Wednesday, September 3, 2008

Google's New Browser

So, Google have released a new browser called Chrome...

What does that mean from an Information Security perspective?

Not very much and a lot, depending if you are looking at the short term or long term.

So, lets get into the short term - there is a new browser. It will have bugs and vulnerabilities. These will be exploited.

Most of the browser is based on webkit which is sorta what kde uses and sorta what safari uses and sorta what a number of cell phones use. It is becoming browser number 4 after IE, mozilla/firefox and opera. This means that hackers (online criminals) will start to notice the browser (if they haven't already). Assuming that the open source promise (many eyes make fewer bugs) stands true and that Google will be quick with patches then this is merely part of the daily application vulnerability race. And if Google is quick with paches then this browser should not be any more unsafe than the others.

There are a few extra security features in this browser - that is always a good thing. For more information read here. Of course the feature that is most interesting - "each-tab-running-separately" has been compromised.

So short term - move along, nothing to see here. Lets move on to the long term...

What is most important in my mind for the long term is the "why" of this browser - why would Google want to jump into a market where they can't be the biggest or the best or even a very effective niche player? Especially since they have a good relationship with Firefox and their product is almost entirely webkit? And their browser is essentially all open source so all the good bits will be analysed and added to Firefox anyhow or improved upon and added to Firefox.

The answer is simple - Google want their browser to fail.

Huh?

Well, that may a bit unfair but they really don't care either way.

Google is the search engine leader. They are also slowly becoming the Internet. This blog is hosted by Google, its feed is hosted by Google. If I need to host video, pictures, sound etc then I would probably choose Google - they are really good at hosting and why bother looking elsewhere when I already have a Google account?

So, almost all of my public information is hosted by Google. What about my private information?

Well... no.

That is all stored safely on my laptop for four reasons -

  1. I don't trust Google.
  2. I don't trust the Internet.
  3. The tools for creating private documents are so much better than the online ones.
  4. I can get to my documents when I am offline.
  5. The Internet is too slow.

But a lot of my computer day is spent in Microsoft Office. That is a lot of advertising opportunity lost. And if Google can access my personal files then they will have a better idea of what adverts to send my way. Which in turn will make their advertisers happier and Google stock go up.

And all it would take is sorting out the above 5 points.

I was going to go into each one but this post is already getting quite long. Just note that the three features that are most important in Chrome are:

  • Security and stability
  • Offline application mode
  • Fast running and standards based application engine
In other words - helping making it easier to use Google's online applications. Most of the factors are going to be taken care of with Chrome and its kids.

What will happen is that Firefox will catch up with Chrome but Google won't care what you use to access their online applications - just as long as you access them. And that is their game plan.

What this leaves is the final question - all things being equal - is your information more at risk on Google's servers or on you laptop at home?

That is a good question but one we should be looking at.