Google Chrome extension detects dangerous websites Google has released an extension for its Chrome browser that helps developers and security testers identify websites that execute unsafe code on end user computers. The release of DOM Snitch, as the experimental extension is known, comes five weeks after application security provider Mind Security published a Firefox extension …
Or does this new DOM extension have access to Chrome's built-in pre-fetching technology so that you don't have to click after it should already know its a bad site?
Chrome ... the browser of contradictions, what a mess!
Thankfully, I'll never use it or recommend its use. But it is noteworthy as a catalog/mish-mash ...
"Google stresses that there are no guarantees that DOM Snitch will work flawlessly for all web applications."
So if this application falsely flags a company's sites as insecure when they aren't (as verified by their own penetration testers) and thus wrongfully gives visitors a bad impression, Google may be sued for libel? I'll be interested to see how long this lasts.
While anybody can sue anybody for anything, they are probably pretty safe. The plug-in isn't installed or enabled by default, and theoretically the only people using it are those with technical knowledge who know the repercussions of using it - and who agree to the hold-harmless agreement when they install it.
It's much LESS a case of libel then the false positives from an antivirus vendors for websites and applications that aren't malicious. Vendors like AVG are notorious for flagging simple javascript such as that which obscures email addresses from spammers scraping for addresses as viruses, and don't respond to those who report it.
between this avoid all responsibility for the quality of this software statement and the EULA on most if not all other software is what exactly?
The results returned if in error would just be declared a false positive, I am not aware of any AV companies being sued for bricking an OS. Or MS being sued for selling product that is so flawed that it lends itself to being owned by unauthorised third parties.
It is a get out of jail free card and whilst I accept securing and ensuring the reliability of complex software systems is difficult, I would much more prefer a statement along the lines of "There is no guarantee that this software is fit for purpose" in an EULA rather than the weasel words that are usually employed.
"and thus wrongfully gives visitors a bad impression, Google may be sued for libel? I'll be interested to see how long this lasts."
The internet security/virus companies have been doing this for years and they don't seem to have managed to get themselves sued yet!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
