chrome German gov't endorses Chrome as most secure browser

[+Frank B. Subscriber²]

German gov't endorses Chrome as most secure browser

Federal security agency touts sandbox, silent update as features that keep citizens safer online

Germany's cyber security agency today recommended that Windows 7 users run Google's Chrome browser, citing the application's sandbox and auto-update features.

In a security best practices guideline, Germany's Federal Office for Information Security, known by its German initials of BSI, said Chrome was the best browser.

"Your internet browser is the key component for the use of services on the Web and thus represents the main target for cyber-attacks," said BSI in its published advice. "By using Google Chrome in conjunction with the other measures outlined above, you can significantly reduce the risk of a successful IT attack."

BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation.

"This [sandbox] protection is implemented most consistently in Chrome...[and] similar mechanisms in other browsers are currently either weaker or non-existent," explained BSI.

BSI, for "Bundesamt fuer Sicherheit in der Informationstechnik," has a habit of making software recommendations, particularly about browsers, unlike U.S. agencies. Two years ago, for example, BSI urged Germans to stop using Internet Explorer (IE) until Microsoft patched a vulnerability that had allegedly been used by Chinese hackers to break into networks owned by Google and dozens of other Western companies.

Unlike in the U.S., where Windows 7 users are automatically handed IE as the default browser, Germans are shown a browser ballot screen when they first run Windows. The ballot screen lets users choose which browser they want to set as the default, and if necessary, download and install it.

That selection process stems from a settlement Microsoft reached with European Union antitrust regulators in 2009, two years after Opera Software officially complained that IE's bundling with Windows and the browser's default status stifled competition.

Not surprisingly, Google was happy about the recommendation. "We're particularly honored to see several of [Chrome's] security benefits recognized in the report," wrote Wieland Holfelder, who heads Google's engineering efforts in Germany, in a Friday post to Chrome's official blog.

BSI also recommended Adobe Reader X -- the version of the popular PDF reader that, like Chrome, relies on a sandbox to protect users from exploits -- and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes.

To update applications, BSI gave a nod to Secunia's Personal Software Inspector (PSI), a free utility that scan a computer for outdated software and point users to appropriate downloads.

Chrome currently accounts for just 14.3% of all browsers used in Germany, according to Irish Web measurement company StatCounter. Mozilla's Firefox has 51% of the German market, while IE accounts for 24.8%.

While Mozilla is making progress on silent updates for Firefox, the company won't wrap up the project until June at the earliest. Nor does Firefox include a Chrome-esque sandbox, although developers have been working on separating each tab's process, something Chrome also offers, to make its browser more resilient to crashes.

Worldwide, Chrome is more popular: StatCounter's data shows that Chrome's 28.4% share put it in second place behind IE's 37.5% but ahead of Firefox's 24.8%.

The BSI best practice guides for consumers and small businesses can be found on the agency's website. Both documents are in German.

Source: Computerworld

[c3ntury]

I've got to admit, the German government certainly seems to have their head on the right way.

/hugs Chrome.

[FMH]

So they didn't really did a true comparison, just called it safer because it auto-updates?

A comparison of latest versions, through testing, would have been nicer.

[n_K]

Well as they probably use linux in the government, it's a choice between firefox, chrome and anything else that's multi-OS.

Firefox has gone to **** these days so there's only really chrome left as the logical choice for the majority of users.

[FMH]

Well as they probably use linux in the government, it's a choice between firefox, chrome and anything else that's multi-OS.

Firefox has gone to **** these days so there's only really chrome left as the logical choice for the majority of users.

Well I don't have source, but I'm quite certain that they use Windows. All governments do. :)

[+Majesticmerc MVC]

Well I don't have source, but I'm quite certain that they use Windows. All governments do. :)

Not true, The French government switched to Linux [Source] in 2006. The Russians are aiming to roll out Linux across the public sector by the end of 2015 as well. The Germans tried, but gave up when they realised they'd bitten off more than they could chew, and citing hardware compatibility issues (which is a fair point). As far as I'm aware, they're still on XP.

[Beyond Godlike]

Firefox with noscript is.

Noscript on chrome doesnt even work, the way crome works is that it still loads the scripts anyways.

[Phouchg]

Advance it to SRWare Iron and I'm for it.

[remixedcat]

Been using Chrome for a few months now and I love it. It is a bit more bloated then Fx-N is, however that's to be expected with multi-process overhead. I've gotten mine to be close to what I had in Fx-N and it's pretty smooth.

[Aethec]

Not true, The French government switched to Linux [Source] in 2006. The Russians are aiming to roll out Linux across the public sector by the end of 2015 as well. The Germans tried, but gave up when they realised they'd bitten off more than they could chew, and citing hardware compatibility issues (which is a fair point). As far as I'm aware, they're still on XP.

AFAIK, the French government isn't entirely using Linux. They're still in a migration state, which will last for some time.

The Russians were trying to develop a Linux-based OS some time ago...but most of these government OS' look ridiculous (not enough funding, resources, time...).

Here in Switzerland, Red Hat made a fuss about the government choosing Microsoft products since they didn't want to migrate to a different OS. Laughable.

Back on topic...that's a nice initiative from the German government, but I don't remember them asking people not to use a browser due to a 0-day flaw apart from the IE one used to exploit Google. That'd be fun: "don't use Firefox, it has flaws! don't use Chrome either! don't use IE! ok, now you can use Firefox again...no, in fact, it still has flaws! use Chrome! ...".

[PsYcHoKiLLa]

So they didn't really did a true comparison, just called it safer because it auto-updates?

A comparison of latest versions, through testing, would have been nicer.

Internet Explorer has a huge release schedule compared to both Chrome and Firefox, thus they are better and more efficient at being able to fight threats cos they can be updated sooner.

[Mr. Gibs]

Internet Explorer has a huge release schedule compared to both Chrome and Firefox, thus they are better and more efficient at being able to fight threats cos they can be updated sooner.

Not strictly true. Security updates for IE are still delivered and the version number does change. For example, the latest version of IE9 is 9.0.4:

http://support.microsoft.com/kb/2618444

Most other browser manufacturers (though firefox seems to be doing that now) don't see the point in changing the browser's major version number because one tiny bit of code has been edited. Google thinks the version number is irrelevant hence why Chromium is on like version 19.0.1031.0 (last week it was version 18 lol).

[still1]

So they didn't really did a true comparison, just called it safer because it auto-updates?

A comparison of latest versions, through testing, would have been nicer.

you think auto update is not so important??? it is very important... google fix a lot of security issues and they get pushed automatically making it much safer.

if you want to know the importance of auto update look at the market share of IE6 and IE7. IE6 and 7 are not safe to browse with and the reason they are still here?? auto update.

and sandboxing is the key security for chrome.. its not just that if you read the actual BSI article they have explained it clearly.

[lalalawawawa]

you think auto update is not so important??? it is very important... google fix a lot of security issues and they get pushed automatically making it much safer.

if you want to know the importance of auto update look at the market share of IE6 and IE7. IE6 and 7 are not safe to browse with and the reason they are still here?? auto update.

and sandboxing is the key security for chrome.. its not just that if you read the actual BSI article they have explained it clearly.

Well, you could modify IE to automatically update itself. Oh, and by using XP, you have a far more important thing to do than update a web browser.

[still1]

Well, you could modify IE to automatically update itself. Oh, and by using XP, you have a far more important thing to do than update a web browser.

you have to modify IE to do an auto update? how many know how to do that or even exist? maybe few thousand.. that's no justification for an auto update feature that IE dont have.. MS went to the right way by making IE important update in windows update but that's still not enough..

"far more important thing to do than update a web browser."

also, the german government were looking for security and the reason u gave above is one reason why auto update is needed.. there is far more important thing to do than update and thats why chrome do it for u so that u dont have to worry about it.

[FMH]

you think auto update is not so important??? it is very important... google fix a lot of security issues and they get pushed automatically making it much safer.

if you want to know the importance of auto update look at the market share of IE6 and IE7. IE6 and 7 are not safe to browse with and the reason they are still here?? auto update.

and sandboxing is the key security for chrome.. its not just that if you read the actual BSI article they have explained it clearly.

I get your point. But that doesn't mean that Chrome is securer, per se.

An accurate assessment would've been, that auto-updating feature keeps everyone on the latest version. And thus updated, for any malware or viruses.

[still1]

I get your point. But that doesn't mean that Chrome is securer, per se.

An accurate assessment would've been, that auto-updating feature keeps everyone on the latest version. And thus updated, for any malware or viruses.

BSI article clears says why they chose chrome and the reasons.. one example of chromes security is pwn2own contest. It has never been hacked by anyone even for 60k reward last year. The rest of the browsers were hacked that's a classic example.

[lalalawawawa]

BSI article clears says why they chose chrome and the reasons.. one example of chromes security is pwn2own contest. It has never been hacked by anyone even for 60k reward last year. The rest of the browsers were hacked that's a classic example.

Was IE9 hacked?

[FMH]

BSI article clears says why they chose chrome and the reasons.. one example of chromes security is pwn2own contest. It has never been hacked by anyone even for 60k reward last year. The rest of the browsers were hacked that's a classic example.

The sand-boxing has been bypassed.

[Garyowen006]

Very Suspicious...

Was it not last year that the German Police got caught planting evidence and information into computers both foreign and domestic ?

:shiftyninja: "counter intelligence". It's not just 'vice squad' anymore.

The USA got caught doing the same with Iranian computer traffic.

[still1]

Was IE9 hacked?

IE9 was not released at that time. This competition happens on march and IE9 was released after the competition.

we will see this year...

The sand-boxing has been bypassed.

bypassing sandboxing is useless without bypassing ASLR or DPE.. last year they bypassed sandboxing(before the contest even begin) but google fixed the issue month ago and was pushed to stable version few weeks before the contest. now that's the advantage of having an auto update.

[Daedroth]

If the German government is using Google Chrome, does that mean Google knows everything that the government are doing on the web?! I'd say that was somewhat insecure...

[Mr. Gibs]

BSI article clears says why they chose chrome and the reasons.. one example of chromes security is pwn2own contest. It has never been hacked by anyone even for 60k reward last year. The rest of the browsers were hacked that's a classic example.

And I think you'll find that in the very same pwn2own contest, all the browser hackers said IE8 was the hardest to hack / most secure browser EVEN though Chrome wasn't hacked.

Not to mention, the best exploits won't ever get shown in competitions like that. Sorry but the prize money is what? $10,000? Zero day exploits for popular programs are worth far far more than that.

[still1]

And I think you'll find that in the very same pwn2own contest, all the browser hackers said IE8 was the hardest to hack / most secure browser EVEN though Chrome wasn't hacked.

Not to mention, the best exploits won't ever get shown in competitions like that. Sorry but the prize money is what? $10,000? Zero day exploits for popular programs are worth far far more than that.

seriously that was your explanation to prove that IE8 is secure?? IE was hacked but it was hard to hack(it was hard to hack in the list of browsers that was hacked). chrome couldnt be hacked so that makes it even more secure and almost impossible to hack!!! where are you getting these logics???

[LittleNeutrino Veteran]

pwn to own also agrees that it is the most secure browser as well