Extensions help, but by default Chrome and its ability to sandbox processes really increases security:
http://blogs.techrepublic.com.com/security/?p=3738&tag=content;leftCol
Discussion on:
View:
Show:
then you don't need any of the security extensions that you have described. They would just require resources that would be better used for other purposes, and Chrome would also be less responsive than it is.
Although I would not call it a "security extension" LastPass would be useful, insofar as the Chrome team doesn't seem to have much enthusiasm for implementing more features into their browser. Encouraging developers to do that with extensions is the same strategy that Mozilla adopted with Firefox. However, it could eventually prove to be a mistake for Chrome, because it would be a lot more efficient (less inter-process communication overhead) if more-or-less fundamental features, such as "zooming" a page to make text readable, were directly implemented in the browser process itself.
About tabphishing .....
If memory serves, according to Brian Krebs's post on tabphishing, in an update he reported that Firefox NoScript has been updated to eliminate that means of attack, but he did not say which version has it. I do know that a NoScript update was released within the past few days, so maybe I have that protection now, else I expect it will be available soon.
By the way, tabphishing only works if the user is careless and really not paying much attention to what is going on. Personally, I doubt that I would fall for it, because I seldom have more than six or seven tabs open (except quite temporarily). On the other hand, some people have come up with what appear to be more sophisticated attacks that are based on the same premise.
Although I would not call it a "security extension" LastPass would be useful, insofar as the Chrome team doesn't seem to have much enthusiasm for implementing more features into their browser. Encouraging developers to do that with extensions is the same strategy that Mozilla adopted with Firefox. However, it could eventually prove to be a mistake for Chrome, because it would be a lot more efficient (less inter-process communication overhead) if more-or-less fundamental features, such as "zooming" a page to make text readable, were directly implemented in the browser process itself.
About tabphishing .....
If memory serves, according to Brian Krebs's post on tabphishing, in an update he reported that Firefox NoScript has been updated to eliminate that means of attack, but he did not say which version has it. I do know that a NoScript update was released within the past few days, so maybe I have that protection now, else I expect it will be available soon.
By the way, tabphishing only works if the user is careless and really not paying much attention to what is going on. Personally, I doubt that I would fall for it, because I seldom have more than six or seven tabs open (except quite temporarily). On the other hand, some people have come up with what appear to be more sophisticated attacks that are based on the same premise.
I alluded to the fact that Chrome is secure right out of the box. The extensions are ancillary and Google realizes that not all people want these extensions.
Number of tabs open is not the issue. The issue is that the web page is altered. Do you check the URL ever time you move between tabs?
Number of tabs open is not the issue. The issue is that the web page is altered. Do you check the URL ever time you move between tabs?
It depends upon how long it has been since I looked at the destination tab. The longer that I've not seen it, the more likely that I will check the URL (and the probability increase is nonlinear). Dunno why.
The success of the tabphish "swap" is based upon the user not looking at the tab for a while, then assuming that their log-in to the corresponding web site has been "timed out" when they access the tab again.
The more tabs that someone has open, the more likely they are to not look at any given tab for a sufficient amount of time. (OTOH, I might have less than a dozen tabs open, but there might be one or two that I haven't seen in the course of a day or two.)
But if I expect that I won't be using a web site for a while, then I will log-out of the site. Ordinarily I do not like to leave a site with an "open" log-in and prefer to be logged-out while I'm not "using the connection" (a habit formed while using the Internet cost $36.00/hr., probably). But I don't care as much when a web site allows me to be logged-in indefinitely.
My bank's web site will drop my session if I have not interacted with it during the past 8 to 10 minutes. Sometimes that happens when I'm taking longer to pay a bill than I normally take. But when they drop me, what I see when I look is the exit page, not the log-on page. To resume activity with my account, I must proceed to the log-in page, and, yes, I do verify the URL, because the hyperlink on the exit page could be wrong (even without tabphishing).
That also happens, but not often, with a merchant's web site after I've logged-in to the "checkout" section to effect a purchase transaction. When a time-out occurs, it is usually because I've found a problem that I cannot quickly resolve, such as uncertainty pertaining to shipping. Then what I usually see is a notice that my log-in has been timed-out, and a link to the web site's home page or maybe the page where I can renew the session.
But when money is involved, the connection is ordinarily SSL, so I doubt that any pages will be swapped while that is in effect. (If there is a MITM, then that is an entirely different problem!) Even when the log-in has been dropped, the SSL connection between the browser and the web site ordinarily remains, but that might not be true for all sites.
Basically, when I switch from one task to another, I habitually try to discern the facts of the situation before I proceed.
How easy is it to spoof an HTTPS page, or even the URL on an unsecure one?
The success of the tabphish "swap" is based upon the user not looking at the tab for a while, then assuming that their log-in to the corresponding web site has been "timed out" when they access the tab again.
The more tabs that someone has open, the more likely they are to not look at any given tab for a sufficient amount of time. (OTOH, I might have less than a dozen tabs open, but there might be one or two that I haven't seen in the course of a day or two.)
But if I expect that I won't be using a web site for a while, then I will log-out of the site. Ordinarily I do not like to leave a site with an "open" log-in and prefer to be logged-out while I'm not "using the connection" (a habit formed while using the Internet cost $36.00/hr., probably). But I don't care as much when a web site allows me to be logged-in indefinitely.
My bank's web site will drop my session if I have not interacted with it during the past 8 to 10 minutes. Sometimes that happens when I'm taking longer to pay a bill than I normally take. But when they drop me, what I see when I look is the exit page, not the log-on page. To resume activity with my account, I must proceed to the log-in page, and, yes, I do verify the URL, because the hyperlink on the exit page could be wrong (even without tabphishing).
That also happens, but not often, with a merchant's web site after I've logged-in to the "checkout" section to effect a purchase transaction. When a time-out occurs, it is usually because I've found a problem that I cannot quickly resolve, such as uncertainty pertaining to shipping. Then what I usually see is a notice that my log-in has been timed-out, and a link to the web site's home page or maybe the page where I can renew the session.
But when money is involved, the connection is ordinarily SSL, so I doubt that any pages will be swapped while that is in effect. (If there is a MITM, then that is an entirely different problem!) Even when the log-in has been dropped, the SSL connection between the browser and the web site ordinarily remains, but that might not be true for all sites.
Basically, when I switch from one task to another, I habitually try to discern the facts of the situation before I proceed.
How easy is it to spoof an HTTPS page, or even the URL on an unsecure one?
AdBlock to keep bad servers from downloading malware into the browser(although not as effective as AdBlock Plus in FF), and LastPass/RoboForm keeping your private data off the hard drive.
It only takes a drive reading spyware about 15 seconds to read a 500Mb hard drive and glean passwords, user IDs, credit cards, Social Security Numbers, and telephone numbers off your hard drive. If you don't believe me, try the paid version of Identity Finder, and see if it doesn't scare the pants off of you!!
CCleaner can clean a lot of this browser information off the hard drive for you; but not all of this gets recorded in the browser. It is just absolutely scary how easy it is to have information in your PC that compromises your ID security, that you weren't even aware of.
I do not work for Identity Finder and do not profit from any sale of any software or otherwise; I just like promoting anything to keep the criminals out of people's back pocket!
It only takes a drive reading spyware about 15 seconds to read a 500Mb hard drive and glean passwords, user IDs, credit cards, Social Security Numbers, and telephone numbers off your hard drive. If you don't believe me, try the paid version of Identity Finder, and see if it doesn't scare the pants off of you!!
CCleaner can clean a lot of this browser information off the hard drive for you; but not all of this gets recorded in the browser. It is just absolutely scary how easy it is to have information in your PC that compromises your ID security, that you weren't even aware of.
I do not work for Identity Finder and do not profit from any sale of any software or otherwise; I just like promoting anything to keep the criminals out of people's back pocket!
Unlike Adblock Plus (the Firefox extension), Chrome Adblock is entirely useless security-wise. The reason is that Chrome Adblock doesn't really block ads, it merely hides them. Ads are still being downloaded and malicious code still gets its chance to run. It might be the same with Chrome FlashBlock, I didn't check.
Note also that process-per-tab isn't a security feature per se. As long as each process runs with user's privileges (as it is still the case for Chrome), malware doesn't need to care whether the process it gets injected into is the "one for everything" or "this tab only" process. For now it is merely a stability feature.
Note also that process-per-tab isn't a security feature per se. As long as each process runs with user's privileges (as it is still the case for Chrome), malware doesn't need to care whether the process it gets injected into is the "one for everything" or "this tab only" process. For now it is merely a stability feature.
If the malware requires user action, being hidden helps in that regard. If no intervention is required, being sandboxed will not allow the malware to survive.
requires CPU cycles and it occupies memory. So it would be much better, all things considered, if it were not there at all. If someone does not want to see or hear advertising, and they can avoid that, then they will try to do that, regardless of whether it is a security risk. Nor do I fault them, frankly. I don't owe a piece of my time, which is my life, to anyone just because they want to sell something to me.
I'm not so keen to trust a bunch of third parties calling home from my browser. Not with my browsing history, not with my passwords, not even with my food garbage. What I see here is a way for someone I hardly know to pretend to help my security while maintaining as big a book on me as Google themselves.
May I ask what browser you use that is so much more secure? How can you explain that IE, Safari, and FF did not survive Pwn2Own, whereas Chrome did.
I really don't think you read my reply, since yours doesn't really relate to it at all.
With the exception of my anti-virus program (Usually Norton, currently AVG), I don't trust any third party extensions. Even with the anti-virus programs, I avoid their toolbars and any more bloat than I have to take.
My point was not that one browser is more safe. It's that third party extensions are more problem than good. I don't want third parties looking over my browsing history. I don't know ones that I can trust with all my passwords. (Monster.com was meant to be safe. We saw that go down the tubes like a Toyota accelerator.)
With the exception of my anti-virus program (Usually Norton, currently AVG), I don't trust any third party extensions. Even with the anti-virus programs, I avoid their toolbars and any more bloat than I have to take.
My point was not that one browser is more safe. It's that third party extensions are more problem than good. I don't want third parties looking over my browsing history. I don't know ones that I can trust with all my passwords. (Monster.com was meant to be safe. We saw that go down the tubes like a Toyota accelerator.)
I did read your comment, otherwise I would not have replied. You were referring to third party extensions, were you not? If not I apologize.
I replied about third party extensions, you replied about Chrome itself.
Why trust the "first party"? Why trust the browser, OS, AV, or any app at all?
It's why I'm there in the first place. Nothing is a perfect shield to security except maybe staying offline all together. But, most of these third parties I find to be unknown. They can be so small that they're unknowable unless you live close enough to meet the developer.
Staying to one vendor in an application keeps the possible points of failure down to the one.
How would you feel if one of your site-check vendors got hacked, and they got your browsing history? Or the site that collects your passwords got hacked by a disgruntled employee? I don't see many of these third parties that can stand up safely to these attacks.
Staying to one vendor in an application keeps the possible points of failure down to the one.
How would you feel if one of your site-check vendors got hacked, and they got your browsing history? Or the site that collects your passwords got hacked by a disgruntled employee? I don't see many of these third parties that can stand up safely to these attacks.
Because I'm not sure we are talking about a normal windows userland and installed apps with add-ons.
How in the world would, for example, No-Script or Symantec stop a disgruntled employee from stealing passwords or other information from some web service company?
And what is your definition of "third-party" here, because I may be assuming facts not in evidence. Third-party relative to the OS, or third-party relative to your chosen browser?
I may be (mis)interpreting your post in at least two ways, I suppose.
How in the world would, for example, No-Script or Symantec stop a disgruntled employee from stealing passwords or other information from some web service company?
And what is your definition of "third-party" here, because I may be assuming facts not in evidence. Third-party relative to the OS, or third-party relative to your chosen browser?
I may be (mis)interpreting your post in at least two ways, I suppose.
The addons that are not made by Google would be made by third parties. (Unless I wrote one myself)
Anything other than the operating system software can be considered a third-party application. Firefox is a third-party application using your definition.
That is what we are confused about.
That is what we are confused about.
every extension is another opportunity for an exploit.
so is another security weakness.
so is another security weakness.
most if not all of these, so if there be vulnerabilities, perhaps they would be pointed out this way.
I haven't tried Chrome in a while, but FileHippo's update checker usually points to an update before any vulnerabilities are found by Secunia anyway. I can get a five day jump, or more, on zero day vulnerability, just using the update checker, for most of the time.
Although you won't expose yourself to these anyway, my clients will, and do, no matter what advice. I say, why should we knuckle under to these criminals anyway? I want to be free to use any software I want as long as I can be at least reasonably secure.
I haven't been successfully attacked for a long time, and the last time was my fault for not checking my firewall after trying some new software; and even then, my defenses were successful in defending the perimeter.
I haven't tried Chrome in a while, but FileHippo's update checker usually points to an update before any vulnerabilities are found by Secunia anyway. I can get a five day jump, or more, on zero day vulnerability, just using the update checker, for most of the time.
Although you won't expose yourself to these anyway, my clients will, and do, no matter what advice. I say, why should we knuckle under to these criminals anyway? I want to be free to use any software I want as long as I can be at least reasonably secure.
I haven't been successfully attacked for a long time, and the last time was my fault for not checking my firewall after trying some new software; and even then, my defenses were successful in defending the perimeter.
Excuse me if it causes a funny feeling when I see "Chrome" and "secure" being used in the same sentence.
It's not that I don't use it myself, but don't forget who made it.
In 2007, Google acquired Doubleclick, a company that was infamous for the way it spied on people's browsing habits.
And now just very recently, Google themselves were caught with their hands in OUR cookie jar: those StreetView cars did more than just take pictures, they were spying on people's wireless networks as they drove by. In other words, they were literally engaged in what is often referred to as "wardriving" - quite illegal in the country where I live, with (as precedents) a number of people already convicted to jail time and/or fines for being caught at it.
Anyone who expects a browser from such a company, and especially one that's given away for free, to do only that what it is advertized to do and nothing else, should be encouraged to look up the words "gullible" and "naivete" in a dictionary.
It's not that I don't use it myself, but don't forget who made it.
In 2007, Google acquired Doubleclick, a company that was infamous for the way it spied on people's browsing habits.
And now just very recently, Google themselves were caught with their hands in OUR cookie jar: those StreetView cars did more than just take pictures, they were spying on people's wireless networks as they drove by. In other words, they were literally engaged in what is often referred to as "wardriving" - quite illegal in the country where I live, with (as precedents) a number of people already convicted to jail time and/or fines for being caught at it.
Anyone who expects a browser from such a company, and especially one that's given away for free, to do only that what it is advertized to do and nothing else, should be encouraged to look up the words "gullible" and "naivete" in a dictionary.
The definition of gullible is written on the wall behind you, see for yourself 
I like it better that way. Makes more sense to me, and is more amusing. 
That is a different subject. I suggest you read about this years Pwn2Own.
They may not be the same issue, but they're certainly related. How secure is a browser where privacy is ignored?
Why not. Security is related to how well the browser withstands exploits and attacks.
to sharing a bit of paranoia with these arguments too. However, just as FaceBook was flamed for privacy concerns and had to do an about face, perhaps Google may also, once it is proven the Chinese DID hack into their data base, and now has dossiers on all of us!
If you like a WebKit browser, why not try SRWare Iron? Generally seems to use more up-to-date WebKit source, and none of the Googleness baked in.
examined some of the results, then read some of them. I forgot to check whether they have a trial version for download. I am hoping to learn more, soon.
FWIW, I would like to check-out a browser with multi-process architecture, and a parallel but perhaps alternative implementation of Chrome "sandboxing" (which is also open-source, BTW), but without, as seanferd says "its Googleness".
It seems that the open-source WebKit rendering engine is the one that browsers (including Chrome) are beginning to adopt as "standard". If WebKit does become dominant, then web site developers will design new pages (or web sites), or re-vamp their existing ones, according to the features that it renders and how it renders them. (It is HTML 5 and retains CSS, but I wish it did not include the entire feature set of JavaScript.)
But I doubt that Microsoft will adopt WebKit unless they can find some way to "embrace and extend" yet again. However, E&E only works when your software has way more than half of the market.
FWIW, I would like to check-out a browser with multi-process architecture, and a parallel but perhaps alternative implementation of Chrome "sandboxing" (which is also open-source, BTW), but without, as seanferd says "its Googleness".
It seems that the open-source WebKit rendering engine is the one that browsers (including Chrome) are beginning to adopt as "standard". If WebKit does become dominant, then web site developers will design new pages (or web sites), or re-vamp their existing ones, according to the features that it renders and how it renders them. (It is HTML 5 and retains CSS, but I wish it did not include the entire feature set of JavaScript.)
But I doubt that Microsoft will adopt WebKit unless they can find some way to "embrace and extend" yet again. However, E&E only works when your software has way more than half of the market.
In these times where identity theft is mentioned so often, privacy _is_ an aspect of security (at least in my opinion).
is to ensure the integrity of the data, and to prevent unauthorized access to it and/or the unauthorized disclosure of it.
To that we might add: to ensure that the owner can continue to have and enjoy the use of their property, i.e., the computer system per se as well as its data.
Although Google has a legal right, defined by law, to collect data about me during the course of providing goods and services to me (assuming that I accept them, whether they are gratis), I do not have any legal obligation to disclose any data about myself to Google unless I am compelled to do that by a subpoena (the issue of which I can contest).
Of course, I may voluntarily disclose data about myself (such as what I do with Chrome) in exchange for receiving a good or service from them. However, if they are going to do much of such "collecting" in exchange for providing a "free" browser, I am not going to use it regardless of how secure it might be. On the face of it, what Google wants in exchange for my use of Chrome is more valuable than what it might provide.
It is irrational to use a "better browser" to "better secure" the data that is stored on my computer, yet give that data away to a party whose respect for my privacy appears to be virtually nil. Google's plans to use it are ordinarily neither explicitly nor specifically disclosed to me, and there is a significant risk that their collection and use of the data will not be beneficial for me. Indeed, most of the data that Google would collect and has collected is not even recorded on my computer, or is not recorded there for very long before it is erased. Also, in some respects, it happens to be data that I would rather that Google not obtain, regardless of how long they keep it or whether it is recorded on my computer, or whether I am using Chrome.
Some data that Google might collect from or about me could be of value to an identity thief. A lot of it would be of value for "marketers", or for soliciting donations to charities and/or other non-profit nongovernmental organizations.
That said, I am presently considering adopting TrueCrypt to protect whatever data might be recorded on my computer that could be useful for an identity thief (in particular). However, I have reason to suspect that my P.I.I. was used over 15 years ago, and perhaps as recently as 5 years ago, to commit or attempt to commit fraud. So maybe all I would be doing is building a vault to prevent repetition of the data theft, this time from my computer,via the Internet.
To that we might add: to ensure that the owner can continue to have and enjoy the use of their property, i.e., the computer system per se as well as its data.
Although Google has a legal right, defined by law, to collect data about me during the course of providing goods and services to me (assuming that I accept them, whether they are gratis), I do not have any legal obligation to disclose any data about myself to Google unless I am compelled to do that by a subpoena (the issue of which I can contest).
Of course, I may voluntarily disclose data about myself (such as what I do with Chrome) in exchange for receiving a good or service from them. However, if they are going to do much of such "collecting" in exchange for providing a "free" browser, I am not going to use it regardless of how secure it might be. On the face of it, what Google wants in exchange for my use of Chrome is more valuable than what it might provide.
It is irrational to use a "better browser" to "better secure" the data that is stored on my computer, yet give that data away to a party whose respect for my privacy appears to be virtually nil. Google's plans to use it are ordinarily neither explicitly nor specifically disclosed to me, and there is a significant risk that their collection and use of the data will not be beneficial for me. Indeed, most of the data that Google would collect and has collected is not even recorded on my computer, or is not recorded there for very long before it is erased. Also, in some respects, it happens to be data that I would rather that Google not obtain, regardless of how long they keep it or whether it is recorded on my computer, or whether I am using Chrome.
Some data that Google might collect from or about me could be of value to an identity thief. A lot of it would be of value for "marketers", or for soliciting donations to charities and/or other non-profit nongovernmental organizations.
That said, I am presently considering adopting TrueCrypt to protect whatever data might be recorded on my computer that could be useful for an identity thief (in particular). However, I have reason to suspect that my P.I.I. was used over 15 years ago, and perhaps as recently as 5 years ago, to commit or attempt to commit fraud. So maybe all I would be doing is building a vault to prevent repetition of the data theft, this time from my computer,via the Internet.
I prefer LinkExtend. SiteAdvisor and WOT are included in its safety services.
I was not aware that Chrome was capable of running this many extensions, but I haven't tried it in a while.
I really like LinkExtend, it is higher rated, world wide, than SiteAdviser, and I recommend it to all my clients who use FireFox.
I really like LinkExtend, it is higher rated, world wide, than SiteAdviser, and I recommend it to all my clients who use FireFox.
Why does anyone expect security in a web browser or OS from a company that has a vested interest in knowing who you are, what you do, and tracking every click on the web?
Run away, run far away...
Why would anyone use a system like Xmarks when the first function they advertise is rating search sites based on what others have bookmarked?
Do the editors here even read any of these blogs?
Run away, run far away...
Why would anyone use a system like Xmarks when the first function they advertise is rating search sites based on what others have bookmarked?
Do the editors here even read any of these blogs?
Your point about Xmarks.
As for your first point, I think you are getting privacy and security mixed up. I suggest that you read the privacy statements for other browsers before jumping to your conclusion.
As for your first point, I think you are getting privacy and security mixed up. I suggest that you read the privacy statements for other browsers before jumping to your conclusion.
Check the link for Xmarks and read what they do.
I can care less what the "privacy statements" are for companies. They change them at the drop of a hat and not always to benefit users. Google invades privacy in any way it can to benefit itself. It sells advertising and advertising data.
I am fine with performing searches through Google and reading their news offerings. I would never use their OS or browser.
My son is an IT specialist and uses everything, but that is his business.
I can care less what the "privacy statements" are for companies. They change them at the drop of a hat and not always to benefit users. Google invades privacy in any way it can to benefit itself. It sells advertising and advertising data.
I am fine with performing searches through Google and reading their news offerings. I would never use their OS or browser.
My son is an IT specialist and uses everything, but that is his business.
Why is it OK for others to have weak privacy statements and not for Google. I guess that statement confuses me.
You don't think Yahoo is doing the same thing?
You don't think Yahoo is doing the same thing?
than Google, but they have always been upfront about it from Day One.
Soon after Yahoo! was established, I visited their website and read their Privacy Policy (privacy policies were the latest fashionable practice at the time, so to speak). It did not mince words, and basically said that as far as they were concerned, no one was entitled to any privacy at all, and they would act accordingly.
I never went back to Yahoo!, except once to join a group which has never been all that active. If I had realized that it was a Yahoo! group before I sought out the group, I would not have bothered.
Google started out with a policy that actually did express respect for privacy, and I quoted from it in a post on this blog at the time, although I cannot recall the specific article.
Reading the same page relatively recently, well, they were no longer so definitive and the link for the "Opt Out" button was broken.
Google's privacy policy is far more significant than the one for Yahoo! or even for Microsoft, because Google has so many more ways and means to acquire and to associate the data that they collect on the millions of people who use Google services directly, and do business with Google subsidiaries. The scope of their reach is such that it is difficult to find a web site of any significance which does not have Google somewhere on its pages.
Be that as it may, Google just doesn't have much, if any, credibility left with regard to whether they respect anyone's privacy. That much is clear from reading the posts here and on the other article about Google Chrome (http://blogs.techrepublic.com.com/security/?p=3738&tag=content;leftCol).
Facebook has become another giant which is facing its own day of reckoning. I have closed my Facebook account simply because all of the measures that I had to take to safeguard my privacy kept changing, and not for the better. Using them consumed so much time and energy, both to discover and to use, that the benefits that I received from having and using the account to "socialize" just were not worth it.
Soon after Yahoo! was established, I visited their website and read their Privacy Policy (privacy policies were the latest fashionable practice at the time, so to speak). It did not mince words, and basically said that as far as they were concerned, no one was entitled to any privacy at all, and they would act accordingly.
I never went back to Yahoo!, except once to join a group which has never been all that active. If I had realized that it was a Yahoo! group before I sought out the group, I would not have bothered.
Google started out with a policy that actually did express respect for privacy, and I quoted from it in a post on this blog at the time, although I cannot recall the specific article.
Reading the same page relatively recently, well, they were no longer so definitive and the link for the "Opt Out" button was broken.
Google's privacy policy is far more significant than the one for Yahoo! or even for Microsoft, because Google has so many more ways and means to acquire and to associate the data that they collect on the millions of people who use Google services directly, and do business with Google subsidiaries. The scope of their reach is such that it is difficult to find a web site of any significance which does not have Google somewhere on its pages.
Be that as it may, Google just doesn't have much, if any, credibility left with regard to whether they respect anyone's privacy. That much is clear from reading the posts here and on the other article about Google Chrome (http://blogs.techrepublic.com.com/security/?p=3738&tag=content;leftCol).
Facebook has become another giant which is facing its own day of reckoning. I have closed my Facebook account simply because all of the measures that I had to take to safeguard my privacy kept changing, and not for the better. Using them consumed so much time and energy, both to discover and to use, that the benefits that I received from having and using the account to "socialize" just were not worth it.
I agree that Yahoo was worse, which is why I almost never use any of their services except a couple of groups which are not active. I DO NOT accept weak privacy policies NOR do I accept so called "strong" policies because they are ALL meaningless. Read the fine print, -they change without notice.
If other search engines do the same thing, why is Google the focus. Is it because they are doing a good job as well?
I recently updated chrome in Windows 7 64 bit now it crashes all the time. IDM say a new extension will be available at their next update on June 6th
it either doesn't work on standard accounts, or not at all on 64 bit PCs. Maybe in Linux it does, but FireFox runs like a top here lately on my Vista x64 system. I think I'll stick with it for a while.
I hear the 64bit beta for FireFox is already available for download! It is supposed to be released in final form in November.
I hear the 64bit beta for FireFox is already available for download! It is supposed to be released in final form in November.
I love Chrome and would use it if Google made it more "user friendly".
For example, why don't they want people to set the cache location? Yes, I know how to set this if clicking from a link, but it doesn't work if Chrome is set as the default browser and you open a link (e.g.) from an email.
I have a fast SSD drive for my OS and want the browser cache somewhere else.....
You also can't set the download location, etc, etc. Come on Google, this is basic stuff!
For example, why don't they want people to set the cache location? Yes, I know how to set this if clicking from a link, but it doesn't work if Chrome is set as the default browser and you open a link (e.g.) from an email.
I have a fast SSD drive for my OS and want the browser cache somewhere else.....
You also can't set the download location, etc, etc. Come on Google, this is basic stuff!
Go to Google Chrome Options....Under the hood...Download Location
Unfortunately Google have removed this option in the latest version 5.0.375.55.
They have also for an unknown reason changed "Under the hood" to "Under the bonnet".......
They have also for an unknown reason changed "Under the hood" to "Under the bonnet".......
i just downloaded chrome and installed. I checked the options and the download location is there, right where it should be and the version i have is 5.0.375.55 all you have to do is scroll down a little
In settings, the "Under the Hood" tab has a place to change the download location. Not sure about cache but I hope that helps!
Try the latest version and you will see how things have changed
I have the latest version and mine also says "under the hood". I wonder if it is because of your location.
I guess you must be right, as I live in the UK.
Does your version have the ability to specify the download location?
Also, what are your views on the limited options Google makes available - such as not being able to specify the cache location, etc
Is there a technical reason for this? When I look at the huge number of options available for Firefox I have to wonder who is right (not that I would recommend people fiddle too much with all those options - in fact there are probably far too many available for misuse.
Does your version have the ability to specify the download location?
Also, what are your views on the limited options Google makes available - such as not being able to specify the cache location, etc
Is there a technical reason for this? When I look at the huge number of options available for Firefox I have to wonder who is right (not that I would recommend people fiddle too much with all those options - in fact there are probably far too many available for misuse.
That is strange. This link is exactly what I do:
http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95574
As for limited options, I read somewhere that was by design and more options would added as the development team reviewed what users wanted. Having limited number of different fonts is one complaint I have been hearing.
http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95574
As for limited options, I read somewhere that was by design and more options would added as the development team reviewed what users wanted. Having limited number of different fonts is one complaint I have been hearing.
Downloads have always been stored "outside of the sandbox" because the "sandbox" that Google Chrome creates is in memory, not on recordable media.
Sandboxie creates the sandbox on the primary hard disk drive (on my computer it is C:\Sandbox). Downloads are stored inside the sandbox, in a mirror of the actual NTFS on the destination media, and the mirror is, of course, inside the sandbox. So, if you want to keep the downloaded object, you must "recover" (retrieve) it from the sandbox before the content of the sandbox is deleted.
Sandboxie creates the sandbox on the primary hard disk drive (on my computer it is C:\Sandbox). Downloads are stored inside the sandbox, in a mirror of the actual NTFS on the destination media, and the mirror is, of course, inside the sandbox. So, if you want to keep the downloaded object, you must "recover" (retrieve) it from the sandbox before the content of the sandbox is deleted.
Forgive me for repeating myself, but this doesn't seem to have sunk in yet.
The "Under the bonnet" version (which apparently applies to the UK version of Chrome) does not have an option to set the download location - and is possibly missing many other options as well.....
The "Under the bonnet" version (which apparently applies to the UK version of Chrome) does not have an option to set the download location - and is possibly missing many other options as well.....
I believe you and I find it interesting that the application has variants. I am asking Google about it right now.
that's because you're receiving a localized version for UK
kinda like Aluminium
we say Aluminum
you say bonnet
we say hood
kinda like Aluminium
we say Aluminum
you say bonnet
we say hood
I am trying to get verification. Still, why the UK version would not have the ability to change where downloads end up seems odd.
The first two I tried to install, siteadvisor and wot, both kicked back as not compatible with google chrome???
I assume that everything is the latest. I will pass your comment on to the appropriate people and hopefully will have an answer for you.
on the first attempt, I went directly to the site. then I did the attempt from chrome.google.com/extensions, and nothing happened.
Is that a good thing or not? I will gladly pass your concerns on if need be.
I imagine either should work as expected. Is your version of Chrome up-to-date? (Probably is, by default.)
Hrm.
Oh, you haven't by any chance changed the User Agent string, have you?
Hrm.
Oh, you haven't by any chance changed the User Agent string, have you?
Not sure what you mean by the User Agent string?
In any case, I checked chrome and the installed version is: 4.1.249.1036.
What I find is odd also, if I click on the desktop icon/shortcut, chrome opens in incognito mode, but if I go through start - all programs, it opens in normal mode. The desktop icon does not allow me to install the extensions, but the all programs option does?
Thoughts?
In any case, I checked chrome and the installed version is: 4.1.249.1036.
What I find is odd also, if I click on the desktop icon/shortcut, chrome opens in incognito mode, but if I go through start - all programs, it opens in normal mode. The desktop icon does not allow me to install the extensions, but the all programs option does?
Thoughts?
I've used WOT on Firefox and IE, and while the extension seems to have now installed in chrome (WOT symbol on the menu bar) by doing the install from start, all programs and removing the desktop icon, the warning WOT donuts do not appear when I google anything?? Anybody know why or how to get them to appear? Thanks.
both my browsers - FF & IE8 were not showing the ratings on my install of Site Advisor. All I had to do was click "Advanced search" hypertext just below the Google search window, and then the [Advanced Search] button on the lower right hand corner of the resultant screen, and wallah! Everything was fixed.
So go figure on that one!! Sometimes it is something silly that is keeping the ratings displays hidden on these extensions; I pray a good Google search will solve your problem.
So go figure on that one!! Sometimes it is something silly that is keeping the ratings displays hidden on these extensions; I pray a good Google search will solve your problem.
I don't know, I kept searching and then suddenly they started to appear. Still, sometimes I will see them, go to the next page and they aren't there? Bizarre, but at least I am now getting something.
jesus christ, if you have to wait all these programs to start evry time you boot your computer, you might be considering to change platform, perhaps to mac...
Gmail is the only tab I have that starts slow. Otherwise the browser is up quite fast.
lately about IE and Firefox slowing way down lately. I have noticed it has sped up on both of them in my PC.
Maybe everything is being optimized for x64 PCs, even though we are talking about 32 bit browsers?
Until flash goes x64, I will not be able to use my x64 Internet Explorer 8.
Maybe everything is being optimized for x64 PCs, even though we are talking about 32 bit browsers?
Until flash goes x64, I will not be able to use my x64 Internet Explorer 8.
And why would mac be any different?
Edited for "wxtensions".
Edited for "wxtensions".
But, I was curious about that as well. I have Wireshark and TaskManager going and do not see that.
Still, I may be missing something.
Still, I may be missing something.
and see if it is more x64 compliant. I like the fact that these favorite extensions work on it!
It's messy as you have to launch it and then scan through the tabs. Why didn't Google just implement scrolling tabls like Firefox, Opera and Safari? It would have been simple and people who are enough of a power user to open more than a dozen tabs are more than able to understand about scrolling the tab bar.
I like chrome, I'm using it to write this, it works well and it's fast but I can't adopt it full-time because I'm a tabaholic. I usually have 3 to 4 windows open with a couple of hundred or more tabs open. Don't ask, I'm a black sheep
I like chrome, I'm using it to write this, it works well and it's fast but I can't adopt it full-time because I'm a tabaholic. I usually have 3 to 4 windows open with a couple of hundred or more tabs open. Don't ask, I'm a black sheep
nice extensions. Hopefully Sticky Password will add their Chrome support soon, since they have it already in Beta
Well you can try it by your own:
http://www.stickypassword.com/en/support/beta-program
I've tried it and it work flawlessly. But it is not only an extension. It is the whole applications, that now supports also Chrome, but it is accessible via systray and their button in each browser.
http://www.stickypassword.com/en/support/beta-program
I've tried it and it work flawlessly. But it is not only an extension. It is the whole applications, that now supports also Chrome, but it is accessible via systray and their button in each browser.
I will check it out. If it's not an extension, that is probably why I did not look for it.
The "why bother" comment is a little tongue in cheek, but heartfelt nevertheless.
There are still too many websites that don't work properly in Chrome.
Many will dismiss my comment/complaint as being the fault of the website developer and not Chrome's fault, but I am not so sure - and I am also not inclined to let Chrome off the hook.
As someone who has won web design awards, I appreciate how hard it is to get full browser compatibility. However, I feel that browsers like Chrome need to make it a little easier for the websiter designers/builders. Opera is another culprit and even Firefox doesn't always get it right.
Perhaps more importantly, this needs doing for the visitors who don't want to have to worry about standards and all the rest of it.
There are still too many websites that don't work properly in Chrome.
Many will dismiss my comment/complaint as being the fault of the website developer and not Chrome's fault, but I am not so sure - and I am also not inclined to let Chrome off the hook.
As someone who has won web design awards, I appreciate how hard it is to get full browser compatibility. However, I feel that browsers like Chrome need to make it a little easier for the websiter designers/builders. Opera is another culprit and even Firefox doesn't always get it right.
Perhaps more importantly, this needs doing for the visitors who don't want to have to worry about standards and all the rest of it.
With Web sites. What kind of problems are you referring to? Maybe I am missing something.
I am surprised that you have not had any problems but I suppose it just depends which web sites you visit.
The problems have been around :
- buttons not working; presumably problems with the scripting
- odd page layout; different rendering from IE
- menu bar (and menu options) behaviour different (usually simply doesn't work)
- etc - I haven't catalogued the problems but usually notify Google each time
There are many sites (most) where everything works just fine, but there are too many where this is not the case.
Perhaps I'll start compiling a list and update this thread.
The problems have been around :
- buttons not working; presumably problems with the scripting
- odd page layout; different rendering from IE
- menu bar (and menu options) behaviour different (usually simply doesn't work)
- etc - I haven't catalogued the problems but usually notify Google each time
There are many sites (most) where everything works just fine, but there are too many where this is not the case.
Perhaps I'll start compiling a list and update this thread.
I could pass the information along to Google. Also, I would like to try it and see if I have the same results.
has the open-source WebKit rendering engine which Google characterizes as "HTML5, CSS and JavaScript". As far as I can determine, all of the features of JavaScript as it is today are implemented in WebKit, without (of course) any regard to the threat that some of them pose to computer system security.
At the moment, I cannot recall which other browsers use WebKit, too, but if Firefox doesn't use it yet, I suspect that Firefox 4 will.
In my experience, there are far too many websites that do not work well (or completely) with anything but versions of Internet Explorer. Microsoft encourages "customization" for I.E. because they are still convinced that they must, even if they can't, seize control of the Internet with their web browser.
At the moment, I cannot recall which other browsers use WebKit, too, but if Firefox doesn't use it yet, I suspect that Firefox 4 will.
In my experience, there are far too many websites that do not work well (or completely) with anything but versions of Internet Explorer. Microsoft encourages "customization" for I.E. because they are still convinced that they must, even if they can't, seize control of the Internet with their web browser.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
