Feeds

Microsoft howls as Google turns IE into Chrome

Internet Explorer dams Google Wave

Top three mobile application threats

Updated Google is offering a new Internet Explorer plug-in that turns Microsoft's browser into a Google browser. And in predictable fashion, Microsoft is peeved.

As it prepares to grant widespread access to the preview version of Google Wave - its new-age communications platform - Google has fashioned an IE plug-in that equips Microsoft's future-challenged browser with the rendering and JavaScript engines at the heart of Google Chrome. Among other things, this introduces IE to the world of HTML5, the next generation hypertext markup language that Microsoft is, shall we say, rather slow to adopt.

That, in turn, will allow Internet Explorer to properly run Google Wave, which leans heavily on the still-gestating HTML5 standard and requires pretty hefty JavaScript and DOM (Document Object Model) performance. "Unfortunately, Internet Explorer, still used by the majority of the Web's users, has not kept up with such fairly recent developments in Web technology," reads a blog post from Wave founding father Lars Rasmussen and technical lead Adam Schuck.

"In the past, the Google Wave team has spent countless hours solely on improving the experience of running Google Wave in Internet Explorer. We could continue in this fashion, but using Google Chrome Frame instead lets us invest all that engineering time in more features for all our users, without leaving Internet Explorer users behind."

And by adding a new tag, other developers can run their web applications on Google's new turn-IE-into-Chrome plug-in.

Of course, Microsoft wants Internet Explorer to remain Internet Explorer - despite/because of its poor JavaScript performance and HTML5 lag. "With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers," reads a canned statement from the company.

"Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."

Microsoft may have a point that running a browser inside a browser expands the attack surface area. But it's a small one. "It sounds like the Microsoft spokesperson is suggesting that because plug-ins have a history of insecurity (as all software does), then Google Chrome Frame must also have the same problems," says Jeremiah Grossman, a web-application security expert and the CTO of WhiteHat Security.

"If so, that is a very shallow critique. Malware that targets Chrome is essentially unheard of due to an insignificant market share as compared to Internet Explorer, which is routinely targeted."

What's more, Microsoft has a certain interest in keeping Google Wave at bay. And that "friends and family" bit is priceless. And it's a tad ironic that Redmond is complaining about plug-ins as it clings to Silverlight while the rest of the major browser vendors push ahead with HTML5.

To be fair, Microsoft has finally joined the HTML5 discussion. And even Google admits that Redmond has restrictions that other browser makers don't have.

"I think Microsoft has a lot of constraints, as the vendor with the browser that has the largest share," Google engineering head Vic Gundtra said at the company's developer conference this spring. "They have to worry about issues that some of us don't have to. They have a huge enterprise usage, and enterprises have specialized requirements. Updating these browsers could break enterprise apps."

But in this case, Microsoft's FUD is chock-full of even more nonsense than the FUD it spewed over the Google plug-in that turned Microsoft Outlook into Gmail.

On another level, all this underscores why Google felt the need to build its own browser - and its own browser-based operating system. Under development for more than two years, Google Wave is a browser app designed to reinvent online communication, crossbreeding email with IM and document sharing. But it can't run on the world's most popular browser. Google is intent on replacing Windows, Office, and Outlook, but first, it must replace IE.

Next week, if you try to log-in to Google Wave with Internet Explorer 6, 7, or 8, you'll get a message that suggests you install Google Chrome Frame - or make the switch to Firefox, Safari, or (the real) Chrome. But there will be a small note at the bottom that says "If you want to continue at your own peril, go ahead."

So, it's a choice between your own peril and the safety of your friends and family. Or you can just ditch IE and switch to a better browser. If you're reading these words, chances are you've already made the switch. But you have to wonder how many will follow. And how quickly. ®

Update

After a request from The Reg, Google has responded to Microsoft's comments on its new plug-in. "Google Chrome Frame is an open source plug-in that is currently in an early developer release and was designed with security in mind from the beginning," says a Google spokesman."While we encourage users to use a more modern and standards compliant browser such as Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who don't, Google Chrome Frame is designed to provide better performance, strong security features, and more choice to both developers and users, across all versions of Internet Explorer.

"Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users, providing strong phishing and malware protection (absent in IE6), robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months. We invite all parties with thoughts about Google Chrome Frame to explore our code and provide feedback about this technology with the open source community."

Seven Steps to Software Security

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.