# Holy crap Google's new browser is fast



## ADF (Sep 3, 2008)

I'm messing around with the Google Crome browser, it is only a beta but this thing is quick. Obviously you are still limited by your Internet connection, but it just feels very responsive compared to other browsers.

I'll see how it goes, it's going to take allot to compare to Firefox by release.

[edit]

Memory comparison with the same content loaded, note Firefox will be using more memory because of add ons. Crome seems to open up a separate instance for each webpage, I'm assuming if one page crashes it won't affect the others this way.


----------



## Kyra (Sep 3, 2008)

google is already fast how much faster can it get


----------



## Stratelier (Sep 3, 2008)

ADF said:


> Memory comparison with the same content loaded, note Firefox will be using more memory because of add ons. Crome seems to open up a separate instance for each webpage, I'm assuming if one page crashes it won't affect the others this way.


Of course that also means more memory & system resources consumed per webpage....


----------



## TheGreatCrusader (Sep 3, 2008)

This thing is fucking awesome. Screw Firefox, this is my new browser. \o/


----------



## Kyra (Sep 3, 2008)

i just cant get how noticeably faster google can really get it only takes a second for thousands of sites to appear anyway


----------



## TheGreatCrusader (Sep 3, 2008)

Kyra said:


> i just cant get how noticeably faster google can really get it only takes a second for thousands of sites to appear anyway


You have it wrong. Google just launched a new web browser, similar to Firefox or Opera. Webpages as a whole load faster, not just Google.


----------



## verix (Sep 3, 2008)

There's already an exploit for it. lol


----------



## X (Sep 3, 2008)

i still prefer Firefox, it loads slightly faster for my pc, and some of the sites i visit are making it lag.


----------



## ArielMT (Sep 3, 2008)

D'oh!


----------



## WarMocK (Sep 3, 2008)

Erm ... guys .... You heard of the EULA that comes with Chrome? Oo

http://www.jeremyduffy.com/beware-google-browsers-license-agreement/


----------



## X (Sep 3, 2008)

just another reason that i will stick with my little foxy browser ^_^


----------



## WarMocK (Sep 3, 2008)

half-witted fur said:


> just another reason that i will stick with my little foxy browser ^_^



Good choice. ;-)


----------



## verix (Sep 3, 2008)

WarMocK said:


> Erm ... guys .... You heard of the EULA that comes with Chrome? Oo
> 
> http://www.jeremyduffy.com/beware-google-browsers-license-agreement/


Oh no! Google is preventing themselves from being sued for people using their browser to browse the Internet!

The impact of those terms in the EULA are blown way out of proportion.


----------



## TheGreatCrusader (Sep 3, 2008)

The Javascript speed of Chrome blows everything else out of the water. And, that's a big deal since more and more websites now-a-days are using Javascript, and some of those sites are using A LOT of it.


----------



## WarMocK (Sep 3, 2008)

verix said:


> Oh no! Google is preventing themselves from being sued for people using their browser to browse the Internet!
> 
> The impact of those terms in the EULA are blown way out of proportion.



How about reading Â§11.2 dealing with user-generated content and the permission to sell that to other companies?


----------



## Xenofur (Sep 3, 2008)

Urgh, it means that they can make screenshots of the browser with your site open, without you being able to sue them for showing these screenshots around.

Also, @ speed: Note how it has no extensions, features or ANY kind of niceties? Right now it's really fucking barebones and they'll either keep it like that, or additional features will eventually bog it down to the speed of everyone else.


----------



## Kimmerset (Sep 3, 2008)

Stratadrake said:


> Of course that also means more memory & system resources consumed per webpage....



THIS. Would destroy me.

Edit: Also, yeah. Fuck that EULA.


----------



## Foxie299 (Sep 3, 2008)

That EULA you mentioned... Does this just apply to the Beta?  Because, really, when I enter my bank details I'd kind of like them to stay between me and Paypal.  I mean, I don't really won't Google displaying them to the world or selling them onto a third party.


----------



## Xenofur (Sep 3, 2008)

Fucking furries. I give up.


----------



## Kimmerset (Sep 3, 2008)

The reality of the situation is that there's way too many instances/users for there to be a likely case in which your information/content will be used by Google in any way (other than taking your personal information and spreading it around carelessly). 

I'm going to stick to the real open-source programs, I think, though.  Not worth it.



Xenofur said:


> Fucking furries. I give up.


What the hell does that have to do with anything?


----------



## WarMocK (Sep 3, 2008)

According to the EULA, the licence applies to the "executable code version of Google chrome" (first sentence of the EULA). I guess this means EVERY version of Chrome, no matter if it's alpha, beta, 1.0 or whatever. It would even apply to the source code, as you are able to compile an executable program with it.


----------



## Foxie299 (Sep 3, 2008)

Because I enjoy a good dose of paranoia...

If I write a story, and email it to an editor, does the wording of this mean that I lose First Rights?  I mean, by using Chrome to email it, I'm giving Google the right to display, perform etc. the piece.  Therefore,  I can't give First Rights to said editor or the publication they work for.  The story, from the moment I put it in the browser onwards, technically counts as a re-print.

That's a bit mean, eh?


----------



## WarMocK (Sep 3, 2008)

According to Â§11.1 you keep the copyright, but you cannot sue Google for using/publishing/redistributing your content. That usually wouldn't be a problem since this includes being to display anything you sent to the net at all. But with Google being known for reading your e-mails ... I don't want to imagine what they would do with your content if they get the chance. Ã´O


----------



## verix (Sep 3, 2008)

WarMocK said:


> How about reading Â§11.2 dealing with user-generated content and the permission to sell that to other companies?


I did read it. And man, section 11.3 is a _doozy!_ Look at this one:


> 11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions.



OH MY GOD THEY'RE SENDING MY DATA ACROSS THE INTERNET HELP I HAVE TO STOP THIS


----------



## Xenofur (Sep 3, 2008)

^^^^
It seems like you've been driven over the edge and onto another one, but at least you're having fun. 





Kimmerset said:


> What the hell does that have to do with anything?


Reading comprehension (lack of) and ADD.


----------



## PJHippo (Sep 3, 2008)

It's fast and all that, but I'm comfortable with my Safari browser. It works well with my iPhone too.


----------



## WolfoxOkamichan (Sep 3, 2008)

And now Google owns you.

http://gizmodo.com/5044871/google-c...create-using-chrome-from-blog-posts-to-emails


----------



## Eevee (Sep 3, 2008)

ADF said:


> I'm messing around with the Google Crome browser, it is only a beta but this thing is quick.


welcome to WebKit

ever used Safari?



WarMocK said:


> Erm ... guys .... You heard of the EULA that comes with Chrome? Oo
> 
> http://www.jeremyduffy.com/beware-google-browsers-license-agreement/


oh fuck they want a license to store my documents on Google Docs

fuck




_fuck_


you may notice that this EULA refers to all of Google's products and services and bears a striking resemblance to *every other Google EULA*, such as the Google Account EULA; this clause in particular is mentioned in their help docs

but don't let me rain on your tinfoil hat parade since apparently the entire fucking Internet is scraping for any excuse to hate Google



TheGreatCrusader said:


> The Javascript speed of Chrome blows everything else out of the water. And, that's a big deal since more and more websites now-a-days are using Javascript, and some of those sites are using A LOT of it.


firefox 3.1 has already pulled ahead



WarMocK said:


> According to the EULA, the licence applies to the "executable code version of Google chrome" (first sentence of the EULA). I guess this means EVERY version of Chrome, no matter if it's alpha, beta, 1.0 or whatever. It would even apply to the source code, as you are able to compile an executable program with it.


the source code is a project called Chromium, not Google Chrome


----------



## WarMocK (Sep 3, 2008)

Eevee said:


> you may notice that this EULA refers to all of Google's products and services and bears a striking resemblance to *every other Google EULA*, such as the Google Account EULA



Which is why I don't use GMail and Co. ^^


----------



## Eevee (Sep 3, 2008)

yeah it would be terrible if the license for gmail included agreeing to let google host your email


----------



## verix (Sep 3, 2008)

WolfoxOkamichan said:


> And now Google owns you.
> 
> http://gizmodo.com/5044871/google-c...create-using-chrome-from-blog-posts-to-emails


hey guys remember when deviantArt's EULA said that they could OWN YOUR ART AND SELL IT BECAUSE YOU GAVE THEM PERMISSION and it was RIGHT THERE IN THE EULA that they owned your art?


remember how stupid everyone felt when they found out that specific part of the EULA was to give deviantArt the right to make _thumbnails_?


no?


ok, carry on then, I've got some awesome bridges for sale if anyone likes


----------



## WolfoxOkamichan (Sep 3, 2008)

I guess so.

Still, no plug-ins make it crap than FF3. However, if it consumes less RAM...


----------



## Foxie299 (Sep 4, 2008)

I'm so glad that people like Eevee, Xenofur and verix are here.  Without their sarcasm, I might have continued to question things and want to understand things.  Now I see that I should just dumbly accept the status quo and whatever crap the people in charge deem fit to push on me.  Their strawmen have helped me to see the light.  Thanks, guys!


----------



## Shouden (Sep 4, 2008)

okay, everyone knows not to give out things like bank account numbers and stuff through email. right? Also....I use a Mac, and I like my Safari. Firefox is ungodly slow in comparison to Safari.

Gmail is good because it is easy and i don't get a plethora of junk mail with it. And besides, all major email companies monitor emails so that if they something illegal happens, or the FBI/cops or whoever asks to see the email records, they can easily hand it over to them.

If you are using a PC and your are worried about your privacy, maybe you shouldn't use a PC.


----------



## Pi (Sep 4, 2008)

Shouden said:


> Gmail is good because it is easy and i don't get a plethora of junk mail with it. And besides, all major email companies monitor emails so that if they something illegal happens, or the FBI/cops or whoever asks to see the email records, they can easily hand it over to them.



What

If my email company handed over records just because the FBI asked I'd be finding a new email company.



> If you are using a PC and your are worried about your privacy, maybe you shouldn't use a PC.



(please stop referring to "a PC" as "a PC that runs windows"; my i386 platform machines, with one exception, run Linux or NetBSD))

What

It's equally easy to hose your own privacy on a mac. The only difference is that there's less malware _actively targeting_ the mac. If someone wants to invade your privacy choice of platform is irrelevant.


----------



## net-cat (Sep 4, 2008)

Pi said:


> It's equally easy to hose your own privacy on a mac. The only difference is that there's less malware _actively targeting_ the mac. If someone wants to invade your privacy choice of platform is irrelevant.


Oh, so _you're_ the one who keeps putting that nightly job into my system that rsyncs all my data to an off-shore server.

Stop that plz.

(j/k <3)


----------



## Kimmerset (Sep 4, 2008)

What the fuck are you all talking about? Mac's are fucking *INDESTRUCTABLE AND INPENETRABLE. THEY. ARE. INVINCIBLE.*


----------



## Eevee (Sep 4, 2008)

Foxie299 said:


> I'm so glad that people like Eevee, Xenofur and verix are here.  Without their sarcasm, I might have continued to question things and want to understand things.  Now I see that I should just dumbly accept the status quo and whatever crap the people in charge deem fit to push on me.  Their strawmen have helped me to see the light.  Thanks, guys!


clearly you should blindly accept whatever anti-Google knee-jerk blogpost you run into first, instead

oh wait no that's exactly what we're arguing against


and wtf "status quo"?



Shouden said:


> okay, everyone knows not to give out things like bank account numbers and stuff through email. right? Also....I use a Mac, and I like my Safari. Firefox is ungodly slow in comparison to Safari.


?????  what does Firefox vs Safari have to do with bank account numbers and email?



Shouden said:


> And besides, all major email companies monitor emails so that if they something illegal happens, or the FBI/cops or whoever asks to see the email records, they can easily hand it over to them.


wow where the fuck did you hear that

ps my email is on a private server and only I have access to it



Shouden said:


> If you are using a PC and your are worried about your privacy, maybe you shouldn't use a PC.


you are also using a PC

fyi


----------



## benanderson (Sep 4, 2008)

It's fast, it's got a very clean, intuitive and visually pleasing layout and it's footprint is tiny. It's very similar to safari actually, how everything is so compact on screen so you can see more of the current web page at once, more so in-fact because the tabs are in the title bar, it even has the same resizeable text fields as safari! Very useful for someone who likes to type a lot at once like me.

Once the spell checker is completed, the save dialogue is updated so it's A) better adapted for vista and B) it can remember the last location it saved too and the option for some degree of customization is added I think I'll be using this as my main browser. At version 0.2 it could take a while, though.

That's my tuppence on the subject. 



Kimmerset said:


> What the fuck are you all talking about? Mac's are fucking *INDESTRUCTABLE AND INPENETRABLE. THEY. ARE. INVINCIBLE.*



People thought Linux/Unix was indestructible, then BLISS showed up. Seeing as mac is a Unix system (it's actually a version of BSD) it wouldn't take much to adapt bliss for mac. No system is indestructible as their is always something to exploit. Grab some smelling salts before you go into a fan-boy coma.
*AND THEIR IS NO NEED TO SHOUT*


----------



## Eevee (Sep 4, 2008)

benanderson said:


> it's got a very clean, intuitive


aka not very useful



benanderson said:


> and visually pleasing layout


aka not themed like anything else on my computer



benanderson said:


> and it's footprint is tiny.


aka..  wait, no, this one is just wrong.  where are you getting this?



benanderson said:


> People thought Linux/Unix was indestructible, then BLISS showed up.


oh yes, Bliss.  a "virus" that doesn't really do anything and can't do any real harm unless you run it yourself as root.  you might as well call `rm -rf /` a virus.



benanderson said:


> No system is indestructible as their is always something to exploit.


this does not mean that all systems are equally destructible



benanderson said:


> Grab some smelling salts before you go into a fan-boy coma.


he was making fun of mac fanboys actually


----------



## ArielMT (Sep 4, 2008)

My sarcasm senses tingled when I read Kimmerset's post.

Oh, and what's with this "rtm" guy I see on my system.  It belongs to a user named Robert Morris.  I'm checking with my admins, trying to find out which one changed his username to "rtfm" instead.  They're telling me about some sort of sendmail worm I need to patch against or something?


----------



## Xenofur (Sep 4, 2008)

Foxie299 said:


> I'm so glad that people like Eevee, Xenofur and verix are here.  Without their sarcasm, I might have continued to question things and want to understand things.  Now I see that I should just dumbly accept the status quo and whatever crap the people in charge deem fit to push on me.  Their strawmen have helped me to see the light.  Thanks, guys!



I'm not sure how completely failing to read the post that explains it in as much detail as was necessary is the same as "questioning with the intent to understand"?


----------



## Runefox (Sep 4, 2008)

Wow, FUD abound. The Chrome EULA was mistakenly more or less copy-pasted from Google Docs. According to the link provided earlier, they redacted that portion of the EULA that states that they can "data mine", instead specifically saying that anything you do with the browser, and anything you submit via it, is copyrighted to you.

http://www.theregister.co.uk/2008/09/04/google_retracts_lousy_chrome_eula_terms/

And anyway, you're all wrong. Everything's vulnerable and everything's secure; It's always a matter of PEBKAC. If you don't have a firewall/NAT router between you and the internet, then you deserve what you get, Linux, Mac, or Windows (and you WILL get quite a bit). If you like clicking the next button without abandon and have a pension for sleazy porn sites and warez sites, you deserve what you get. If you don't use a decent antivirus product (IE anything other than McAffee or Norton) and don't know what you're doing, you deserve what you get. Who cares what UI/kernel you're using? You'll still get the axe pretty quickly if you're an idiot. End of story.

Also, having used Safari and Konqueror (both Webkit-based (KHTML is the basis for Webkit)), I'm certain that Chrome is faster at retrieving/displaying pages than either is, especially pages on a LAN. It displayed the pages as fast as the server could send them, and it has a rather unique style about it that I'm not sure I'm fond of, but is a nice touch anyway.


----------



## Eevee (Sep 4, 2008)

Runefox said:


> And anyway, you're all wrong. Everything's vulnerable and everything's secure; It's always a matter of PEBKAC.


blaming security issues en masse on the user isn't just wrong, it's dangerous and irresponsible



Runefox said:


> If you don't have a firewall/NAT router between you and the internet, then you deserve what you get, Linux, Mac, or Windows (and you WILL get quite a bit).


I shouldn't have to have a degree in information security to use a fucking appliance and nor should anyone else


----------



## Runefox (Sep 4, 2008)

> blaming security issues en masse on the user isn't just wrong, it's dangerous and irresponsible


While security patches on the software side can limit the amount of damage that gets done, typically, if you are sitting behind a firewall/router and you aren't an idiot, you're very likely to have zero security issues, even on an unpatched system. Since this is the case in pretty much every end-user environment, I think this stands. Security holes are security holes and they need to be patched, but it always takes user action to initiate anything that makes use of them in that kind of environment.



> I shouldn't have to have a degree in information security to use a fucking appliance and nor should anyone else


Computers aren't appliances, and they never have been. Perhaps someday they will be, but a computer is in a class of its own today. Computers are more like tools, and like a table saw, improper use can make using that tool very inconvenient. While a computer might not directly result in the loss of a hand, it can be very stressful when things aren't working right. That said, you don't need a "degree in information security" to know not to run that executable that magically appeared on your desktop, or to know that going to websites like "porn-r-us.com" is probably a bad thing, and like a related thing in real life, is liable to get your computer sick.

It doesn't take a genius to set up a router, and firewalls are standard on every modern OS/desktop Linux distro. If you keep your system patched and don't turn off your firewall, you should be free from any direct attacks on your system - The only attacks that will get through on any platform at this point would be those that have to be initiated by the user, which vary only in the ease at which they can be done. In Internet Explorer's case, simply browse to your favourite sleazy porn/warez site and you've instantly got the computing world's version of chlamydia. In this case, another browser is best, and most people will tell you that. If you listen, then you shouldn't have any problems.

Yes, that was a Windows-specific example, but what I'm saying is, if you aren't an idiot, Windows is secure. With enough resources poured into development of Linux and Mac OS exploits, it would likely be possible to trick users into doing precisely the same thing on those platforms, with the exception that Linux users are usually power users to begin with and thus experienced enough to pick up on it. Granted, it generally isn't as easy to do a driveby on Linux/Mac OS (mostly because drivebys occur on IE as a rule), but software installation with remora-like adware would be pie. Lots of Mac OS software and Linux software require privilege escalation to install - What would it take for someone to install a piece of software with a piece of spyware (now running as root)? In Mac OS, it'd be as easy as in Windows, and in Linux, unless you're an open source-only zealot, you're likely to install it anyway if it seems useful or curious.


----------



## verix (Sep 5, 2008)

Foxie299 said:


> I'm so glad that people like Eevee, Xenofur and verix are here.  Without their sarcasm, I might have continued to question things and want to understand things.  Now I see that I should just dumbly accept the status quo and whatever crap the people in charge deem fit to push on me.  Their strawmen have helped me to see the light.  Thanks, guys!


Just because you namedrop "strawman" doesn't make our arguments such. Please explain to me what strawman I'm propping up to take down your argument in such a fashion that makes it easier to argue against while being deceptively simple to destroy. I'm criticizing the _very same goddamn situation that happened in the past that is happening now._ I mean, historically these things are done not for SPYING ON YOU and selling your data to $$$CORPORATIONS$$$, but rather for functionality.

Go ahead and blindly accept paranoia regarding EULAs that are atypically meant for mediocre things such as _allowing you to use the fucking product_ though. I guess it's better than blindly accepting someone's criticism of people donning tin-foil hats.


Runefox said:


> Everything's vulnerable and everything's secure; It's always a matter of PEBKAC.


god the user is such an idiot for using an operating system with a 0day buffer-overflow exploit, fuckin moron why doesn't he read the same blogs I do

Seriously, this is the completely wrong approach to take against security.


----------



## Pronema (Sep 5, 2008)

> 11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions.


Verix, this can also be interpreted as an ability to "adapt" the screen shots of your stories or artwork into posters, books, video files, etc. hence "[adapting] that Content to the technical requirements of connecting networks..." 

What I don't understand is why you blatantly defend a defect in a EULA that can be exploited.  *Whether that was Google's intention or not does not matter.  

What does matter is the letter of the law.*  Google has the ability to exploit people who use the browser.  They acknowledged that by removing the clause from the EULA to allay people's fears.  

The same is true of DA, until they change the clause to be more specific of what they can and cannot do with the artwork posted on there.  Whether or not they will do anything but make thumbnails doesn't matter, *the fact remains the same; they have the right to do what they want to with what you post.

Edit:

* By the way, I use both g-mail and Deviant Art myself, I trust that what I consider my rights will not be violated because I am not paranoid.  I simply believe both Google and Deviant Art could do a much better job by making some of the clauses in their EULA's more specific about the rights they hold.   *In fact, if they did do a better job, crap like this would not be brought up.
*


----------



## verix (Sep 5, 2008)

Pronema said:


> *What does matter is the letter of the law.*  Google has the ability to exploit people who use the browser.  *They acknowledged* that by removing the clause from the EULA to allay people's fears.


If what matters is the letter of the law, then the _entire_ EULA doesn't matter anyway, because EULAs have such a horrible reputation in court that whether or not your EULA will be enforced depends almost entirely on _which circuit_ you take it to. Which makes the whole matter _even more_ of a moot point.

Honestly, I think Google did this to alleviate fears above all-else and that people are freaking out over much ado about nothing.


----------



## Pronema (Sep 5, 2008)

I agree that people are freaking out about nothing.  I just think that maybe if Google had done a better job with the EULA and had a decent lawyer write it up, God knows they can afford that, this would not have been an issue.


----------



## Eevee (Sep 5, 2008)

Pronema said:


> What I don't understand is why you blatantly defend a defect in a EULA that can be exploited.  *Whether that was Google's intention or not does not matter.*


I'm defending Google, not their EULA.  EULAs are stupid anyway.


----------



## Pi (Sep 5, 2008)

Pronema said:


> _What does matter is the letter of the law._[/B]
> [/B]



nope, that's wrong.


----------



## theLight (Sep 5, 2008)

Kyra said:


> google is already fast how much faster can it get



A women who worked for google invented a search engine that is literally twice as fast as google, I think it was called kiul or something.


----------



## valkura (Sep 5, 2008)

theLight said:


> A women who worked for google invented a search engine that is literally twice as fast as google, I think it was called kiul or something.



Cuil?


----------



## Eevee (Sep 5, 2008)

Yeah, that would be great if Cuil didn't turn up irrelevant crap and DOS some sites.  B)


----------



## theLight (Sep 5, 2008)

valkura said:


> Cuil?





Eevee said:


> Yeah, that would be great if Cuil didn't turn up irrelevant crap and DOS some sites.  B)



Ah, it's a work in progress, but it's obvious that google's gonna be paying her a couple million for it once she fixes the irrelevancy issues. And it's not like google always gives you the *best* links, sometimes I find better on ask.


----------



## Runefox (Sep 5, 2008)

verix said:


> god the user is such an idiot for using an operating system with a 0day buffer-overflow exploit, fuckin moron why doesn't he read the same blogs I do



What is a zero-day exploit going to do to an OS that's safely behind a firewall with a user who practices good usage and has decent antivirus/antispyware protection?

Also, I don't understand why people are still talking about the EULA - It's been changed. That part's been ripped out. They made a mistake (copy-pasted a EULA from Google Docs). They admitted it. They retroactively made the change to say exactly the opposite of what the first EULA said. What's the big deal?


----------



## Eevee (Sep 5, 2008)

theLight said:


> Ah, it's a work in progress, but it's obvious that google's gonna be paying her a couple million for it once she fixes the irrelevancy issues.


Uh.  Irrelevancy issues are pretty much *the entirety of writing a search engine*, not some quick bug to squash.



Runefox said:


> What is a zero-day exploit going to do to an OS that's safely behind a firewall with a user who practices good usage and has decent antivirus/antispyware protection?


If it's remote code execution in something like javascript, a malformed link, an image, etc?  *Fuck him the hell up.*


----------



## Koda (Sep 5, 2008)

Seriously, is there any question? Firefox has a kick ass icon. That's why I use it.







Of all the browsers out there, I think because of its community-driven open source nature, its the _least_ likely to be data mining its users.


----------



## Runefox (Sep 6, 2008)

> If it's remote code execution in something like javascript, a malformed link, an image, etc? Fuck him the hell up.


And what has always been the root cause of any of these exploits getting through to kernel land? Could it be, maybe, a certain web browser? Last I checked, such vulnerabilities, while theoretically possible (and fixed on many occasions), are few and far between on Firefox, Safari, Opera, etc. I won't deny that many users out there use IE, but there are also many who use alternative browsers, usually by advice from a techie friend. Our computer shop pre-installs Firefox as the default browser on every new system that goes out (be it Linux or Windows XP/Vista), and we generally suggest to the people who come in with computer troubles to use it instead of IE. Half the time, when we see them again, it isn't because of a zero-day exploit or anything silly like that.

The point is, if you consider IE a part of the operating system (like MSFT would have you believe), then yes, the security issues lie in the operating system. However, a _lot_ of security holes can be plugged rather neatly simply by virtue of not using IE and having a router/firewall between you and the net. Aside from that, all that's left is "don't be an idiot and go to www.pornsite4u.com" and "don't open that attachment from enlargeurpen15@freepills.org". While I will agree that most people don't have that kind of sense, they really _should_. But hey, it keeps us in business and keeps the paychecks flowing.


----------



## Bryantacious (Sep 6, 2008)

Eevee said:


> welcome to WebKit
> 
> ever used Safari?
> 
> ...



lol what percentage of your ~1,683 posts isn't part of some egotistic attempt to debunk everyone who sets foot in a forum?

at least the people in the blue note are somewhat nice to each other :/


----------



## verix (Sep 6, 2008)

Runefox said:


> And what has always been the root cause of any of these exploits getting through to kernel land? Could it be, maybe, a certain web browser? Last I checked, such vulnerabilities, while theoretically possible (and fixed on many occasions), are few and far between on Firefox, Safari, Opera, etc.


There was a heap overflow exploit in javascript under Firefox because, for some reason, it ran a certain interpretation multithreaded and _oops_ there goes your magically secure web-browser getting all owned. And this bug was found by a black-hat, too. That didn't get reported for a while. Safari is pretty famous for its 0day exploit, and OH WHAT DO YOU KNOW would you look at all the Chrome proof-of-concept exploits based off of the old version of Safari WebKit. It's not just _one_ web-browser. And with XSS vulnerabilities and all the various insecured WEB 2.0 web-based applications, you are vulnerable no matter what you do. If you want to be 100% secure, get off the Internet. Really.

The problem does not lie solely in the user. You are objectively barking up the wrong tree. Security is a zero-sum game. It doesn't matter if the security holes are "few and far between" in those other browsers (which is more-or-less a case of market-share, but that's another argument), because if there is _one_ hole, then it is vulnerable, and you have lost.

I'm not saying that users aren't at fault for not taking precautions due to these factors, no. Because vulnerabilities that come out every day-- in software that many once think was hardened and secure-- take time to be fixed. It's an arms-race as to A) find out what the vulnerability is (assuming it was a malicious attacker who found the bug, in which a report _will not_ come to the developers, leaving the bug out in the wild for sometimes a long time) and B) how to fix it. Therefore, they should _absolutely_ take precautions. I mean, not _everything_ is just related to stupid stuff like an off-by-one error or simply using strcpy() as opposed to strncpy()-- there's some complex shit out there. The bad guys, as Dan Kaminski says so perfectly, "have the starting pistol." So to say that security is one-sided, where users are the sole flaw that should be focused on and not the human errors in code, is incredibly myopic.


Bryantacious said:


> lol what percentage of your ~1,683 posts isn't part of some egotistic attempt to debunk everyone who sets foot in a forum?
> 
> at least the people in the blue note are somewhat nice to each other :/


Reveling in ignorance is a virtue now? Granted there could be more tact to correcting people, but when you find yourself doing it constantly, it's pretty easy to become bitter and annoyed quickly.


----------



## Runefox (Sep 6, 2008)

What I'm trying to say is that to say any given system is superior is idiotic and nothing but zealotry. As of right now, _most_ of those exploits _do_ lie in a single browser, and barring that, most systems actually _are_ rather secure when coupled with good usage practices. Yes, it's possible to use exploits to break Firefox, Safari and Chrome, but firstly, none of these has been to the extent of automatically launching arbitrary code (except in the case of Safari for Windows, which Apple is sure isn't their fault (and which Apple fans continue to call a feature)) and none of them are widespread enough to matter. To this end, saying that Windows is insecure in comparison to Linux and Mac OS may seem to be the case, but again, just like with the browsers, each platform has its own exploits that _mostly_ are initiated by the user (and really, the same goes for the user, _especially_ in the case of Javascript vulnerabilities, because in most cases, sites poisoned with bad JS code aren't legit sites to begin with).

I'm not trying to say that security is all about the user, but in the end user environment, I would argue, and am arguing, that bad usage practices make any platform insecure, just as good usage practices can mean that one may never have an issue with these things.


----------



## Alblaka (Sep 6, 2008)

Warning:
Today there was an OFFICIAL TV Warning about Google Chrome in Germany.
The "BundesbehÃ¶rde fÃ¼r Datenschutz" adviced not to use it, cuz it collects mass of personal information and sends them to google...

I only wanted to say this ^^


----------



## Runefox (Sep 6, 2008)

Only if you leave that nice little setting called "Help make Google Chrome better by automatically sending usage statistics and crash reports to Google" ticked. Of course, that's stuffed into the "Under the Hood" portion of the options window... I imagine that would be what they're talking about. If not, then they are either referring to the EULA issue, or perhaps to something I haven't yet heard of.

EDIT: Ah, I see they might be talking about the Auto-suggest feature, which according to Wikipedia can be disabled by either switching it off in Options or using Incognito mode.


----------



## Eevee (Sep 7, 2008)

Bryantacious said:


> lol what percentage of your ~1,683 posts isn't part of some egotistic attempt to debunk everyone who sets foot in a forum?


I dunno like one or two



Runefox said:


> What I'm trying to say is that to say any given system is superior is idiotic and nothing but zealotry. As of right now, _most_ of those exploits _do_ lie in a single browser


It is beyond me how you can do the mental gymnastics required to put these sentences in the same _post_, let alone one after the other.



Runefox said:


> Yes, it's possible to use exploits to break Firefox, Safari and Chrome, but firstly, none of these has been to the extent of automatically launching arbitrary code


what



Runefox said:


> and none of them are widespread enough to matter.


That's a pretty ballsy fucking claim to make.  It would only take a little patience and cooperation to launch a horrendous zero-day campaign and reduce millions of machines to zombies all at once.  Just find a hole in a popular browser and an XSS exploit in a popular site.  Even if the browser exploit is known, it takes nonzero time to patch them and have everyone update.



Runefox said:


> To this end, saying that Windows is insecure in comparison to Linux and Mac OS may seem to be the case, but again, just like with the browsers, each platform has its own exploits that _mostly_ are initiated by the user


Except UNIX-based platforms restrict what the user can do by default.  Windows has only started doing this recently, and tons of users have been disabling the prompts because they're fucking annoying.

Not that I am a hardcore security comparison zealot, but "well REALLY everything is flawed so they're all about equal" gets on my nerves.

And "exploits ... initiated by the user"?  What the hell?  How on earth can you blame security bugs on the user?



Runefox said:


> I would argue, and am arguing, that bad usage practices make any platform insecure


This statement is fairly meaningless; sudo rm -rf / is a bad usage practice and renders a system inoperable without any remote code being involved at all.



Runefox said:


> just as good usage practices can mean that one may never have an issue with these things.


Completely untrue, and exactly why _zero-day exploits_ are a problem.


----------

