Feeds

Mozilla sides with Microsoft against Google IE

A web less knowable

Security for virtualized datacentres

Mozilla has joined Microsoft in questioning the logic of a new Google plug-in that turns Internet Explorer into Google Chrome. But unlike Redmond, the open source outfit actually presents a well-reasoned argument.

Last week, Google released a plug-in that equips Internet Explorer with the rendering and JavaScript engines at the heart of its very own Chrome browser. Known as Google Chrome Frame, the plug-in significantly boosts JavaScript speeds, while introducing Microsoft's market-dominating browser to HTML5, a still-gestating update to the web's hypertext markup language.

In a Monday night blog post, Mozilla vice president of engineering Mike Shaver said that, like Google, he longs for a world where IE runs more like Chrome, Safari, Firefox, and Opera. But he's adamant that Chrome Frame isn't the way to get there.

"Running Chrome Frame within IE makes many of the browser application’s features non-functional, or less effective," he says. "These include private browsing mode or their other security controls, features like accelerators or add-ons that operate on the content area, or even accessibility support."

Shaver's view was buttressed by a second post from Mozilla chief Mitchell Baker, who sees Google's plug-in splintering the web rather than pulling it together. "The overall effects of Chrome Frame are undesirable," she writes. "I predict positive results will not be enduring and - to the extent it is adopted - Chrome Frame will end in growing fragmentation and loss of control for most of us, including web developers."

Though Microsoft has finally joined the HTML5 effort in earnest, IE has yet to adopt the proposed standard. And that's a problem for Google as it prepares to expand access to the preview version of Google Wave, a new-age communications platform that leans so heavily on HTML5.

When Internet Explorer users visit the new Google Wave preview release - due out Wednesday - Google will suggest they either install the new Chrome Frame plug-in or switch to another browser. What's more, Mountain View has encouraged other developers to rejigger their web applications so that they too will run inside Chrome Frame.

Predictably, Microsoft released a statement badmouthing the plug-in, but it was short on particulars - and long on FUD. "Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take," it said.

Mozilla's Mike Shaver avoids the scare tactics, arguing that Chrome Frame will not only sidestep security tools built into Internet Explorer, but also muddle the way users think about security. "As a side-effect, the user’s understanding of the web’s security model and the behaviour of their browser is seriously hindered by delegating the choice of software to the developers of individual sites they visit," he says.

"It is a problem that we have seen repeatedly with other stack-plugins like Flash, Silverlight and Java, and not one that I think we need to see replayed again under the banner of HTML5."

Mitchell Baker sees such confusion spreading even further. "If you end up at a website that makes use of the Chrome Frame, the treatment of your passwords, security settings, personalization all the other things one sets in a browser is suddenly unknown," she says. "Will sites you tag or bookmark while browsing with one rendering engine show up in the other? Because the various parts of the browser are no longer connected, actions that have one result in the browser you think you’re using won’t have the same result in the Chrome browser-within-a-browser."

Then she envisions a world where others follow the Google lead. "Imagine having the Google browser-within-a-browser for some sites, the Facebook browser-within-a-browser for Facebook Connect sites, the Apple variant for iTunes, the mobile-carrier variant for your mobile sites - all injected into a single piece of software the user thinks of as his or her 'browser,'" she continues.

"The result is a sort of browser-soup, where a given user action serves up some sort of response, but it’s not clear what the result will be... This makes the web less knowable, less understandable, and certainly less manageable."

Google has yet to respond to our requests for comment on the Mozilla posts. But in an earlier note to The Reg, it at least defended the security of the plug-in itself. "Accessing sites using Google Chrome Frame brings Google Chrome's security features to Internet Explorer users, providing strong phishing and malware protection (absent in IE6), robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months," a company spokesman says.

But for Mozilla, this isn't about the plug-in's security. It's about the plug-in itself. Turning a Microsoft browser into a Google browser, Mozilla argues, is inherently a bad idea.

But it may be a stretch to say that the open source outfit has sided with Redmond. "It would be better for the web if developers who want to use the Chrome Frame snippet simply told users that their site worked better in Chrome, and instructed them on how to install it," Shaver says. "The user would be educated about the benefits of an alternate browser, would understand better the choice they were making, and the kudos for Chrome’s performance would accrue to Google rather than to Microsoft." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.