• Home
  • Consulting
  • Contact Us
    • About this site
    • Contact Wayne
    • Media Room
    • Wayne’s Bio

SBSFAQ.COM

Supporting IT Pro's & MSP's since 2000

  • Blog
  • FAQs
  • Reviews
  • Downloads

Google Chrome – more insecurity abounds

February 12, 2012 by Wayne Small 5 Comments

News last week about Google Chrome and their intention to make it faster still… at the expense of security.  I’m not sure I agree with this line of thinking.  Basically the article talks about how Google are going to stop checking for revoked SSL certificates because it slows down the web browser too much.  Other main vendors Microsoft and Mozilla are not at this point following in this course of action.  The certificate revocation is designed to ensure that when you got to a website, the SSL certificate is in fact valid and not been revoked by the Certification Authority.  A revoked certificate normally happens when hackers have gained control over the SSL certificate and the entire mechanism is designed to protect you.  Google on the other hand have decided that speed is more important than security.  Yes – speed is important, but not at the expense of security.  There are other mechanisms in place such as DNSSEC which are designed to help ensure that you are going to the websites you think you are, but they are in their infancy.  If Google were to implement this change further down the track once DNSSEC was widely used, then it might be acceptable.  To do so now is reckless.

I may well be wrong too you know… I don’t know everything but based on what I do know, I’m even more concerned about using Google Chrome for ANYTHING.

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: Blog Tagged With: Google, Security

About The Author

Wayne has been working with Microsoft Server products in the SMB market for over 20 years. He has a passion for technology and been a Microsoft MVP for over 15 years. Read More…

Comments

  1. Robert Crane says

    February 12, 2012 at 11:17 pm

    Wayne,

    Let’s take a deep breath and have a look at this without the sensationalism that abounds. I agree that not checking for revocation is bad and that it weakens security. However, I would say that not using Chrom for ANYTHING is a tad sensationalist.

    The majority of sites that people visit have valid SSL certs. The issue will occur when some is trying to spoof users, which again is bad. However, in the majority of cases this is not going to be the case. Smart hackers probably have a work around for SSL issues on other browsers anyway. Most drive by attacks are going to happen on non SSL sites so again simply saying not using CHROME for anything is blowing the issue beyond the problem.

    Like I said, what Chrome has done is insecure and not in the best intertests of users but again let’s look at IE’s record. Not that impressive when it comes to security at all. This needs to be kept in perspective rather than allowed to by hyped to the point of hysteria.

    This is normal case of technology as it becomes consumerized. End users want easy of use and security doesn’t provide that generally. Look at bank pin numbers, 4 digits, how secure is that? Emails are unencrypted how secure is that? Yet everyone still uses them. It is simply the trend in IT, like it or not.

    Again, this is not a positive move at all from Chrome, but I’ll bet that it gets changed or someone will come up with an addin to rectify the problem. Agreed that most end users won’t install it and remain vulnerable but please let’s keep this in perspective for if you cry wolf at the top of your lungs all the time sooner or later people won’t listen to you when there is a real emergency.

    Thanks
    Robert

    Reply
    • Wayne Small says

      February 13, 2012 at 10:02 am

      I hear you Rob, but here’s the problem… how do you tell users that it’s OK to use Google Chrome for these group of websites, but not this other group of sites? Is it not better to not use a product at all if there is a known (or soon to be known) issue? Let’s face it, users are not thinking about these types of things in the same way that we are… therefore I feel it’s not crying wolf, but it’s more preventing potential issues. Hope that helps you understand why I suggest we don’t use Chrome for anything 🙂

      Reply
  2. Robert Crane says

    February 13, 2012 at 11:33 am

    Wayne,

    Hang on here, isn’t that a bit of a double standard? IE (All versions) is riddled with security issues and gets updated only when you run Windows Update. Chrome on the other hand updates constantly in the background so it is always current. So doesn’t that actually make Chrome far more secure? Isn’t the major security issue on the web out of date browsers that get attacked via know vulnerabilities?

    IE has many ‘known’ issues. Are you telling people not use those versions as well? You can’t because people will. All browsers are insecure, however Chrome is certainly more secure than most in my experience.

    I agree that this is downgrade in security for Chrome is not something you want to see but if you actually read the technical issues behind what and why the security risk is it simply not as bad as is being made out in the general IT press.

    My point being to simply make a blanket statement like that and NOT apply it to other browsers, which in many cases far worse known security issues, is not being objective in my opinion.

    Thanks
    Robert

    Reply
    • Wayne Small says

      February 14, 2012 at 8:10 am

      Rob,
      I don’t think it’s double standards at all – every software package has security vulnerabilities. IE in my client environments anyway, gets updated automatically via WSUS therefore i can see centrally what client machines do and do not have those patches. I can’t do that with non Microsoft apps as easily – therefore those apps present a risk to the business. Chrome may update constantly in tbe background but without central visibility of it my SMB clients are more vulnerable than they are with IE.

      For now – IE will remain my browser of choice and the one I recommend to clients to use because I can see what is going on with patching. I have a responsibility to them to do my best to ensure that they are patched. I can’t do that with Chrome OR Firefox.

      I’ve seen recent comment from Dana Epp however that makes me think long and hard about the entire certificate issue – he’s certainly someone I respect and he’s made some interesting comments about how easy it is for HIM to highjack things… let’s hope that there’s not too many of “HIM” out there 🙂

      Wayne

      Reply
  3. Rikki says

    February 15, 2012 at 8:05 pm

    Your client environments are quite a different playing field, being domains under your monitoring.

    What are our opinions on this: http://www.itproportal.com/2012/02/07/google-chrome-most-secure-web-browser-german-government-says/

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Connect Online With Us

  • Facebook
  • Twitter

Reviews

Splashtop – Cost Effective Remote Control Software

September 22, 2017 By Wayne Small 2 Comments

Western Digital DL4100 NAS

March 3, 2015 By Wayne Small Leave a Comment

SBS 2011 Configuring Certification Guide (70-169)

August 7, 2012 By Wayne Small 4 Comments

Site News

Exchange Bug Stops Mail Delivery in 2022

January 2, 2022

Huge bug found in Intel CPU that could permit hackers to steal your data

January 4, 2018

Recent Posts

  • MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts
  • Setup changes for Exchange 2016 and Exchange 2019
  • Bluetooth Mouse and Keyboard Randomly Stop Responding
  • Exchange Bug Stops Mail Delivery in 2022
  • How to open and search extremely large text log files

Tags

Antivirus Backup Business Focus Cloud Computing Community Conferences Disaster Recovery Exchange 2010 Exchange Server Future Products Hyper-V Installation Microsoft Migration Patches Personal Rants SBS 4.5 SBS 2000 SBS 2000 SP1 SBS 2003 SBS 2003 Premium SBS 2003 R2 SBS 2003 R2 Premium SBS 2003 R2 Standard SBS 2003 SP1 Premium SBS 2003 SP1 Standard SBS 2003 Standard SBS 2008 SBS 2008 R2 SBS 2011 SBS 2011 Essentials SBS 2011 Standard Security Service Packs ShadowProtect SMB Community Software Software I use StorageCraft Training TrendMicro Troubleshooting Virtualisation Windows Server 2012 Essentials

Terms of Use

Privacy Policy

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in