Wednesday, April 20, 2011
Chrome Proves Resistant to Browser Rape
Consider this. You notice that each time you leave your house wearing that provocative red shirt that screams you're "asking for it", you get raped. You not only get raped, but each time you catch a different nasty STD that your family Doc doesn't know how to cure nor detect reliably with a blood test. The STDs make you randomly empty the cash from your wallet, give strangers all your on-line bank login credentials, tell all your best invention ideas to randoms, and make you continuously dial a phone number for long periods of time. Common sense says that you'd stop wearing that red shirt, unless you were into living out rape fantasies and these fun remnants.
Why then do we still use software that has proven to be that red shirt rapists like? Because we are lazy, afraid of change, and don't give ourselves credit for being at least intelligent enough to figure out how to use another simple application like a web browser. Internet Explorer just one of these red shirts! You have little need for this red shirt outside interacting with it's vendor.
I can admit that non-technical folks can get lost with Firefox + NoScript, as it requires the user have a clue. Chrome on the other hand, is pretty much a drop-in replacement for IE that has proved its resilience to attack (we can debate the reasons another time) in the Pwn2Own 2011 contest at CanSecWest. Whatever the reasons for it surviving, my point is it does not appear to be a worthy target for browser rapists yet.
The Chrome developers have also taken a serious step towards user awareness with the Phishing and Malware detection based on Google's own samples of these URLs. Not to mention the browser is sandboxed! Read more at Chrome's propaganda site.
Security is not about hiding under the nice soft safety blankey of a firewall and an AV product that soo many "security professionals" seem to do. It is a much bigger thing that includes altering the attack surface to be in your favor, behavior modification, and education. Do your part to prevent software rape, please.