Google to offer admin-free Chrome Frame installs

If you're stuck at your workplace and wished for an alternative to the outdated version of Internet Explorer installed on workplace workstations and if the company only allows a few whitelisted applications to run (thus blocking out the possibility of portable browsers on USB flash drives), you had one option to turn to for improved performance on some of your favourite sites: Google's Chrome Frame. That is, if you convinced your local administrator to sneak the plugin into your workstation. If you failed, then not to worry - Google's got your back with a new dev build of Chrome Frame that does not require any administrator rights to install. (Just hope your administrator doesn't find out about it and block it.)

The announcement was made at Google I/O and reported on by TechCrunch. Google did point out that there are tools available for administrators to set certain restrictions on what Chrome Frame can do. The Google developers on stage did not make clear the technical details of making a working admin-less install of Chrome Frame. Regardless, this should help the 30% of users who cannot get plugins into Internet Explorer on their workstations.

The new addition can be tested in the dev channel build, which is available here.

Report a problem with article
Previous Story

Tuesday's PC game sales include The Witcher for $4.99

Next Story

23,000 BitTorrent users to be sued for downloading 'The Expendables'

64 Comments

Commenting is disabled on this article.

For some reason I doubt this will last long. There's too many issues with having a product like this. Like so many have voiced their opinions, this goes against IT policies in many companies and also can open the door to even more exploits. Ok, it requires a meta tag to activate but how hard it is to inject a meta tag into a malicious web app...

I've seen a couple other Sysadmins chime in, but I would like to add.

Circumventing the established policies of the enterprise, no matter how bad they may be (see above IE6 references) is just wrong. Google may be doing this from a 'do no evil' stance, but they are not making any friends in the IT side of the businesses out there.

John Nash said,
I've seen a couple other Sysadmins chime in, but I would like to add.

Circumventing the established policies of the enterprise, no matter how bad they may be (see above IE6 references) is just wrong. Google may be doing this from a 'do no evil' stance, but they are not making any friends in the IT side of the businesses out there.


I'm not even much of an IT sysadmin, but they're ****ing me off greatly with this.

Google releases a way for end users to circumvent restrictions and install a completely unnecessary program on company property, and they are heroes? What?

As a sysadmin, this bothers me. IT policies are still policies whether you like them or not, and are usually in place for a reason. To try and sneak around them is just plain shady, a big -1 to Google for encouraging this.

No its not unnecessary. If you are the IT department not upgrading the browser on the machine past IE6, to something Microsoft is still supporting, then you deserve to have the user install chrome frame and beat you.

oh so that it can get owned everywhere, like it just has been? leave the installs to the admins google. thx.

Explain to me how this is bad. Companies cant or wont upgrade from IE6, so you install chrome frame on your machine to circumvent unwillingness to upgrade the browser. Now you are essentially using chrome instead of IE. Glad they are making it easier to have better security IE 6 has tons of security flaws and if the IT department doesn't recognize that you are doing them a favor by installing this.

^this. admins that retain and enforce IE6 as a security measure should be relieved of their duties. if it's an issue of third-party app compatibility, then you'll know Chrome Frame broke it, and remove it if that app is critical.

Best leave the security of your work computer up to those that are responsible for it, even if you do think that you're more knowledgeable about computers than they are.

Unfortunately, not that many people actually know and understand what a Software Restriction Policy GPO actually does when set up correctly. When crafted properly (dissallowed executables everywhere except %programfiles% and %windir%) nothing can touch it.... It'll laugh at Portable Apps toys all day long.... What's even more fun is when you set up an eventtrigger to send an alert (custom VBScript) whenever it sees an SRP event in the event log..... Then you can watch the fail.

kryten said,
Also, don't forget your admin can block access to removable drives. Group Policy has its place.

Not just that, but Proxies and firewall rules can block various websites too.

no way, this has nothing to do with IE but do NOT take the ability of an admin to control workstations away with this

neufuse said,
no way, this has nothing to do with IE but do NOT take the ability of an admin to control workstations away with this

Precisement.

The entire Chrome package has been a non-admin install for a long, long time now (uses .NET ClickOnce). This isn't any different from a control perspective.

Phantom Phreak said,
Or, in my case, my company really doesn't care what I install, as long as it has a legitimate corporate use
A visit from the BSA and a hefty dent in their wallet will make them care. What is legitimate to them may not be according to the EULA and lawyers of the BSA.

zeke009 said,
A visit from the BSA and a hefty dent in their wallet will make them care. What is legitimate to them may not be according to the EULA and lawyers of the BSA.

wot?

Quigley Guy said,

wot?

I do believe he means that a reasonable amonut of free software is legally only free for personal use. The BSA, however, doesn't exactly have a lot of representation from companies who produce free software, so it's largely a non-issue. On the other hand, copies of Photoshop and AutoCAD from TPB could land an organization in a bit of trouble.

Developers need to add a specific meta tag in the html head to enable chrome frame... So even if an employee did install this, its not going to affect existing legacy software.

Quigley Guy said,
Developers need to add a specific meta tag in the html head to enable chrome frame... So even if an employee did install this, its not going to affect existing legacy software.

Exactly. Hopefully people complaining here realize that. This won't affect intranets, for example. Heck I have yet to see a site that requests Chrome Frame. And it'd likely be the kind that would be worse off with IE (hence why requesting it), so it'd lead to less support calls to IT.

UndergroundWire said,

Nope, just too many people who like IE I guess who don't actually want to admit it.

I'll gladly admit I use IE9, and I love it.

UndergroundWire said,

Nope, just too many people who like IE I guess who don't actually want to admit it.

I'm pretty sure you have no idea what you are posting about here, just trying to flame the fanboy wars, which really doesn't help. Let the adults talk.

Raa said,

I'll gladly admit I use IE9, and I love it.

I'm not normally one to do web developing but I have recently. My site uses a few relatively light jquery scripts. Most the time, we're simply talking about a simple img preloading fade that make IE9 crawl still, compared to other browsers. I really don't get it, I thought IE9 wouldn't have problems like this with GPU acceleration.

bob_c_b said,

I'm pretty sure you have no idea what you are posting about here, just trying to flame the fanboy wars, which really doesn't help. Let the adults talk.


So what does the adult here have to say? At least meet the argument instead of trying to slander and belittle the poster. That's not a very adult thing to do.

_DP said,

I'm not normally one to do web developing but I have recently. My site uses a few relatively light jquery scripts. Most the time, we're simply talking about a simple img preloading fade that make IE9 crawl still, compared to other browsers. I really don't get it, I thought IE9 wouldn't have problems like this with GPU acceleration.

make sure you're using the latest jquery version. (old versions of jquery are using IE4-based filters which are not efficient in IE9)
and check whether hardware acceleration is enabled in IE9
http://blogs.msdn.com/b/ieinte...oftware-rendering-mode.aspx

Irresponsible, I hate that we still have legacy IE rolling around but stuff like this is just plain wrong. This will get Google software perma-banned at my place and even though it's not even remotely related, the zealots will use it to cast dispersion on Linux as well.

With such enterprise hostile actions it will be a long time before google is a major player in the enterprise. Just so they can grab your data.

****, why does Google have to make running an IT department and enforcing company standards harder.

All things like this does is make it easier for the users to break their stuff then blame IT when it's their fault something doesn't work.

Epic0range said,
****, why does Google have to make running an IT department and enforcing company standards harder.

All things like this does is make it easier for the users to break their stuff then blame IT when it's their fault something doesn't work.

No kidding and then we get to be the bad guy when we say "it isn't approved, so tough luck". Getting off of IE6 is hard enough, wasting time chasing down **** like this is just annoying.

Epic0range said,
****, why does Google have to make running an IT department and enforcing company standards harder.

All things like this does is make it easier for the users to break their stuff then blame IT when it's their fault something doesn't work.

Agreed, going to have to put this through the block lists now. Gah.

Raa said,

Agreed, going to have to put this through the block lists now. Gah.

Is adding Schools (Managing pc's with still IE6 or IE7) to this topic a good example?

random_n said,
If you're using blacklists instead of whitelists, you're doing it wrong. Software Restriction Policies for the win.

Muahaha! Easy enough to get around them all without you (sys admin) knowing a darn thing. Too easy!

random_n said,
If you're using blacklists instead of whitelists, you're doing it wrong. Software Restriction Policies for the win.

Try doing that on a infrastructure that has about 20 non-trusted domains, and many Novell setups, and to make it harder I'm just a field tech that has to deal with this, the department that would have to make that change couldn't care any less due to how much of a PITA it would be.

Epic0range said,
****, why does Google have to make running an IT department and enforcing company standards harder.

All things like this does is make it easier for the users to break their stuff then blame IT when it's their fault something doesn't work.

I have news for you. We can do this before hand with portableapps.com. I even showed my IT guy, I don't need no stinken admin rights to install this. It was basically a big FU to him since there is no way to stop it.

Later on I broke into the admin account and reset the password so I can give my account admin rights. Personal experience: IT people don know SH**

Epic0range said,

Yes I'm well aware of portable apps, thats why we confiscate non-company branded USB sticks in my office.
I remember when people did that, then we got management to fire them for it. ^.^ It's breach of contract.

The few people that have admin right are our developers and I don't even trust them. I had one this week that some how managed to delete his own admin group on his computer. If a person can be that dumb how can I expect the average "oh i know computers" person to not still get spyware everywhere?

You weren't smarter than IT, you were just a **** sucker.

wow

UndergroundWire said,

I have news for you. We can do this before hand with portableapps.com. I even showed my IT guy, I don't need no stinken admin rights to install this. It was basically a big FU to him since there is no way to stop it.

Later on I broke into the admin account and reset the password so I can give my account admin rights. Personal experience: IT people don know SH**

I hear about developers having a fit when they get caught after changing the local admin account or disabling services required by security being reimaged as a result. No sympathy what so ever. Do what you want to your home PC, do what you are supposed to on the one your employer is LETTING YOU USE!

MrTwentyfour said,

Is adding Schools (Managing pc's with still IE6 or IE7) to this topic a good example?


A VERY good example. Students shouldn't be trying to bypass restrictions in place on educational systems. It's in place to protect them.

Epic0range said,

Yes I'm well aware of portable apps, thats why we confiscate non-company branded USB sticks in my office.
I remember when people did that, then we got management to fire them for it. ^.^ It's breach of contract.

The few people that have admin right are our developers and I don't even trust them. I had one this week that some how managed to delete his own admin group on his computer. If a person can be that dumb how can I expect the average "oh i know computers" person to not still get spyware everywhere?

You weren't smarter than IT, you were just a **** sucker.

Fortunately I am smarter than them. The kicker is, those dumb IT folks had no clue about portable apps. They also update our machines 1 every 3 months. I need admin rights because I am extremely anal about security on my machine. But from my experience, most IT folks are dumb anyway. They do as there told. Those who know more are in a better line of work.

Raa said,

A VERY good example. Students shouldn't be trying to bypass restrictions in place on educational systems. It's in place to protect them.

Are you kidding me? The restrictions impede our efficiency like crazy... it's awfully hard to do any work when most of the system's resources are locked down and you're left with crummy programs, programs that have half their functions restricted, and most websites blocked, even if they're completely safe and relevant.

Novell is a piece of ****.

zeke009 said,
I hear about developers having a fit when they get caught after changing the local admin account or disabling services required by security being reimaged as a result. No sympathy what so ever. Do what you want to your home PC, do what you are supposed to on the one your employer is LETTING YOU USE!

See my comment above. Also, I never need to call the "helpless" desk. I've been working there 5 years and have had 2 computer upgrades. They never say anything. IT folks read a screen for a list of solutions to go through. They are overpaid and trained very little from my experience. If you need to know, I've worked 5 years for the City of NY. No one there knows SH**. Now I'm a consultant for the Port Authority of NY & NJ. They are worse than NYC. My company that I work for at least has the common sense to let us use Firefox or Chrome. They also have no issues with Portable Apps and we are updated right away even with software such as AutoCAD or ArcGIS. So no need for me to have admin rights there.

war said,
Muahaha! Easy enough to get around them all without you (sys admin) knowing a darn thing. Too easy!

It's true that physical access means full control, but if you're going to go nuts loading software into the systems' trusted directories with boot discs or whatnot, then I've got a manager who wants to talk to you.

Seriously; make a reasonable request and your IT guy will probably be very amenable. If you circumvent explicit restrictions, management will eventually find out and you're just going to get everybody GPOed to hell.

As for managing restrictions across multiple disparate domains... all the tools are there (be it Active Directory or ZENworks) to allow limited deployments for testing and eventual mass rollout. Yeah, it'll probably be hard and take a fair bit of time to get right, but it's totally worth it in the end.

UndergroundWire said,

See my comment above. Also, I never need to call the "helpless" desk. I've been working there 5 years and have had 2 computer upgrades. They never say anything. IT folks read a screen for a list of solutions to go through. They are overpaid and trained very little from my experience. If you need to know, I've worked 5 years for the City of NY. No one there knows SH**. Now I'm a consultant for the Port Authority of NY & NJ. They are worse than NYC. My company that I work for at least has the common sense to let us use Firefox or Chrome. They also have no issues with Portable Apps and we are updated right away even with software such as AutoCAD or ArcGIS. So no need for me to have admin rights there.


sorry mate had to reply to your message, you make it sound like IT administrators are out to get you lol, 99% of the time IT admins, are being advised from management on what they want their staff to have access to, on top of that they need to ensure the security of their systems machines so that everyday users don't open and install virus's from things they dont understand or need, in the end, there is a reasons these restrictions are put in place and its not a power trip thing, its for the safety of the systems.

UndergroundWire said,

I have news for you. We can do this before hand with portableapps.com. I even showed my IT guy, I don't need no stinken admin rights to install this.
Personal experience: IT people don know SH**


Blocking USB ports... No matter what users do... Theres always a way around the work around

Also saying downloading from other sources, blocking un-authorized exe files can work i believe.

The issue is always when the users "think" they know what they are doing and do something wrong is when we start having problems.. IE works fine and is easy to manage... Some companies have a system in place and would actually like it enforced,.. If you dont like your companies policies then i dont think you should be working there...

zeke009 said,
No kidding and then we get to be the bad guy when we say "it isn't approved, so tough luck". Getting off of IE6 is hard enough, wasting time chasing down **** like this is just annoying.
Well, if you're blocking a browser then you possibly are the "bad guy." At work, just looking at their network, it's obvious their admin has no ****ing clue. Luckily I can just extract a Firefox .zip and run it from a desktop without ever having to install anything, otherwise I might have to shoot myself in the head for being forced to use IE6. Bad enough they're still on XP.

Eugene C said,

Are you kidding me? The restrictions impede our efficiency like crazy... it's awfully hard to do any work when most of the system's resources are locked down and you're left with crummy programs, programs that have half their functions restricted, and most websites blocked, even if they're completely safe and relevant.

Novell is a piece of ****.


novell was glorious. they just sucked at marketing.

brent3000 said,

Blocking USB ports... No matter what users do... Theres always a way around the work around

Also saying downloading from other sources, blocking un-authorized exe files can work i believe.

The issue is always when the users "think" they know what they are doing and do something wrong is when we start having problems.. IE works fine and is easy to manage... Some companies have a system in place and would actually like it enforced,.. If you dont like your companies policies then i dont think you should be working there...

Not my company dude. It's my client and they have SH**Y policies. Believe me when I tell you those idiots have no clue. They can not block USB ports since we a re told we are responsible for our own backups. But I find it funny how all the IT people comments are insulting on the user. Trust me, you are in IT "help desk" because you are not smart enough to get a job that is better than that. That's my opinion based on personal experience.

Giggity said,


sorry mate had to reply to your message, you make it sound like IT administrators are out to get you lol, 99% of the time IT admins, are being advised from management on what they want their staff to have access to, on top of that they need to ensure the security of their systems machines so that everyday users don't open and install virus's from things they dont understand or need, in the end, there is a reasons these restrictions are put in place and its not a power trip thing, its for the safety of the systems.

You obviously didn't read any of my comments. My client I work for updates there machines once every three months. I'm sorry I have issues with that.

No. 2 the antivirus definitions are always out of date (most users don't know it). Again I have issues with that.

Since there IT people are such dummies, I will break into my machine, give myself Admin rights. Then I run a proxy (since Windows Update is blocked) to update my machine.

If these IT people had any clue, I would not have been getting away with this for 10 years now (5 years in my old job, 5 years in my new one).

UndergroundWire said,

I have news for you. We can do this before hand with portableapps.com. I even showed my IT guy, I don't need no stinken admin rights to install this. It was basically a big FU to him since there is no way to stop it.

Later on I broke into the admin account and reset the password so I can give my account admin rights. Personal experience: IT people don know SH**

I generally agree. They don't know much about software, and this is why network are enforced with such draconian rules. In my experience most of them (IT/IS admin/storage experts) don't have a degree in computer science, never mind a MS or PhD.

A lot of them are self taught college graduates (in other fields) with certs in Novel, MCSE and, or A+ (and many others). At best, we are talking about a degree in IS/IT with very little programming and almost no math background.

What do you expect?

Epic0range said,
****, why does Google have to make running an IT department and enforcing company standards harder.

All things like this does is make it easier for the users to break their stuff then blame IT when it's their fault something doesn't work.

Why the hell are companies still using IE 6 anyway?