German federal agency recommends Google Chrome

Decisions, decisions. For Europeans, their first-run experience on their new Windows 7 computers is now supplemented with an extra ballot screen, asking new users to pick a default browser. The move, spearheaded by an agreement between Microsoft and the European Commission, began two years ago and has contributed to a slow drop of Internet Explorer usage across all versions of the browser.

In the meantime, the latest "best security practices" guide from the German Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security) offers Google Chrome as a suggested browser for German Windows users. The browser - which also has its own ballot screen for search engines - was cited for having the strongest sandbox implementation, in addition to its automatic updating capabilities, in an extract translated on the Chrome blog (via The Verge):

The browser is the central component for using any online service on the Web and therefore is the most critical attack surface for cyber attacks. Therefore, if possible, you should use a browser with sandbox technology. The browser that currently most consistently implements this protection is Google Chrome (https://www.google.com/chrome). Comparable mechanisms implemented in other browsers are either weaker, or non-existent. By using Google Chrome, in addition to the other mechanisms we mentioned, you can significantly reduce the risk of a successful IT attack.

Equally positive is the auto-update functionality of Google Chrome, which includes a bundled version of the Adobe Flash Player. By bundling it with Chrome, the Adobe Flash Player will also always be kept up to date.

While this endorsement might be used as ammunition in the ongoing browser wars, the rest of the guide offers a list of recommendations backed by techies alike on Neowin's forums and abroad. Suggested antivirus suites are Microsoft Security Essentials, Avira Free, and avast! free antivirus. The Windows 7 firewall was also cited as being sufficient enough to ward off intrusion attempts. And of course, the oft-repeated reminder to keep software such as Adobe Reader, the Java Runtime Environment, and the operating system itself up-to-date.

Report a problem with article
Previous Story

Patriots' Tom Brady viewed illegal streamed sports video

Next Story

AT&T Samsung Galaxy Note is now available for pre-order

30 Comments

Commenting is disabled on this article.

Anything is better than Internet Explorer, ActiveX killed all IE security, that technology is a disgrace and should be disabled by default.

fastcat said,
Anything is better than Internet Explorer, ActiveX killed all IE security, that technology is a disgrace and should be disabled by default.

Stop talking about things you don't understand

ActiveX plugins are the same thing as NPAPI plugins in firefox/chrome.

Except that activex plugins are sandboxed by default since IE7/vista.

NPAPI plugins on ther other hand are not sandboxed, which makes firefox/chrome less secure than IE when running popular plugins such as flash, vlc, quicktime, adobe reader,...

link8506 said,
...

Yes the agency should have recommended poor people use ubuntu instead of XP.
For everyone else lagging behind on insecure old xp, upgrade.

I think the main reason is that chrome is compatible with all operative system. IE9 is only available, obviously, in Windows ecosystem and it's not compatible with xp.

what i want to know is did Chrome stop installing that Firefox extension thing?

because the last time i used Chrome it forced some install of a extension on Firefox.

p.s. and personally i think IE9 is pretty much the best in terms of overall performance on my old dual core CPU. but i still prefer Firefox (or i should say Waterfox) overall because of overall feel and extensions etc.

ThaCrip said,
what i want to know is did Chrome stop installing that Firefox extension thing?

because the last time i used Chrome it forced some install of a extension on Firefox.

p.s. and personally i think IE9 is pretty much the best in terms of overall performance on my old dual core CPU. but i still prefer Firefox (or i should say Waterfox) overall because of overall feel and extensions etc.

I think that's the Google Update plugin, and yes I believe it's still there. For instance, in Opera one of the plugins is this:

C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

Denis W said,

I think that's the Google Update plugin, and yes I believe it's still there. For instance, in Opera one of the plugins is this:

C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

yes, that thing. WHY do they even have that there for anyways?

it's mostly just spam if you ask me. especially considering it's one of those things that should be asked to install not just auto-install.

ThaCrip said,

yes, that thing. WHY do they even have that there for anyways?

it's mostly just spam if you ask me. especially considering it's one of those things that should be asked to install not just auto-install.

Supposedly, to impress people whenever they hit "Accept and install" and out of nowhere, a download window appears

JJ_ said,

IE9 has a major security flaw which the German Bundesamt für Sicherheit in der Informationstechnik are aware of, ActiveX

What's the flaw? Genuinely curious

geeman89 said,

What's the flaw? Genuinely curious


If I understand what he's trying to say correctly, he's pointing out that ActiveX is infamous for it's security problems...tho I don't know how many problems it still has

Matthew_Thepc said,

If I understand what he's trying to say correctly, he's pointing out that ActiveX is infamous for it's security problems...tho I don't know how many problems it still has

Big potential for 0days... Just saying...

GS:mac

Glassed Silver said,

Big potential for 0days... Just saying...

GS:mac

Integrated Flash is also insecure.

In the end it all comes down to security vs. more usability.

kavazovangel said,

Integrated Flash is also insecure.

In the end it all comes down to security vs. more usability.


Seriously...
I'd take integrated and updated Flash over a self-"managing" and updating process that always hogs in your process list (just another useless process) any day.

Especially when you consider that nowadays many still don't have Flash 11, which introduced auto-updates. (Oh Adobe... so late in the game... Shame on you!)

Of cause, no flash, better security.
But I guess the point of the recommendation is that to have the full and richest experience on the web, you'll want Chrome.

Of cause, when you're very tech savvy, there are still more routes to take, but the recommendation is for people who install the browser and settle with it. Not for the ones who know how to further tighten the security.

This is where Chrome is stellar: self-managing, very solid base security, little settings to mess up, speedy and an excellent fit for Average Joe.

GS:mac

Or you know...don't accept and run every single activex control you come across.

It's no different to say downloading every .exe you find (regardless of what browser you use) and running it. Though I think IE9 does run a virus scan now to protect you from that.

You can't necessarily point to the number of vulnerabilities and decide if it's more secure. You have to look at how fast these vulnerabilities are fixed and how easily these updates are pushed. In the case of the Chromium team and Chromes seamless updates, it's very easy.

Also, you have to take into account that vulnerabilities don't automatically equate to an exploitation. Vulnerabilities are actually counted even if an exploitation can not occur due to Chromes sandbox.

kavazovangel said,

Integrated Flash is also insecure.

In the end it all comes down to security vs. more usability.

Again, not necessarily since the integrated flash in Chrome is sandboxed. If anything, it's more secure than someone using flash in Firefox, for instance.

jkroeder said,
You can't necessarily point to the number of vulnerabilities and decide if it's more secure. You have to look at how fast these vulnerabilities are fixed and how easily these updates are pushed. In the case of the Chromium team and Chromes seamless updates, it's very easy.

Also, you have to take into account that vulnerabilities don't automatically equate to an exploitation. Vulnerabilities are actually counted even if an exploitation can not occur due to Chromes sandbox.


You realize IE was the first browser to be sandboxed and I think the first browser to be DEP and ASLR enabled too.

Just because major versions of IE get released once every two years, it doesn't mean that MS isn't doing any updates. Ie9 does get updated regularly, just with no changes to the major version number.

And btw I use chromium

/- Razorfold said,

You realize IE was the first browser to be sandboxed and I think the first browser to be DEP and ASLR enabled too.

Just because major versions of IE get released once every two years, it doesn't mean that MS isn't doing any updates. Ie9 does get updated regularly, just with no changes to the major version number.

And btw I use chromium


Yeah, but we all know how Average Joe likes to postpone those updates. And I'm not talking major versions.

Chrome virtually forces you to be up-to-date.
That's key to their success in gaining this positive feedback.

GS:mac

JJ_ said,

IE9 has a major security flaw which the German Bundesamt für Sicherheit in der Informationstechnik are aware of, ActiveX

are you still living in the age of windows xp/ie6 sp1?

Activex controls are no longer a security issue.

they've never installed themselves automatically, and since ie6 sp2 the user is no longer prompted by a modal dialog box to install an activex control, reducing the risk of social engineering.

People seems to forget that firefox extensions and plugins are much more dangerous since they do not require to be digitally signed to be installed, and firefox plugins do not run in a security sandbox.

/- Razorfold said,

You realize IE was the first browser to be sandboxed and I think the first browser to be DEP and ASLR enabled too.

Just because major versions of IE get released once every two years, it doesn't mean that MS isn't doing any updates. Ie9 does get updated regularly, just with no changes to the major version number.

And btw I use chromium

Yes, and IEs Protected Mode only works when UAC is enabled whereas Chromes sandbox works regardless of user level token.

jkroeder said,

Yes, and IEs Protected Mode only works when UAC is enabled whereas Chromes sandbox works regardless of user level token.


inb4 "NO UAC?!!!! OMG!!!one!!!1"

GS:mac

jkroeder said,

Yes, and IEs Protected Mode only works when UAC is enabled whereas Chromes sandbox works regardless of user level token.


So? Then enable UAC lol.

Also Chrome's sandbox was made possible by reverse engineering parts of Windows and using undocumented APIs (or at least it was).

/- Razorfold said,

Also Chrome's sandbox was made possible by reverse engineering parts of Windows and using undocumented APIs (or at least it was).

mind if I request a source?

Good stance.

Chrome is an excellent browser which I use when I also VPN or just need a snappy starting browser on my not so high-end netbook!

Definitely a good browser to feed to someone who cares about security, but forgets about the updates.
Not so excellent when you're on the go and the browser decides to download its update on your precious data package or in a non-3/4G-area! ;P

GS:mac