Google bypasses admin controls with latest Chrome IE Google has released a new version of Chrome Frame – the Internet Explorer plug-in that turns Microsoft's browser into a Google browser – letting users install the plug-in even when they don't have administrator privileges on their machines. The new version runs a "helper process" when IE starts up that can then load the Chrome …
But surely that's how things should be done, isn't it? By installing something without needing admin rights, doesn't that mean it will only be able to run with user-level privilege? And isn't that exactly what people have moaned about Microsoft for, creating an environment in which normal apps run with admin privilege by default?
I struggle to see what the risk is here, and I don't mean vague "it's a plug-in therefore it is risky" type statements.
Well, the first issue I've got with it is that Google Chrome Frame is WebGL enabled. Bad enough that to disable webgl in Chrome proper you have to change the launch target and add a command line switch (because Christ forbid it be something you can configure in a conf file somewhere, or in the normal settings interface). But if IE doesn't do WebGL because Microsoft think it's a bad idea for security reasons and then Google release a way that users without admin rights can have a webGL capable browser *anyway*....well, that's pretty bad.
Of course, I'm one of the people who thinks that letting webservers send content directly to my graphics card is very obviously a really shit idea. Someone who eg develops content to exploit this function and therefore sees this as a way to get a greater target audience might differ.
"If you don't want users using our piece-of-crap Chrome Frame just stop it using our piece-of-crap admin tools."
Or to compare it to something less techy...
"We make an automatic lock pick that can break into any car. If you don't want your car broken into just use the new anti-pick lock we also make."
Google should not be providing both the problem and the solution in two seperate packages. Of course if as someone mentioned earlier it's as easy as blocking google.com/chromeframe, assuming Google doesn't come up with a way around that like having multiple ChromeFrame URLs it can choose from, then that's a good solution. Google still should respect policies enacted on the system though.
If software starts installing ChromeFrame like it does the Google Toolbar I'll be really mad.
....is something else! I wonder how long it is until someone gets fired for running this plug in? I can think of a couple of places I have worked that would terminate anyone using this, due to the potential for security issues.
Heres a clue Google.. companies lock down systems to prevent the ill informed toying with it. Circumventing that in any way is just ummm oh yes... "evil". To then justify it by sayng "Just install out admin tools" is a further step across the line of towering arrogance. Heres a clue.. we DON'T want your plug in... and DON'T see why we should install your admin crud to prevent you subverting the permissions built into our O/S with your malware.
Many places DONT want anything Goggle on their machines.. get the message... you are NOT the be all of everything.
Time for a further tightening of the security screws here I think... with credit given to Google.
You purchased IE without any decision on your part.
Yes, it may be a bit arrogant of Google. But, Microsoft forced you to purchase IE illegally. Commingled the code illegally. And prevents you from ever removing it.
If you think you are in control of your own machine, you are an idiot.
"But, Microsoft forced you to purchase Internet Explorer illegally." How so? Would the value of Windows decrease if Internet Explorer was removed? (Answer: No. Both the N and K editions of Windows ship for the same price as 'regular' Windows.) Internet Explorer, by the way, is on a very basic level a front end to Trident; Microsoft's HTML renderer, which is used and required by other areas of the OS and other software, much like WebKit is used in Mac OS and KHTML was (is?) used in KDE. Contrary to your trite assertions, Microsoft do not hold a gun to your head and demand that you use Internet Explorer or buy it. Ever. You can, certainly in Windows 7, remove the front end to Internet Explorer if you wish, but the rendering engine (amongst other components) remains available to and as part of the OS and software that runs on it. This isn't illegal. So, pretty please, with a cherry, change the fuckin' record.
You can tell they're an American company. They do whatever they want, even when they know its wrong or illegal and then just wait for the small fine/slap on the wrist.
The penalties given to Google are nothing compared to their earnings so they openly ignore rules and laws.
And now they're trying to set a new standard. Just like before. Oh no, we're not breaking copyright laws because we're giving you a way to block us (robots.txt). And now, oh but you can stop us by doing xyz.
How about I start robbing peoples homes and then my excuse can be - "But if you put a sign by your doorbell that says 'thieves/404', I wont rob you'. Works for Google, should work for me, right?
Here's a little history lesson; a long time ago, on a PC far, far away (ok roughly around the turn of the millennium on PCs everywhere), two companies, one known as Microsoft and another Netscape were building web browsers (so were Opera, but they were charging for it so nobody used it, amongst others).
MS owned the OS space with Windows, munged IE into Windows and killed off the competition, giving themselves a 95% market share in the browser space - irrespective that this was an illegal, anti-competitive practice, that's what happened.
Once they'd got the browser market wrapped up, Microsoft were effectively the defacto owners of the standards - so many, many monkeys in web-code land coded to the MS "standard" - and MS saw that it was good and decided to stop there; IE6 would be the LAST web browser ever, the HTML/CSS/JS standard was set in stone forever.
Now those many, many web monkeys made many, many websites and intranet applications all in-line with the MS standard... then from the ashes of Netscape arose Firefox. Firefox (and virtually every other browser) supported the W3C standard NOT the MS "standard" so as Firefox gained traction, by default, the percentage of people browsing the web using the W3C standard increased - the glaring errors in IE6 (such as the box model) became more apparent in poorly written websites that adhered to the MS way of doing things.
Until today - where the IE6 legacy plagues the business space - old, shonky intranet applications that are no longer supported or developed but still widely used sit on the network, applications that will only work in Internet Explorer (as they were coded for "the last ever web browser", IE6) - so the IT department HAS to mandate the use of IE6 for those applications - just because some lazy arsed web monkeys couldn't be bothered to code to something resembling the (admittedly somewhat irrelevant at the time) W3C standards and implement kludges for IE6.
If they'd done it right in the first place - we'd not have this issue now. It has ALWAYS been possible to code cross-browser/cross-platform, although with a lot of parallel JavaScript code... and had they done that the applications would work in browsers today, even the (much improved) latest version of Internet Explorer, IE9. I know, I've got stuff running where the UI code hasn't been touched in best part of a decade - though I may update it to make use of some of the CSS3 features at some point.
I paid $19.95 for Netscape 2.0 in 1995. Microsoft Internet Explorer 1.0 was a total POS installed on Windows 95 and Netscape was worth every penny. Hehe, remember back when people used ftp? When Microsoft released Internet Explorer 3.0, I was one of the first Midnight Madness downloaders (got the t-shirt to prove it lol) because it was new and free, having something different back then was exciting because you didn't have this smorgasbord of choices.... outside of the Apple Orchard that is. When MS released Windows 98, they integrated IE - side note: Windows 98SE is to Win98 was what Windows 7 is to Vista Business+ (vista home was borderline obscene).
It was then Netscape was forced to give their browser/email suite away to compete, driving them out of business. There is such a thing as karmic justice and old Bill has a lot to answer for. I positively loved Netscape, I still have install .exe's for several versions, and often skin my Firefox with a Netscape-like look. The Netscape shooting-star-N still makes me smile - Cookie Monster's eyes are staring me in the face right now... for the love of God I don't remember why...
Anyway, Remain Calm and Carry On. (I want one of those posters man)... I didn't down-vote you my friend btw, just elicited memories of long ago when the Internet was innocent and you had to ftp your data rather than email to damn thing (stupid humans!!!) 4 boot floppies for loading the cd for Win NT 4.0 (remember the video card trick when you installed a new card?), 13 floppies for Win 95, like 26 for Win98 lmao....
"You can tell they're an American company. They do whatever they want, even when they know its wrong or illegal and then just wait for the small fine/slap on the wrist."
Yeah cause Phorm/BT didn't happen and if it did happen the Met would done a proper investigation and people would of been tossed in Jail.
Arrogance knows no race, creed, gender , nationality, place of origin, political affiliation or region . It just exist, right along it's cousin stupidity and I know better than you do( politicians making Nanny laws cause you are to stupid to protect your self) .
This is just what I need. As if Microsoft's admin tools weren't bad enough, Google are now letting the users install stuff that we don't want them to install and we have to install more Google software in order to stop it.
Doh.
Makes me want to take Google's IP range and ban it in the firewall.
Just who's IT systems are these anyway?
Microsoft forced you to purchase IE. (Did you pay for Chrome?)
Microsoft pevents you from removing IE. (Does Google do that with Chrome?)
Micosoft makes your IT decisions for you. (Does Google do that?)
Sounds like the so called IT managers on here are really Microsoft employees. Hint: You are.
...and another thing, Mettler ... not only did I not pay for Chrime .. but I don't bl**dy even WANT it, whether I pay for it nor not.
--Even though it is free, doesn't mean it is good.--
In fact, I think Chrome is a load of minimalistic crap, and I'm furious with Firefox that they've followed their lead.
While Mettler needs to stop and actually THINK for a moment, (I did not pay for IE on my machine, it did not come with my machine (nor did Safari, yes there really are computers out there without MS Windows or MacOS 10.x licenses)) by the same token you ARE aware that Firefox was "A load of minimalistic crap" off of Mozilla. Believe me, things would me MUCH better if it really where "minimalistic crap" then we wouldnt be arguing about how upset people are they it doesn't properly use memory greater then 2G!
Our decisions are mostly made by the moronic application vendors who are such bad programmers that they cobble everything together in Micro$hite and throw it out the door before it is ready, with a load of patches to follow.
These people who are such pathetic programmers that we are forced to load copies of Office on to servers in order for their programs to work, costing us more licences and, because every bledin' vendor uses different versions of Office libraries (blame who you like on that one) we're actualy forced to have discrete servers for every application. That costs us extra either in servers, or in having to run a virtual server farm.
You can also blame the wankers who supply products with web interfaces that are not standards compliant and will only fucking work with IE.
If I had my way, Micro$oft would be nowhere near our organisation.
Get the idea that I'm hacked off when crap like this comes to the surface? Is it any surprise?
Had a Win7Pro machine flake out yesterday, you know, "it was fine Friday when I left" type of call. Went into safe mode and put a pre-Trendmicro version of HijackThis on it, doing my usual smart bastard 'fsck this, fsck you" removal of registry entries of the usual suspects. This thing looked like Google shiite all over it.... Rinse. Repeat, Reboot. System all better.
Google is really starting to get on my nerves, they have surpassed Symantec with the about of absolute unneeded crap they install.
Why couldn't they have done it the other way round - provide a browser (Chrome) that runs a given list of websites (crappy old intranet sites, list provided by network admin) in something like IE tab, and everything else in Chrome.
Those that want it can install it, those that don't, don't. And it gives people a way out of IE6 while making their old sites still work.
It's simple. They don't know how. Microsoft kept the hooks for IE6 under very tight lock and key. Now, they probably don't even have copies of them anymore. So you're basically stuck with an application no one knows how to debug (because the programmers have moved on/gone out of business) and with no means to upgrade out of since no one else used the proprietary hooks...and since no one nowadays knows what those hooks were in the first place. It's like taking a smartchip card key up to a door only to discover it has a Mortise Lock.
This is Google finding a sneaky back-door way of getting their browser in to places where they couldn't previously get it. Now are they doing that for the greater good of downtrodden users, or so they can squirm their tentacles into ever more nooks and crannies..?
The fact this circumvents corporate lock-down policies, and indeed standard IT good practices, is something I'm sure they are TOTALLY aware of. And they don't give a fuck.
The user is installing Chrome Frame in user-space, with user-level privileges ... which is exactly what is SUPPOSED to happen. Only if you're installing system-wide software do you need admin rights.
Think of it like having a self-contained program which only writes to the user folder, makes no alterations to the system files or registry - effectively just an .exe file with maybe an .ini or .cfg file - any user can simply copy that to their own folder and run it - that's pretty much what a user-level install is.
Microsoft have been providing guidelines to that effect for years (since Win 2000) - just very few people (including their own devs) followed the guidelines until they were enforced with more strength in Window Vista/7 - much as I like giving MS a kicking when it's due I don't think it's really justified in this instance.
> many machines are still on Microsoft's Windows XP operating system, which means they can't be upgraded to Microsoft's latest version of Internet Explorer, IE9, the release that finally brought the browser into the modern world. IE9 won't run on Windows XP.
There's absolutely no technical reason for this, it's just a method to force people to upgrade to Windows sevISTAen ..
"Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."
Personally, I'm no fan of and don't use Internet Explorer, except for testing and the odd bit of debugging in a VM, but I do think Chrome frame is unnecessary. Good web developers have learned to design and develop sites responsively and adaptively, negating the need for this technology. This new version of Chrome Frame seem to add another paper cut to the world of enterprise IT. Surely this is just a sneaky way of getting WebM and WebP onto more machines?
Google Earth installs in much the same way. No admin rights necessary.
Big problem: Google Earth is only free for HOME use. Corporate use requires a bought and paid for license. If IT can't stop the install, how can we insure we are not going to be sued for having illegal copies of software on the computer?
Chrome Frame isn't licensed apparently (yet) so that isn't an issue with it, but it opens the door for other apps that are licensed.
I run SRware Iron and I like it, but Google in and of itself can go blow meat whistles.
""Yay for clever technical hacks that help users circumvent ossified IT bureaucracy," said one commenter"...
The policies are there for a reason people. We already have to do enough spy/ad/malware removal as it is on machines that are locked down.
Remember Smiley Central? Those cute little e-mail add-ins? They put something in IE that actually broke a web site that was provided by an external vendor. Took forever to convince them that they didn't need to load that crapware.
The companies policy states that termination is possible if you are using the computer against those policies. Maybe Google will give them some money if they get fired.
I'm a user, not an IT techie, but I have to say:
1. IT controls (if occasionally infuriating and productivity-draining) are there for a reason--namely to prevent your company ending up on the Reg's latest "XXXX hacked and customer records stolen" article
2. So you can manage the unwanted plug-in with Google's own admin tool? Hey, great!! I often hear our IT people customers talking about how they would experience perfect happiness if only it required one more admin tool to manage their networks!! (/sarcasm off)
3. So Google's way of moving up the enterprise value chain is to use its brand equity with the workaday legions to skirt corporate IT policy? Boy, I bet CIOs and CISOs are thrilled by that kind of "gumption" in a software supplier!! I'm sure the positive C-level customer comments are flowing into Mountain View as we speak!!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
