October 05, 2009, 1:25 PM — We all know that Internet Explorer, especially the older versions like IE 6, is slow and insecure. You may also have heard that Google released a plug-in, Google Chrome Frame, that essentially lobotomizes IE and replaces its functionality with its much faster Chrome Web browser.
It's a cute trick, and it really does show off just how much faster IE with Chrome Frame is than plain-Jane IE. I've done it myself on my Windows XP and 7 boxes and the results are stunning. I expect it to be faster, but what I got was 'knock your socks off' faster. I saw complicated pages that were fat with JavaScript and took up to 10-seconds to load with IE, explode onto the screen in less than a second.
Microsoft has thrown a fit about this. Amy Bazdukas, Microsoft's general manager for IE, said, "It's not necessarily that plug-ins aren't or can't be secure, but that running a browser within a browser doubles the potential attack surface in a way that we don't see is particularly helpful."
They're not the only ones objecting to Chrome Frame though. Mitchell Baker, the chairman of the Mozilla Foundation, the makers of IE's greatest rival Firefox, also objected strongly to Google Chrome Frame. She wrote, "Once your browser has fragmented into multiple rendering engines, it's very hard to manage information across Web sites. Some information will be manageable from the browser you use and some information from Chrome Frame. This defeats one of the most important ways in which a browser can help people manage their [Web] experience."
Google disagrees. Google claims that Google Chrome's security features to Internet Explorer users," said a Google spokesman today. "It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP]."
Generally speaking, I like Google and I dislike Microsoft. But, in this go-around, I'm on Microsoft's side.
Yes, Chrome is more secure than Internet Explorer 6, but then, what isn't more secure than IE 6? A better question is: "Is Chrome more secure than the currently shipping Internet Explorer 8?" The answer to that question is 'probably.' But, the best question, the real question that Google is asking is: "Is Internet Explorer 7 or 8 safer with or without Chrome Frame?" The answer to this one's easy. IE is safer without Chrome Frame.
Adding Chrome Frame to IE doesn't just gives hackers not one just more surface to attack, it also gives them the glue between IE and Chrome Frame to assault. Yes, IE with Chrome Frame really is incredibly fast, but it's also a lot more vulnerable to malware incursions.
In addition, the combination of Frame and IE must be more unstable than IE alone. As Baker pointed out, when you're running Frame with IE, "your browser has fragmented into multiple rendering engines." That sounds like a recipe for hard-to-fix browser problems to me.
I've liked Google's Chrome Web browser from day one. Over time, I've grown to like it on Windows over both Internet Explorer and Firefox. But, while Chrome Frame shows just how slow IE really is, there's no way I can recommend using it.
Want a faster than fast Web browser? Then download and install Chrome. Bu itself, it's safe enough. But, just skip Chrome Frame. Mixing and matching Web browsers is just asking for trouble.
