Security → Re: Google Chrome Now the No. 1 Browser in the World

What reservations could you possibly have? I think time has shown it is the most secure browser of them all. It has definitely been the toughest at Pwn2Own every year. In fact it wasn't breached until the most recent Pwn2Own after remaining untouched for several years. And the exploits used were quite difficult to pull off and took months of planning and exploit writing.The myth of Chrome "tracking" has been debunked already, so I wont bother again. But I must ask what you mean by "unrelated software updates?" I have never noticed any software bundles or "strange updates" coming from Chrome on my Windows box.

I am not a fan of a lot of Google's practices in regard to gmail and other services, but I think a lot of this Chrome stuff is just nonsense perpetuated by people who, frankly, don't know what they're talking about. People tend to put on a big tin-foil hat whenever anything Google related is mentioned. Rightly so in some cases, but not in regard to Chrome. It is a 100% open source browser (just like Firefox). It would be pretty hard to hide some nefarious world takeover plot in the code.Iron doesn't do anything Chromium doesn't do. You can turn off all tracking inside of Chromium.That's because of its sandboxing (security) mechanism. It also helps with stability of the browser as a whole since if one tab crashes, it crashes in isolation. IE and firefox will eventually copy this behavior (if they haven't already -- can't speak for IE since I haven't used it in like 10 years).

I don't expect Iron to do anything that Chromium doesn't do. I don't know Where you get if form. On the other hand, I expect Iron to do less than Chrome (and particularly, do not track me). That's why I don't run Chrome and use Iron instead.Oh, please... I run Iron for the past year and it almost never crashed. And even if it crashed, there is no big deal. I restart it again and all environment is restored right away. That particular explanation (the big -- sometimes several times more -- memory consumption allows it to mitigate crashing problems) is always used to justify the big waste of memory resources is quite ridicules IMHO. The problem that I have with Chromium/Chrome/Iron - in my environment to keep its memory consumption at some reasonable level I need to run it as a single process. But developers are making it more difficult with every new release of Chromium (which happens way too often, BTW, no one needs to reset his/her working environment every 6 weeks)... I need that option.

You couldn't pay me to use Chrome. I don't use a browser that I cannot control. Chrome FORCES updates on you. That alone makes it an evil browser, worthy of suspicion, since you cannot turn off the forced updating. This is the main reason to use Iron instead.

Unrelated software updates obviously include the forced update of Flash and the forced inclusion of Flash in Chrome. I hate Flash. I don't want Flash forcibly included in a browser and I certainly would never want Flash to update silently. Flash craps all over the place when you update it and you have to correct all the privacy holes it makes each time. Why in the world would I willing allow a browser to update something as awful as Flash silently so that my privacy is compromised and I don't even know it because the update was not initiated by me?

Chrome and Iron are the most UNSTABLE of all the browsers. I had to stop using Iron because it would crash shortly after starting it. As for sandboxing the tabs that is a horrible idea because of the immense amount of RAM used to do that and the HORRIBLE CLUTTERING of Task Manager with 60-70 tabs listed separately! You can't find anything in Task Manager if Chrome/Iron is running. That drove me nuts besides the fact that it is not necessary to squander RAM like that and for those on XP 32 bit it makes using Chrome/Iron a stupid idea. Even when I get a new computer with at least 12GB RAM why would I want to waste RAM on sandboxed tabs?

But the worst thing about Chrome is that it is too bare bones. It is a horrible looking browser and so poorly developed that you cannot even choose your link colors! Pathetic. The extensions least much to be desired. They are mostly childish. Opera has the same problem with their extensions. Only Fx and SeaMonkey have great sophistication with the extensions and the extensions are very useful. With Chrome they are mostly the sort of thing that appeal to ignorant of computers users which is the group Chrome aims its browser at. As for speed, that is the LEAST important criteria to me. What I can do with a browser is the most important. I always load the prior session on any browser and that usually is around 50+ tabs so any browser will load slowly. So? I want those tabs loaded. I am willing to wait. Chrome is not any faster than any other browser unless you have something against saving your sessions and using history. I don't generally close any browser (and I always have at least two running and at least one virtual machine with two browsers running) until I am forced to reboot. That is usually only about once every 30-50 days. So, it is not a bit important how quickly a browser starts.

Chromium is a 100% open-source browser. Chrome is Chromium with proprietary code added in. Mostly flash and codecs, but some other stuff too, like PDF rendering. It would be possible to hide tracking in those proprietary bits, but it's almost certain that if it existed it would be found quickly and that would legitimately ruin trust in Chrome. The risk to Google would far exceed the benefit.

Yes, you are right about Chromium. This is why I suggest people use it (instead of Chrome itself) if they are really worried about Google (Iron offers no advantages over Chromium). With all the paranoid people out there, such tracking would have been discovered long ago in the code, I can assure you.

I personally have no problem with automatic updates. If I were Google, I would do the same thing. Too many people out there are clueless and don't know how or care to update. Then their box gets owned and they blame Google. This is one of the reasons Google bundles Flash -- so they can keep control of its security updates (since it has obviously has a pretty bad security record). As far as I know, Flash can easily be disabled, so I don't see really what the hoopla is about.

And, yes, I agree that Flash is closed-source binary blob POS. But unless you don't want to be able to view online videos, we are pretty much stuck with it for the time being. Google has the opt-in HTML5 program on YouTube which is nice, but it still doesn't cover all videos. Go anywhere else besides YouTube, and 90% of the time videos are encoded for Flash. I really wish Flash would die and HTML5 would take over, but we aren't there yet.

quote:

---

As for sandboxing the tabs that is a horrible idea because of the immense amount of RAM used to do that

---

I'm not so sure that is an issue necessarily.
When I first ran Chrome (the other day), I purposely opened a number of Youtube videos (among other items), & when I looked at (Process Explorer), I saw Chrome had quickly taken up all kinds of memory, far more then I would have expected.

And I saw each tab listed individually & the memory usage of each tab. Found that interesting. And then also noted that when I closed a particular tab, I could see its task die & the associated memory released. So closing a number of large memory using tabs, my total memory usage declined substantially.

And then closing all the video clips & only opening more textual based pages, memory usage seemed reasonable.

Suppose there is some overhead associated with the sandboxing (i.e. each tab you open), but would not think it to be too bad? (Haven't looked to see what a blank tab consumes, yet.)

quote:

---

and the HORRIBLE CLUTTERING of Task Manager with 60-70 tabs listed separately! You can't find anything in Task Manager if Chrome/Iron is running.

---

On first usage, found the individual tab listings interesting. Hadn't actually thought about my more typical usage (could be in the hundreds of tabs) & how that would look in TM.

quote:

---

it is not necessary to squander RAM like that

---

Again, not sure that is an actual issue?

quote:

---

the worst thing about Chrome is that it is too bare bones

---

My impression too.

quote:

---

The extensions leave much to be desired.

---

Tried loading the extensions page last night, but for whatever reason it would not connect. And without having extensions like I'm used to using, Chrome would be a no-go.

Who would? Google, perhaps?

Once again, turning off Google Chrome auto-updates: »dev.chromium.org/adminis ··· -updates

or just use the PortableApps.com version

? Never heard of that. But then I am a desktop person.

Not sure what you mean--all of the applications at PortableApps.com are for Windows desktop/notebook installs; they're just "portable". As such, Google Update is not part of the Chrome Portable install since it would have to be installed locally as a service.

Yeah, those are for using on other computers not on your own computer.

Portable apps are all I use on my own--or any--computer whenever possible, which is almost all the time.

Portableapps.com has been around for years, but seem to be a niche product for people who want basic function and/or portable applications.

There's nothing to stop a user from using them on his own system rather than limiting them for public or guest PC use. I use portable apps on my home system.

I like the fact that I don't have update or other services for them running on my system. I can remove the USB and the app is gone.

However, cache data may still be stored on the PC for some applications. I believe that's a complaint against Iron browser..

From what I can tell from reading and experience, portable Firefox does not leave any cache data on the system.

If one wishes, one can install and run portable apps in a folder on the system rather than from a flash drive or other external device.

q.v »en.wikipedia.org/wiki/Po ··· Apps.com

You can also enhance an application's security by installing it to a TrueCrypt drive (mount as needed)--for example, encrypted email using Thunderbird with Enigmail or using Firefox for banking etc.

I use it on my own computer (actually multiple computers of mine since it's on a SpiderOak cloud drive) for browser testing. Makes it nice to have multiple versions can all work from a single browser folder that only had to be installed once.

Portable applications are for use on your own computer. Majority of applications, I use on my computers, are portable.

My definition of portable applications is simple. Portable applications don't use registry for keeping their configuration settings (they use configuration file/s in local folder) and don't dump files (logs, caches) spreading them whenever they want (e.g. in %TMP%, or APPDATA folders). Therefore, you may move them to any location on your computer or to another computer and still be able to use them as you wish. And that's why folks call them "portable", not because they're designed specifically for portable computers.

Portable applications don't need any installation procedure. Usually all you need to do is to unzip its package into a folder and start using them right away.

There are applications, that are designed to be portable from the beginning (and I like those very much) and those, that can't do it and require special environment to run in the portable mode. One of the environments that could be used to run any application in portable mode is SandboxIE (or any similar tools). Another approach is to use API, developed by developers of PortableApps.com. It does similar thing (from point of view, defined in my 2nd paragraph above). You run a launcher, that starts the actual program and program runs within that environment, which allows to keep settings in local folder(s)...

Now, you may want to know, that Chromium can be used in portable mode without running any launchers or sandboxes. The simple trick is to start it with -user-data-dir="Path" option in its command line. Then all configuration settings will be used from that folder. For example, make a shortcut like this one:
C:\Chromium\chrome.exe -user-data-dir=".\chrm" -single-process
When you click on it, shortcut will run Chromium in a single process mode and use chrm sub-folder for its configuration and caches. In registry it will make only record about its last rum time. But configuration will be kept in that folder. Then you may move C:\Chromium folder to any other place on your computer (just fix shortcut at the same time) and it will run without any changes.