Google Shares its Seven Core Principles of Chrome Security
Google Shares its Seven Core Principles of Chrome Security
Posted 01/15/2012 at 3:56pm
| by Justin Kerr
7
Comments
Print
Google Chrome is rapidly winning the hearts and minds of tech enthusiasts everywhere not just for its blistering speed, but for its unrelenting commitment to security. Saying a browser is secure is easy, but making it so is something completely different. To help keep their developers on track the team has come up with a set of seven core security principles, and the complete list makes for a rather interesting read, and we’ll highlight a few of our favorites after the jump.
First up on the list is “don’t get in the way”. This might sound simple enough, however as Vista’s UAC taught us all too well, enhanced security more often than not comes with strings attached, strings that constantly take over your screen and suck your will to live every time you launch an application. Simply put, Chrome does a great job of this.
Another great principle is “speed matters”. In this case we aren’t referring to Chrome’s legendary rendering speed, rather it pertains solely to response times in dealing with security concerns. Silent automatic background updating is the leading example of this principle in action, and it’s something that is literally changing the industry.
The final principle worth pointing out is “make the web safer for everyone”. In this example the Chrome team points out that it recognizes the power of web standards to help push security issues forward. They quote open source technologies such as sandboxing as examples of this, but a part of me wonders if flash wouldn’t be a better horse to beat on. To this day flash continues to be a huge vulnerability on millions of machines around the world, and HTML5 just might be the cure.
Design for defense in depth, security is a team responsibility, be transparent, and engage the community round out the list, and feel free to cruse on over to the Chromium blog to check out Google’s take on each.
More like this
7
Comments
Comments are closed on this article
LatiosXT
January 16, 2012 at 11:12am
Derail time! On Vista's UAC
While I would agree Vista's UAC was annoying in that it was "too good", it exposed one thing: a good number of Windows programmers should go back to class. A lot of "incompatible" programs I found were because it was expecting administrative rights for no real reason. For example, I had to run PSPICE as an admin. Why would an circuit analysis tool need it? Same thing goes with ModelSim.
Otherwise Windows 7's approach is pretty damn good. Admins don't get the prompt as much, but you should still run your normal account as a standard user anyway.
Slugbait
January 16, 2012 at 1:34am
Google Chrome is rapidly winning the hearts and minds of tech enthusiasts everywhere...for its unrelenting commitment to security.
Wait a sec...didn't Google Chrome finish in First Place in last's year's "Dirty Dozen" from bit9? And doesn't every device in this year's "Dirty Dozen Smartphones" run Google's Android?
Please define "unrelenting commitment". Thx.
Neufeldt2002
January 15, 2012 at 4:39pm
Yup, Chrome is so secure, it slows web browsing to a crawl and when it finds something it doesn't like it crashes the entire computer. Yup, real progress there. I am sure others have different experiences with it, but this is how it runs on one of my computers. Until they can actually make a browser that works I'll stick with FF.
munky101
January 16, 2012 at 2:29am
I would have to agree that it sounds like your system may be having some issues rather than the browser. I would concider making a backup of your your important files and consider a reinstall of the OS. But thats just me.
I have chrome running on multiple systems with no issues at all. From a windows install to backtrack 5, it's running smooth. The only complaint I have involving Chrome, really has nothing to do with it at all. It is how whacked out adblock has gotten lately. Believe me, I used to be a Firefox fanboy too.
Engelsstaub
January 16, 2012 at 1:05am
I have Chrome running just fine on a dual-booted Alienware (Ubuntu Linux/Win7) on both partitions. It's also running exceedingly well in a VM with Fedora 16. (It took a small bit of work to get running in 15, but it ran there as well.) It's the only browser I use on my MBP/OS X...no issues.
I've heard of no one having the problems you have. If Google couldn't "make a browser that works" you wouldn't be reading about it's gains in marketshare every other day or so.
Have you considered the possibility that you may have system problems? If you do other programs could be affected too. Submitting bug reports is a helpful thing to do as well.
Neufeldt2002
January 16, 2012 at 8:30am
Nope, system works just fine without Chrome, add Chrome and everything works except Chrome.
Zoandar
January 15, 2012 at 4:05pm
Is one of their "security principles" the decision NOT to use a Master Password to prevent unauthorized viewing of stored passwords? Fail.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 13 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 13 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 11 hours ago
