msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

29 Dec 12 Google to scan Chrome extensions, bans auto-install


Google has taken two steps to prevent its Chrome browser becoming an attack vector for malware that runs as extensions to the browser.

Like many other browsers, Chrome allows users to install “extensions”, apps that add functionality. Google even runs the “Chrome Web Store” to promote extensions.

Security outfit Webroot recently pointed out that some of the extensions in the store are illegitimate, data-sucking privacy invaders that trick users with offers to do things like change the colour of Facebook and then suck out all their data.

Google has responded in two ways, one of which is a new service “To help keep you safe on the web” that will see the company “analyzing every extension that is uploaded to the Web Store and take down those we recognize to be malicious.”

Changes are also coming in the forthcoming version 25 of the browser, which will no longer allow extensions to install without users’ knowledge. That’s currently possible because Chrome, when running on Windows, can is designed to allow unseen installs “to allow users to opt-in to adding a useful extension to Chrome as a part of the installation of another application.”

“Unfortunately,” Google now says in a blog post, “this feature has been widely abused by third parties to silently install extensions into Chrome without proper acknowledgement from users.”

Chrome 25 will therefore remove the auto-install feature, replacing it with a new system that presents the Windows Vista-esque screen below when extensions try to ingratiate themselves with the browser.

A new dialogue box in Chrome 25 will ask users if they want to install extensions

Hi! I’m the ghost of Windows Vista! Would you like to install this extension?

As ever, Google’s blog posts and support notice on the changes position them as responsible enhancements that show, yet again, Google is doing the world a favour.

A more critical analysis could consider the announcements in light of malware found in Google Play and take Google’s decision to more aggressively curate the Chrome Web Store as an admission it needs to devote more attention to this stuff, lest Chrome and other Google products become malware-ridden quagmires that users don’t trust. ®

Article source: http://www.theregister.co.uk/2012/12/23/google_bans_auto_install_chrome_extensions/

Tags: , , ,

11 Jun 12 Flash player 11.3 will support sandboxing in Firefox on Windows



Several changes that Adobe made in Flash 11.3 aim to boost the browser plugin’s security and reduce its susceptibility to attacks. The most significant of those changes is the introduction of sandboxing on the Windows platform.

Due to the frequent discovery of Flash vulnerabilities and the relative ubiquity of the plugin, Flash is one of the most heavily-exploited pieces of software. Adobe and browser vendors have been working to make it harder to exploit by isolating the plugin and working to ensure that users have easier access to the latest version.

Most browsers already implement process isolation for plugins in order to prevent Flash crashes from taking down the whole application. In some browsers, such as Chrome, the plugin is sandboxed on Windows to prevent it from accessing sensitive platform functionality. Adobe has worked with Mozilla to bring that feature to Firefox on Windows.

The sandboxing takes advantage of native security features that Microsoft built into Windows Vista and Windows 7. The Flash plugin will operate in three separate processes, one that interacts with the browser, one that does the bulk of the Flash execution, and one that mediates control of underlying operating system features.

The main Flash process will be run at a “low integrity” level, which will prevent it from writing to the user’s profile, manipulating the registry, or sending messages to higher integrity processes. It will also be encumbered with a number of job restrictions that will further limit its access. In order to reach the filesystem or hardware devices, the sandboxed process will have to go through the OS broker process, which is designed to strictly limit access.

The sandboxing mechanism that will be used for Flash in Firefox is similar to the one that Adobe has already implemented in its Acrobat Reader software. Because the implementation relies on features that are built into Windows Vista and Windows 7, however, the Flash sandboxing will not be supported on Windows XP.

Flash has had sandboxing support in Chrome on Windows Vista and Windows 7 since 2011. Internet Explorer doesn’t quite have full Flash sandboxing yet, but already runs the plugin at a low integrity level. Bringing the sandboxing feature to Firefox is another positive step forward.

In addition to introducing sandboxing, Adobe has also been working on a background update system that will allow the plugin to be updated automatically–without requiring user intervention. Simplifying Flash updates will make it easier for Adobe to protect users from zero-day vulnerabilities.

Adobe first introduced the automatic updater on Windows earlier this year. Now Adobe is bringing it to Apple’s Mac OS X. The updater will use a launch daemon to check for updates every day. When an update is detected, it can automatically install it in the background without disrupting the user’s activities.

Alongside the addition of the background updater, Adobe has also taken the opportunity to add application signing, which allows the Flash plugin to run on systems where Gatekeeper is configured to block unsigned software.

The Flash plugin is supported in a restricted capacity in Windows 8, not available on iOS, being discontinued on Android, and soon to be phased out on the Linux desktop. It’s no longer a viable solution for developers who want to reach every screen. Although Flash is gradually heading towards obsolescence, Flash content will continue to be supported in some capacity while standards-based alternatives are maturing and gaining acceptance. As such, enhancements that help to reduce the security risks posed by the plugin are welcome developments.

Article source: http://arstechnica.com/information-technology/2012/06/flash-player-11-3-will-support-sandboxing-in-firefox-on-windows/

Tags: , , , , ,

07 May 12 Adobe preps silent Flash updates for Macs


Computerworld - Adobe last week released a new beta of Flash Player that includes silent updates for Macs.

Adobe first included silent updates for OS X in the Flash Player beta a month ago; the version shipped Friday was tagged as “Beta 3.”

Adobe introduced silent updates for Flash Player on Windows in late March. At the time, the company committed to creating the same feature on OS X, but did not set a timetable.

As far as users are concerned, the Mac version is identical to the Windows tool: It pings Adobe’s servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later. Found updates, however, are applied entirely in the background, and do not display notices on the screen or require the user to take any action.

By default, Flash 11.3 has silent updates switched on, but users can change the setting to continue to receive on-screen alerts.

In the six weeks since Adobe released silent updates for Flash Player on Windows, it has shipped a pair of updates, including one last Friday that patched a “zero-day” vulnerability attackers were already exploiting.

Silent updates will not affect users who rely solely on Google’s Chrome, as that browser bundles Flash Player, and updates the Adobe software using its own background update service.

Another prominent feature in Flash Player 11.3 is a “sandboxed” plug-in for Mozilla’s Firefox on Windows Vista and Windows 7, second step in Adobe’s plan to stymie attacks that exploit unpatched Flash bugs.

A sandbox isolates processes on the computer, preventing or at least hindering malware that tries to push code onto a machine. Adobe sandboxed Flash Player for Chrome in late 2010 after working with Google engineers; the February release of a sandboxed plug-in for Firefox came after similar cooperation from Mozilla engineers.

Adobe plans to ship the final version of Flash Player 11.3 before the end of June.

Users who want to test drive the preview can download it from Adobe’s website.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter@gkeizer, or subscribe to Gregg’s RSS feed Keizer RSS. His e-mail address is gkeizer@ix.netcom.com.

Read more about Internet in Computerworld’s Internet Topic Center.

Article source: http://www.computerworld.com/s/article/9226921/Adobe_preps_silent_Flash_updates_for_Macs

Tags: , , , ,

26 Jan 12 Best browser 2012: which should you be using?


Competition among browsers is more fierce than ever.

Google’s knocking out new versions of Chrome at an alarming rate, Mozilla’s been pulling nightshifts to improve Firefox, and Microsoft’s rejuvenated IE team is doing great things with its browser.

There are great browsers from Opera and Apple too, not to mention mobile browsers for smartphones and tablets.

So which browser should you be using?

Let’s find out which ones offer the best blend of power, expandability and all-round awesomeness.

The best browser for speed

We tested the latest official releases of the big browsers: IE9, Safari 5.1, Firefox 9, Chrome 16 and Opera 11.6 to see how they performed on the desktop. All of the big browsers deliver speedy browsing, but there are still differences when it comes to things such as JavaScript performance, which affects the speed at which web apps and complex websites work.

In the Sunspider JavaScript benchmarks Firefox left its rivals in the dust, storming through the tests in a hugely impressive 189.4ms. Safari was next with 219.6ms, followed by IE9 (247.9ms), Opera (254.3ms) and Chrome (291.0ms). We saw similar results in Windows Vista, with Firefox narrowly pipping its rivals to take first place.

These figures are based on brand new installations without any plugins, extensions or similar: once you start loading your browser up with goodies, performance is likely to take a nose-dive.

Firefox

WOW: Firefox is the speed king on Windows and on OS X, but there isn’t much in it: all the browsers are swift

The best browser for add-ons

You can get add-ons for all the main browsers, but Firefox has the edge here: its huge number of add-ons and Greasemonkey scripts mean that its reputation as the Swiss Army Knife of web browsers is well deserved. It’s far and away the most expandable web browser, and it’s got the best browser sync features too. Bear in mind, though, that all of the main browsers are expandable, and while some – such as Safari – don’t have enormous libraries of add-ons, you can still get the essential ones such as ad blockers, Twitter utilities and Gmail notifiers.

Opera deserves a special mention here because it’s more than just a browser. It has integrated email, newsgroups and IRC chat, the Opera Unite file server, Opera Turbo to improve performance on crappy mobile connections, and Sidebar-style widgets for games, web applications and utilities.

The best browser for Windows 7

Safari’s the first to fall here: it just looks odd on Windows, and doesn’t offer anything over its rivals. IE9 and Opera are both very nice to use on Windows 7 and make good use of taskbar pinning and jump lists, but Firefox has the edge in both speed and expandability and it’s our pick here.

Opera on windows 7

UNEXPECTED?: Opera’s a joy to use and worth considering if you like the idea of widgets, integrated email and file sharing

The best browser for Windows Vista

IE9 flies on Vista – it hammered through Sunspider in 193.7ms – but Firefox is faster still, scoring 192.2ms in the same benchmarks. Safari ran through the benchmarks in 224.4ms, Chrome 246.6ms, and Opera in 251.2ms. Firefox isn’t just the speediest browser on Vista, but the most expandable too.

The best browser for Windows XP

Internet Explorer takes an early bath here, because Microsoft doesn’t make IE9 for its ageing OS. That leaves Safari 5.1, Firefox 9, Chrome 16 and Opera 11.6; of the four, Chrome demands the least RAM and hard disk space, making it the best bet for older XP systems. That means Chrome’s the best browser for netbooks too: its more modest hardware requirements are a boon on relatively low-spec machines.

The best browser for OS X

Firefox was massively in the lead on OS X Lion, rocketing through Sunspider in 153.8ms compared to Safari’s 209.2ms, Opera’s 214.7ms and Chrome’s 225.3. However, it’s worth noting that while Safari’s figures look good on paper, they don’t reflect the way it chugged through the benchmarks as if it were wading through treacle.

Firefox’s speed is countered by what we think is a faintly horrible interface. If that isn’t your top priority then Firefox is the best browser for Mac users; if it annoys you, then Opera or Chrome is a better bet. While Safari is a perfectly decent browser, its rivals performed better in our tests.

The best browser for privacy

All of the browsers we tested had excellent privacy protection including private browsing and warnings of suspicious web pages, but IE9 is marginally ahead of the pack here: its tracking protection enables you to subscribe to lists that tell specific kinds of websites not to track you, which is potentially more useful than a global “do not track” option.

The best browser for HTML5

All of the main browsers support the important bits of HTML5, but when it comes to full standards support Chrome and Firefox are in the lead by a significant margin. According to the excellent Caniuse.com, Firefox and Chrome score 89% for HTML5 standards support, with Safari at 78%, Opera 74% and IE9 52%. If you add CSS support into the equation the scores are 87% for Firefox and Chrome, 83% for Safari, 75% for Opera and 59% for IE.

HTML5 in ie9

LAGGING BEHIND: All the browsers support key HTML5 features, but IE9 lags behind when it comes to full standards support

The best browser for Android

The stock Android browser is pretty good, but we think Opera Mobile has the edge for smartphones: it’s got a lovely interface, goes like the clappers – we’ve previously described it as “comically fast” on decent kit – and synchronises well with its desktop cousin. On tablets, the standard browser is still our preferred option: while Dolphin for Pad and Firefox are looking pretty nifty, they’re both still in beta.

Opera on android

CACHE KING: Opera Mobile for Android is particularly good on mobile phones. It’s “comically fast” on decent kit

The best browser for iPad

The lack of tabs in Apple’s Safari drove us daft on the original iPad, but now it’s got tabbed browsing and iCloud syncing we think it’s the best browser on the platform, especially on the iPad 2: in our experience it’s faster and more reliable than iCab Mobile, considerably nicer to look at than Atomic Browser, and less likely to dump you back to the home screen for no good reason than non-Apple browsers.

Safari on ipad

NATIVE THE BEST: Tabbed browsing and iCloud synchronisation make Apple’s own Safari the best bet for iPad owners

——————————————————————————————————-

Liked this? Then check out Hands on: IE10 review (Platform Preview)

Sign up for TechRadar’s free Week in Tech newsletter
Get the top stories of the week, plus the most popular reviews delivered straight to your inbox. Sign up at http://www.techradar.com/register

Follow TechRadar on Twitter * Find us on Facebook * Add us on Google+

Article source: http://www.techradar.com/news/software/applications/best-browser-2012-which-should-you-be-using-932466

Tags: , , ,

17 Dec 11 Chrome scores a victory in the browser wars


It’s just one browser version during one particular week, and only one research firm is making the claim–but according to StatCounter, Google’s Chrome 15 is the world’s most popular browser.

Chrome 15

Chrome 15

(Credit:
Google)

In the last week of November, StatCounter says, 23.6 percent of the browsers tracked by its global system were Chrome 15. Microsoft’s
Internet Explorer 8 accounted for 23.5 percent.

Add up all versions of IE and Chrome and you still get a different story: IE is the most popular browser overall, well ahead of Chrome. StatCounter’s numbers still show all versions of IE taking a total of 40.09 percent of the market, vs. 26.31 percent for all versions of Chrome.
Firefox is at 25.07 percent, Apple’s
Safari is at 5.86 percent, and Opera gets 1.91 percent.

Chrome 15′s victory isn’t hugely meaningful. Google’s built-in updating system quietly but insistently auto-updates users to new versions, reducing the number of people who are running old editions of the browser. Microsoft, by contrast, is less pushy. That helps explain why a meaningful number of folks still run the ancient, obsolete, insecure mess known as Internet Explorer 6.

In January, Microsoft plans to use Windows Update’s Auto Updates to upgrade recalcitrant Windows users to newer versions of Internet Explorer–IE 8 for Windows XP, and IE 9 for Windows Vista and 7. Given Chrome 15′s extremely narrow victory over IE 8 and the massive number of Windows XP PCs in the world, IE 8 presumably has a decent chance at snatching its crown back next month.

The real history-making moment would come if Chrome–or any non-Microsoft browser–overtook IE to become the world’s most popular browser, period. (The numbers reported by StatCounter and its rivals vary enough that I wouldn’t believe it had happened until every major stats service agreed.)

The last market-leading browser that wasn’t IE was Netscape Navigator. When its share crumbled in the 1990s, Internet Explorer gained a monopoly on the market that looked like it would probably be permanent.

By coming pre-installed on Windows, Internet Explorer still gets a huge head start over every other browser on the planet: It’s remarkable that the race is as close as it is. I wouldn’t reject the possibility of Chrome eventually overtaking IE, though, particularly given how rapidly it’s improving and how aggressively Google markets it.

Of course, a few years ago I thought that Firefox also had a shot at surpassing IE . Back in the days when Internet Explorer 6 was the current version of IE, and commanded more than 90 percent of the market, Firefox was downright dazzling. Simply by being wonderful, it quickly racked up millions of users–and forever disproved the depressing conventional wisdom that it was impossible to compete with Windows’ default browser.

When Google unveiled Chrome a little over three years ago, Firefox probably lost its chance at taking the top slot. All of a sudden, Chrome was the fresh, innovative alternative browser–and recently, Firefox’s share has flatlined, then dipped.

If open-source Firefox had managed to overtake IE, it would have been one of the great stories in tech history: A bunch of volunteer geeks banding together to beat the world’s biggest software company. If Chrome takes the lead, it’ll be one huge company beating another huge company. For me, at least, the emotional impact wouldn’t be the same.

And in a strange way, Microsoft is also a scrappy upstart when it comes to browsers. IE 9, the current version, is downright good, and admirably progressive when it comes to new technologies and standards. (Microsoft does its best work when its products have meaningful competition. Weird, huh?)

So I’m not rooting for any particular browser, and won’t take it badly if IE remains the most popular one for years to come. But boy, am I glad that the browser wars–which some once thought were over–show no signs of ending anytime soon.

Article source: http://news.cnet.com/8301-33200_3-57344218-290/chrome-scores-a-victory-in-the-browser-wars/?part=rss&subj=software&tag=title

Tags: , , ,