When it comes to security, who do you trust more - Microsoft or Google?

When it comes to security, who do you trust more - Microsoft or Google?

Summary: Chrome Frame browser plug-in for Internet Explorer seems to have kicked off a war of words between Google and Microsoft. When it comes to security, who do you trust more - Microsoft or Google?


Chrome Frame browser plug-in for Internet Explorer seems to have kicked off a war of words between Google and Microsoft. When it comes to security, who do you trust more - Microsoft or Google?

In case you haven't been keeping up with developments, Chrome Frame is a plug-in developed by Google for IE that brings the performance and standards compatibility of the Chrome browser to IE users. To put it another way, Google came out with a plug-in that dramatically improves IE.

[poll id="484"]

But Microsoft isn't taking this lying down. Yesterday the Redmond software giant claimed that Chrome Frame put IE users at risk by expanding the attack surface available to hackers:

"With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers. Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take."

Later Google hit back:

"While we encourage users to use a more modern and standards-compliant browser such as Firefox, Safari, Opera or Google Chrome rather than a plug-in, for those who don't, Google Chrome Frame is designed to provide better performance, strong security features and more choice to both developers and users, across all versions of Internet Explorer."

Google is even going as far as to suggest that if you don't trust the code, check it out for yourself:

"We invite all parties with thoughts about Google Chrome Frame to explore our code and provide feedback about this technology [to] the open-source community."

So, who do you trust with your security?

The way I look the Chrome Frame situation right now, I think that it's an interesting idea. Sure, there will be security concerns, but since we're talking about IE here anyway, I'm not sure that I'm falling for the whole "won't someone please think of the children" thing. Other than by installing Flash Player onto a system, it's hard to see a way to make IE any less secure to be honest. And if we're going to go down that whole "friends don't let friends do insecure stuff" then I'm pretty sure that friends don't encourage friends to use IE at all ...

My guess is that Chrome Frame might be just the encouragement that Microsoft needs to make IE better (much better) than it is at present. Given how it fares when it comes to performance, compatibility and security, that shouldn't be too hard.

Topics: Browser, Google, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Given their experience it has to be Microsoft.

    Sleeper Service
    • Have to agree

      Never thought I'd [i][b]EVER[/b][/i] be saying this only a few short yrs ago, given that XP damn-near turned me to SUSE 10, but I have to say I wouldn't trust Google to keep my sock-draw secure!

      Microsoft made some [b]HUGE[/b] errors in judgement with XP - I guess they were still too busy cutting the legs out from under Netscape to focus too heavily on Windows Security as the priority it should have been, and were thus left playing the endless catch-up game. But then one has only to look at the efforts made with Vista and now Win7 to see the changes in attitude toward building in security from the get-go.

      Looking to Google however, their main priorities seem to be making money off the AdSense machine, and building their user-pool. Like MS when focusing on their battle with Netscape, I see Google making the same blunders as they focus on trying to take-down MS.

      As a further note, so long as Google keeps open pathways to mine the user-data for the purpose of refined AdSense targeting, those are doors left open for the more malicious parties to make use of. While Google wants to play that game, I could never take them seriously where security is concerned.
      • Well said, kaninelupus...

        I agree completely. I don't like Google's methods at all and I refuse to participate in any of their traps. MS certainly isn't perfect, but they've greatly improved in many ways in the last few years.
        • Re: Well said

          That's pretty much it.

          Microsoft makes their money when you buy their product.

          Google makes money by mining your personal data.

      • Microsoft naivete

        It appears that many respondents supporting Microsoft on "security" over Google or any other tier one technology company is obviously speaking from a point of ignorance rather than any real technical knowledge or understanding of the issues.

        Even the "improvements" Microsoft has made with IE/Windows/Outlook/etc. shows capability of moving from disastrous to just pretty bad - as compared to viable alternatives.

        The simplemindedness of many Microsoft dupes never ceases to amaze those of us who have knowledge of,and understand technology and the difference between the truth/reality and dreamy-eyed wishfulness.

        W. Anderson
        • Oh! I suppose you trust...

          Google after the way they sold our the people inside the PRC to the Chinese government!!

          WE THE PEOPLE control the mobile information now! This is not communist or socialist thinking, only FREE THINKING!!

          Even Iran is quaking in their boots!

          Thank you very much!
          • Right

            Yes, you're absolutely right; the fact that
            Google follows the law means that anybody who
            doesn't think Microsoft is infallible, is a
            communist! That makes so much sense. Ya. Right.

            Wait, actually, it doesn't. Sorry.

            You do know that they only have two options
            (comply with the law of whatever country they
            want to provide service to, or not let those
            people use it at all), right? Any company that
            wants to provide a service to people in China
            is going to run across this problem.

            I mean, seriously, what do you propose; that
            they buy bombers and attack Beijing?
          • Good points, and at least Google, helped...

            get the internet started in the first place which will help erode misinformation some, buy providing more information at best. However it is hard to get a warm fuzzy feeling for Google in this subject.

            I believe, none-the-less that the organization, whose name escapes me now is involved in something similar as this:


            Except the tunnel servers are actually pwned computers everywhere, which is true in any country whether they be free or not.

            Also other factors may come in to play much like the other incidents in Iran:


            Hopefully some good will come of this particular brand of internet UN-security! =)
          • Yes, there's definitely nothing fuzzy about it.

            I'm just saying it's China's (and all the other
            totalitarian countries') fault, not Google's.
      • You're Way Too Funny for Your Own Good! haha... :D

        Maybe you forgot, that it's Microsoft that's so worried about competition that they still swear by their admitted anti-competitive doctrine of "Embrace Extend Extinguish"!

        Obviously you hate Open Source, because it lays bare the truth about any hidden agendas that may be lurking in the code that runs Google's applications. Meaning you are either on the dole or too blind & ignorant to realize that for Security..... Open Source is the only code that even our own US NSA actually trusts!

        SELinux was written by them and for them because it's the only Operating System source code available and open to anybody. It now has been incorporated into the standard Linux kernel. So now Linux is viewed by most all Security minded professionals as the most Secure Operating System on the Planet! (remember Microsoft only have a secure guide written by NSA - National Security Agency)

        Now on Google Frame, they've invited everyone to come look at their code. Proving that Transparency, not the over secretive and hidden code of Microsoft products are less sinister and much more out for common good!

        Trust Microsoft and they've already proved from their very roots that you'll eventually get burnt! .....ask Gary Kildall about that. With his CPM that became 31 assorted flavors DOS (Dirty Operating System)!!!

        ...oh that's right, Bill's good buddy died due to an unfortunate accident! ;)
    • Given the users' experience it can abolutely never ever be Microsoft!

      Unless you're a masochist or possibly make money on the redmondians'
      broken platform. Look at history. The virus plague must be the most
      embarrassing part for them.
      • Well, SS IS One of Micro$haft's Biggest Fanbois

        so of course his beloved Lord and Master Darth Ballmer could NEVER ever do any wrong.... :pppp
    • Ah yes...

      Microsoft, the company that let some/all of their 2k source out into the wild by failed security. The same company that claimed source code access to their products was a matter of national security all the while entering into shared source agreements with universities in China.

      And then there's the non-problems that have occurred such as slammer, confiker etc etc.

      But wait, there's more! The old IIS flaw that's just come to light. All this for the price of a false sense of value and security, shipping and handling and warranty not included.

      Yes, given such a record one should clearly trust them.
      • At the risk of appearing like a nut...

        zkiwi, I must whole heartedly agree with you!

        China has been my number one attacker on my gateway; since 2005!

        They are so brash they don't even hide the province they broadcast their attacks from. It is the same Military province they make commercial AK-47 rifles at Norinko!

        Now don't get me wrong about gun ownership! I'm ALL for it!! Especially since China is buying out America like crazy!

        Also, don't mistake me for the usual crazy, Japan did this in the 80s, but it wasn't a big deal, because business was more important that political ideas!!

        Now almost ALL car makers in the US make cars for Toyota, Nissan, Ford(Mazda); and we don't care because they aren't the dangerous manipulators the Chinese are! The PRC is snapping up banks at a quik hop, and we better watch that our congress is not sold at the gate!!

        Look! I'm not promoting racism! But we must always be aware of the manipulators. That is why our God blessed parents sent us to school and gave us an education!!

        And a little Sunday school couldn't hoit either!!!
    • You kidding right?

      Lets be clear about this. MS is whining that a plugin to IE may "add" attack vectors to an OS which isn't secure enough to prevent you from getting infected in the first place. That is the crux of it. If it was secure, it wouldn't matter if the damn plugin added an attack vector, because the only thing malware **could** attack would be IE, not the entire OS. That is what "secure" means.

      I picked neither. I can't help think that the 41% that picked, "I trust Microsoft", are the same 41% that say Evolution isn't real in the US. I.e., people with no clue, who spend all their time drinking lots of coolaid from the community well. Though, perhaps that is an unfair comparison, I just find the numbers to be disturbingly similar.
      • Well, if you think

        you came from a monkey, you still are one.
        • Well you came from...

          the primordial ooze? What does that say about you? Bloody Christian where are the lions when you need them.

          This is about Security not about religious dogma and blindness to science and the fossil records.

          M$ are never to be trusted with security, Google are breaking their own core principles. It looks like the only people/software you can trust for security is the good old Linux brigade.

          To all the Christians, if it was not for you lot we would have developed a lot faster with more amazing scientific understanding. It was the total outlandish and brutal condemnation of Women, scientists and anything the power-mongers wished to destroy throughout Christian history. That is the reason it took several hundred years to get back on track.
          • Pardon???

            I came in late here but this is some bizarre
            thread. Can I believe that intelligent people
            with white hot technology at their fingertips
            are invoking Creationism and Christianity in an
            argument about browser security!!!!!!!!
            I'm sure someone will be blaming Obama for
            badly behaved systems before this topic ends. I

          • Sorry Robert

            I got dragged in by my total disbelief in belief. Still tried to put something useful into the browser security question.

            Nearly went there again. I will say that the banter between what security should and should not be used comes down to a similar answer. You can talk till your blue in the face about Avast/NOD32/AVG/Norton/Mcafee or S&D/SAS/malwarebyte or any of the other varients of software used for protection. The options are endless and the opinions of each and everyone of us will be different.

            To put an example up I use AVAST & Super Anti-Spy ware, hardware firewall, Vista 64 Ultimate/XP64 Pro/Mandriva 64, I browse with Opera (via M$/Linux and my Phone [if I really need to])and email via Google. Yet to some that might look weak and have inherent problems I would not run my PC any other way.

            So who would you trust? In honesty the ones you use and tell others to use also, until you hear or find something better. Take care all.
      • Message has been deleted.