Charlie Miller: Windows 7 + IE 8 or Chrome provides safest computing experience

If you weren't already aware, Charlie Miller is a rather prominent white hat hacker and security expert, who regularly makes headlines as what he has to say is generally pretty important. He often participates in (and has won twice) the Pwn2Own competition, where groups of hackers compete against each other for rewards, in order to uncover security flaws in major operating systems or browsers.

As the Pwn2Own 2010 competition is a couple of weeks away, interviews with the competitors are beginning to be released, with the aforementioned Charlie Miller giving his thoughts on the currently world of technology security. Miller was asked which of the two operating systems out of Windows 7 and Snow Leopard would be harder to hack, with the answer being the former; Windows 7 has what is known as full ASLR (address space layout randomization), in addition to being harder to attack as Java and Flash aren't installed by default. Upon being asked about the safest operating system plus browser combination, Miller responded with Windows 7 in addition to Internet Explorer 8 or Google's Chrome browser – though, he also stated that not having Flash installed is a big factor. He stated, "There probably isn't enough difference between the browsers to get worked up about. The main thing is not to install Flash!"

On the subject of mobile security, the question was raised over which platform is most secure, out of the iPhone OS and Android. Miller believes that the iPhone OS is easier to exploit, though that is because it has been around for longer, so security researchers have had a longer time to find vulnerabilities. Windows Phone 7 is a potential target for next years Pwn2Own, which is nothing but a good thing as it'll help out the consumers who use it regularly. 

It's interesting to hear what an experienced security expert has to say on the matter which has been discussed. Be sure to stay attentive during the end of March when this year's Pwn2Own is held, as it affects almost everybody.

Report a problem with article
Previous Story

Microsoft releases Facebook application for Zune HD

Next Story

AT&T removes Google search from Android

65 Comments

View more comments

Kirkburn said,

This is ON PURPOSE. The prefixes exist because it's implementation of specs that aren't (or weren't) quite finalized and stable. Once they are, the prefixes are no longer required. It's to ensure people don't rely on old/broken implementations.

Oh I know that. I was just saying, CURRENTLY we have to do more work to add CSS3 features in those browsers. Sorry if you misunderstood my post.

ilev said,
So Apple is right about no flash.

Apple makes more money by not offering Flash, so whatever reason they offer other than that should be considered a well reasoned excuse at most.

ilev said,
So Apple is right about no flash.

Apple is only jealous that it's iPhone can not handle flash without consuming a great quantity of battery. Hence they will be supporting HTML5 ideals.

And remember, that each time a programming software is installed, there's always going to be new vulnerabilities and type of exploit. But if we live with fear, not even at Google's homepage we are going to be able to enter

Edited by Jose_49, Mar 2 2010, 11:59am :

I fail to understand how this is safer than any Linux distro (especially the majority that don't bundle Flash, and he's making a strong point about it as a benefit to Windows) in combination with Firefox or Chrome. Or is he only comparing Windows and OS X?

Symod said,
I fail to understand how this is safer than any Linux distro (especially the majority that don't bundle Flash, and he's making a strong point about it as a benefit to Windows) in combination with Firefox or Chrome. Or is he only comparing Windows and OS X?
From the article (if you read it): "Miller was asked which of the two operating systems out of Windows 7 and Snow Leopard would be harder to hack [...]"

That's a pretty weak argument considering all the "wrong" things are pretty much opinions. It sounds more like personal bias to me.

Edited by Tekkerson, Mar 2 2010, 10:12am :

DJGM said,
The only good thing about Chrome is the fast rendering engine it uses, but pretty much everything
else about it is simply wrong. The over simplistic GUI is wrong ... the lack of menu bar is wrong ...
but worst of all, absolutely overflowing with wrong, is they way it installs itself into the area
set aside for documents and settings in Windows, rather than Program Files the place
where all software installations are meant to go.

Until Google fixes these issues, I shall continue to advise people against using Chrome.

Remember, that there are tons of people who like Chrome's design.

DJGM said,

but worst of all, absolutely overflowing with wrong, is they way it installs itself into the area
set aside for documents and settings in Windows, rather than Program Files the place
where all software installations are meant to go.
Chrome.

Not true. Program Files is the location for per-machine installs. Per-user install location is the %LocalAppData%\Apps folder (\Users\<user>\AppData\Local\Apps). http://blogs.msdn.com/windows_installer_team/archive/2009/09/02/authoring-a-single-package-for-per-user-or-per-machine-installation-context-in-windows-7.aspx

DJGM said,
The only good thing about Chrome is the fast rendering engine it uses, but pretty much everything
else about it is simply wrong. The over simplistic GUI is wrong ... the lack of menu bar is wrong ...
but worst of all, absolutely overflowing with wrong, is they way it installs itself into the area
set aside for documents and settings in Windows, rather than Program Files the place
where all software installations are meant to go.

Until Google fixes these issues, I shall continue to advise people against using Chrome.


All the wrong you said is just your opinion... I like chrome layout and it simplicity and I am sure there are millions who like the way as I do.

still1 said,

All the wrong you said is just your opinion... I like chrome layout and it simplicity and I am sure there are millions who like the way as I do.

Maybe, there are a millions of people that are wrong.

For example :one thing is simplicity and other (sometimes unrelated) is the lack of features. At first sight, Chrome is fine but later most people find that to do some specific task will require several clicks or require to do some tricks do achieve the same task than in other browser can be done just clicking in a icon.

soumyasch said,

Not true. Program Files is the location for per-machine installs.
Per-user install location is the %LocalAppData%\Apps folder (\Users\<user>\AppData\Local\Apps). http://blogs.msdn.com/windows_installer_team/archive/2009/09/02/authoring-a-single-package-for-per-user-or-per-machine-installation-context-in-windows-7.aspx


That's a new thing, but it's still wrong. Program Files is the standard location for all software
installations since 1995. Deviating from that is wrong. For a start, software that installs itself
into an area that is set aside specific for user documents, profile data and software settings,
can allow unauthorised software installations by people (such as employees and students)
not allowed to install their own software on computers they do not own.


I could go into my local library tomorrow, attempt to install something like Firefox, and it'd be
blocked instantly as it tries to install into the default /Program Files/Mozilla Firefox/ location.
Attempting to install Chrome on the same PC, would be successful considering where it
installs itself by default, with no option to choose the proper install location

If more software vendors jump on this bandwagon, it has the potential to become a security
nightmare for IT staff and administrators in companies/universities/schools ... etc. The more
software vendors that go down this path, malware and virus writers are sure to follow.

The has got to be stopped NOW before it sets a very dangerous precedent.

It's probably already too late . . .

Edited by DJGM, Mar 2 2010, 9:57pm :

This guy is an absolute idiot, I'm pretty sure LYNX on FreeBSD provides much better security.
No javascript, so it'd be darn hard to exploit that.

n_K said,
This guy is an absolute idiot, I'm pretty sure LYNX on FreeBSD provides much better security.
No javascript, so it'd be darn hard to exploit that.

Wow really now? I think you're an idiot because not connecting my computer to the Internet provides much better security than Lynx on FreeBSD.
No Internet, so it'd be darn hard to exploit that.

Edited by -Razorfold, Mar 2 2010, 11:12am :

n_K said,
This guy is an absolute idiot, I'm pretty sure LYNX on FreeBSD provides much better security.
No javascript, so it'd be darn hard to exploit that.
The only idiot here seems to be you, not being able to read the article.

n_K said,
This guy is an absolute idiot, I'm pretty sure LYNX on FreeBSD provides much better security.
No javascript, so it'd be darn hard to exploit that.

"Miller was asked which of the two operating systems out of Windows 7 and Snow Leopard would be harder to hack..."

So the main thing is not to install flash.........the internet wouldn`t be anywhere near as entertaining if it weren`t for flash.
I know others would take it`s place if it wasn`t there, who doesn`t install flash?

Riggers said,
So the main thing is not to install flash.........the internet wouldn`t be anywhere near as entertaining if it weren`t for flash.?

I'm afraid I disagree with you. I only install Flash so I can watch Flash Video's. I detest sites that use slow load flash images to stroke corporate egos. I use Firefox FlashBlock, along with BetterPrivacy, so I can control Flash, and delete their despicable "super cookies".
Google are now competing with Microsoft at Satan's top table. IMO, anyone installing Google Chrome is supping with the devil. I wonder how many people realise how much of their surfing is being "data mined" by Google (and others). Big brother is watching every mouse click!

boho said,

I'm afraid I disagree with you. I only install Flash so I can watch Flash Video's. I detest sites that use slow load flash images to stroke corporate egos. I use Firefox FlashBlock, along with BetterPrivacy, so I can control Flash, and delete their despicable "super cookies".
Google are now competing with Microsoft at Satan's top table. IMO, anyone installing Google Chrome is supping with the devil. I wonder how many people realise how much of their surfing is being "data mined" by Google (and others). Big brother is watching every mouse click!

How the unique (and non-unique) IDs are used by Google is publicly mentioned: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=107684
Do you have any other evidence on the contrary to back your claims up?

Commenting is disabled on this article.