated. Firefox is making slow gains and leader Microsoft’s Internet Explorer has waned slightly, but the pair holds the vast majority of the market. Opera also holds a small market share, continuing to eke out gains, as does Apple’s Safari browser, buoyed by the increased in MacBook and iPhone shipments.
Coming into this market, Google faced a tough battle with its first browser offering, Chrome. And while many lauded Google for trying new things with the browser, others criticized it for crashes and lack of certain features found in Firefox. While Chrome was expected to “kill” smaller browsers like Opera, while stealing market share from the big guys like Microsoft, the opposite actually happened—Chrome slid from its initial market share, while Opera climbed.
Now at last Google’s Chrome browser is out of beta and is a full-fledged product. However, for a giant used to dominating every field it tries its hand in, the prospect of lack of adoption is a strange one for Google.
In order to try to prevent such an outcome, Google has outfitted the final version of its browser with arguably the toughest security foundation found on the market today.
Firefox and Microsoft’s internet explorer, as well as Safari and Opera, invest vast resources in making browsing a secure experience. However, on a base level these browsers give the browser and its scripts some level of access to the user’s computer, putting its file system and hardware at risk.
Google’s Chrome takes a different approach, giving each tab and the javascripts in it, its own “sandbox”. By “sandboxing” Google makes sure that scripts and plug-ins are cut off from your computer, essentially negating many common attacks that foil other browsers.
Ian Fette, security product manager for Google describes, “I think Google was very proactive in terms of what we’ve been doing around trying to help prevent users from being infected with malware. On the Web browser, we’re trying to do everything we can to make sure that users are not becoming affected with malware, and a big part of that is the sandboxing technology.”
The mechanism is a second layer of defense, he says, that will prevent the system from harm even if the browser is hijacked. He states, “It’s designed to prevent malware from getting installed on the system, from being able to start again when you close the browser and restart the computer; it’s designed to help prevent malware from being able to read files on your file system … it’s really a defense-in-depth mechanism.”
While ambitious, the armor does have some admitted Achilles’ heels. First, it depends on Windows APIs for its sandbox approach, so if these could be circumvented, access to the system-at-large might be obtained. Some legacy systems – which use file systems like FAT32 that do not have security descriptors – will not be able to receive the same level of protection from the system. Other potential gaps are also noted.
Google’s Chrome has also been outfitted with other security perks like an Incognito mode, essentially the same as Microsoft’s InPrivate mode, nicknamed the “porn mode”, featured on Microsoft’s upcoming Internet Explorer 8. The mode, while not fail-safe, makes it so far less cookies and other information is allowed to be stored on your computer.
Google’s SafeBrowsing API is used to blacklist known malicious sites.
Mr. Fette feels Google has the edge when it comes to security. He states, “I think the biggest advantage that we have is that Chrome is the first browser built from scratch after bad guys started exploiting other browsers. We’ve had the luxury of looking at the security problems other browser vendors have had, and designing around those from the very beginning.”
While Google Chrome may indeed be more secure, the real question is – will customers bite?
No comments:
Post a Comment