Tag: "google"

Google sinking faster than Internet Explorer

The technology press continue to amuse me, long have they spouted the myth about the death of Internet Explorer. They always tout the gradual erosion in the usage share of Internet Explorer, a few years ago we'd see articles every month about how usage share has declined.

Today Internet Explorer remains healthy with 56.77% (according to Net Applications). Over the last year it had four months of growth, but overall is down 4.81%. Coincidently the tech press' old darling Firefox lost 2.47% share during the same period, losing 11% of its users, compared to Internet Explorer that only lost 8% of its users.

But how is Google, the darling of the technology press doing in its core business of search?

Using the same logic that the press apply to Internet Explorer, Google Search is far beyond a sinking ship, its a shipwreck that's on fire and is about to explode.

Google have dropped from 74.5% marketshare last year to 65% this year (According to Compete). Google managed to shed 9.5% share to its main rival Bing. With numbers like that more than 12% of Google's users in the last year have moved over to Bing.

That's double the marketshare that Internet Explorer lost in the same period.

Yet we don't hear a peep about this.

Of course Internet Explorer isn't really a sinking ship, Internet Explorer 8 was the fastest growing browser ever, and version 9 not only offers fantastic HTML5 support, it is also the fastest browser on the planet. Nor is Google Search a shipwreck on fire about to explode, I actually use it for most of my complicated search queries, because it handles them better than Bing, which is better at more mainstream stuff.

The point of this post has simply been to highlight the hypocrisy in the technology press. They can't call Internet Explorer a disaster, and cite losing 5% marketshare without calling Google Search an even bigger disaster.

Google Instant: Been there, done that

With a fair bit of hype Google launched their "Instant" search yesterday. Well Catherine was getting it, it wasn't showing up on my machine despite being behind the same router and using the same browser. Today it is.

Google describe it as:

The new experience transforms search, delivering results instantly, in a way that has never been done before. Now, results appear automatically.

Very nice. Basically it returns results for every character you type, well less so if you type fast. At the moment it's being pretty slow here, and only kicks in after I've typed a word or two. Was a bit faster yesterday so I assume their servers are under more load than usual due to all the coverage.

But Long Zheng in about two hours put together the same thing over a year ago with Bing's AJAX APIs.

Never been done before? Get real Google. You also lose points for using the word "magic" in your little marketing video.

I'll stick to using Bing as my default search engine, I only ever copy and paste things into Google, such as error messages as Google seem to do better in that regard and as such Google Instant isn't much use to me.

Google News sitemap for b2evolution

The other day we got Gamercast listed on Google News, however we had a bit of trouble getting our news articles correctly indexed so I had to find a Google News sitemap plugin or skin for b2evolution.

After 30 minutes of searching I came up empty handed. So I just modified the existing _sitemap skin to do the job.

You can download it here.

There are a couple of things you'll need to do to get it working. First up you'll need to specify the publication name, language and any Google keywords in the file directly. I didn't pull this information out of the blog because the blog name might be different to the publication name on Google News, plus Google recommends specific keywords. So yes this may cause issues if you run multiple blogs on the same backend which you want listed on Google news, however as a workaround you can just use multiple copies of the skin. There's also some fields not used by the skin, such as the tags field or the subscription options.

You'll then want to upload it to the b2evolution skins directory into a folder of your choice, for example _newsmap. You can then check to see if it is working by visiting yourblog.somewhere/?tempskin=_newsmap that should show articles from the last two days. All you'd need to do then is submit if via Google's webmaster tools.

Google spreading the security FUD

This week's news of Google transitioning away from Windows to Linux or Mac OS has spread its way across the internet, Google cite security reasons for the move. But is that the only reason behind it? The answer is no.

First up, we're talking about Google; of course they would rather run their own in-house stuff. Primarily Linux, they use that as the basis of Android and Chrome OS, their servers run Linux. It should come to no surprise that Google from a corporate level would prefer to be seen running their own stuff, or if not their own at least not the stuff of their main competitor - Microsoft.

That in my opinion is the main reason behind it. The security excuse they chucked out is FUD pure and simple. Microsoft or Windows aren't at fault for Google being hacked back in January. Google got hacked because their IT administrators allowed a 9 year old browser on their machines, running on a 9 year old operating system. I tell people almost daily, upgrade your browser, and if you can afford it look at moving to Windows 7.

If they had proactive IT administrators, ones who roll out updates within days of their release, or ones who through group policy prevent unpatched machines getting onto the network this would not have happened. Heck IE8 was blasted onto all my machines within hours of release. Testing compatibility with the machines or their own systems could be done during the public beta. For Google, a so-called leading internet company to be using a nine year old browser is embarrassing.

Of course Google were quick to blame Microsoft for the problem, why wouldn't they? The fact it didn't effect Windows Vista or up, or Windows XP with IE7 or up was irrelevant, they needed some FUD to spread. This new story is just part two of their FUD campaign, and they're almost getting a free pass with it.

Google could deal with all their security problems by moving to Windows 7. They might as well even use their own Chrome browser if they want, it is pretty respectable. Moving to Linux is certainly not going to solve their security problems, and giving their workers the option for Mac OS in addition is only going to be a total security disaster with how insecure that is.

Security wise, Mac OS X is a joke, it consistently falls first in any test. Linux is respectable security wise, although it has far more vulnerabilities than Windows, and is more difficult to maintain, and let's not even talk about usability. Microsoft since the release of Windows Vista back 2006/2007 has had a very good track record on security, to the point where exploits on Windows aren't targeting Windows itself anymore, they're targeting Adobe Reader, Flash or QuickTime because exploiting Windows itself is too difficult these days.

For Google to cite security is laughable.

Internet Explorer 8 is more secure, and why the Firefox fanboys and the media need a security lesson

So Internet Explorer has been the media's main victim this past week. With stories about how it is completely unsecure.

Of course having a vulnerability isn't a good thing, but why is this getting so much attention, especially considering it's not even being used to target individuals? Well I suppose the media have to knock Microsoft, it's about the only thing they can do when it comes to Microsoft so this will have to do.

Tech Radar recently interviewed Microsoft's head security guy in the UK Cliff Evans. And did a pretty bad job of it. So Evans was explaining how switching away from Internet Explorer 8 isn't a good idea - something I agree with.

"If you were to ask me 'what's the most secure browser?' I would say Internet Explorer 8 – we're talking about a single vulnerability," he added.

Ouch a single vulnerability that's bad right? Some guy called richmurrils seems to think so and comments:

That's the funniest thing I've read in ages. :D

Of course what he really demonstrates is how little richmurrils actually knows about technology or security, I expect he was one of the people telling people to turn UAC off /facepalm, and how Tech Radar can't report things in context. So I'll put things in context even if they can't be bothered to, Firefox 3.5 has had at least 35 documented security vulnerabilities. Linux based operating systems can have hundreds of vulnerabilities discovered each year, Windows historically has had the fewest usually at just a dozen or two every year discovered. A single vulnerability isn't anything unusual.

Of course nobody bothers reporting that this vulnerability can only be exploited on Internet Explorer 6, a 10 year old version and on Windows XP a 10 year old operating system. Do Mozilla even bother to support such old products? Of course not.

Alright sure the vulnerability still exists in later versions, but it cannot be exploited on newer systems because of the additional security measures Windows Vista and later provide. Namely Protected Mode made possible by UAC.

When using Firefox a hacker only has to exploit code in the browser to run code on the machine. Exploiting Internet Explorer not only requires them to find a vulnerability and exploit it but it also requires them to somehow break out of the Protected Mode sandbox. Charlie Miller a security researcher talks a bit about this back during the Pwn 2 Own contest:

Why Safari? Why didn't you go after IE or [Firefox]?

It's really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows (Vista and later -Paul).

It's more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn't have anti-exploit stuff built into it.

With my Safari exploit, I put the code into a process and I know exactly where it's going to be. There's no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don't know where it is. Even if I get to the code, it's not executable. Those are two hurdles that Macs don't have.

It's clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that's only half the equation. The other half is exploiting it. There's almost no hurdle to jump through on Mac OS X.

Of course 3rd parties could use Protected Mode on Windows Vista and later like IE7 and 8 do. But Mozilla, Opera and others simply don't bother. They let the process run with the same rights as the user which is fundamentally less secure then running the browser in its own little sandbox where it can't get out.

In reality vulnerabilities like these are rarely what normal people come up against on the internet. The main problem is phishing and malware. Both of which are socially engineered to get the computer user to either hand over their data willingly or willingly install an application that's malicious. So how does Internet Explorer compare? IE8 blocks 83% of phishing websites completely, compared to Firefox which blocks 80%. While Internet Explorer 8 blocked 81% of malware before it reached the machine. Firefox blocked less than 30%, and other browsers scored even worse (source).

So not only is it more difficult to exploit vulnerabilities on Internet Explorer 8 on Windows Vista and up. The malware and phishing filters are also better on IE8, something that will protect most computer users.

One last comment is on how well Google and the media have spun this around from a story about how Google got broken into and people's personal data was stolen into a story about how a 10 year old browser on a 10 year old system has a single vulnerability, without even asking why Google are running such dated systems or without bothering to report that newer versions of IE aren't as susceptible. Nice spin department working there.

Update: Mark informed me that Chrome also runs in a sandbox.

What is an MS Explorer and Google's security

The BBC have a headline that reads "German government warns against using MS Explorer". Well that's no problem, as I've never even heard of an MS Explorer. Of course what they're really going on about is Internet Explorer, and how version 6 was used to compromise Google's systems.

find an alternative browser to Internet Explorer to protect security.

Who knows what "protect security" actually means. Perhaps they mean protect their systems, or improve their security. Seriously who wrote this article?

What they should really be having a go at is what sort of incompetent system administrators would be using a 10 year old browser on a 10 year old operating system. Ed Bott says such administrators should be guilty of malpractice. And I agree with him, what sort of people are running the IT departments of companies like Adobe and Google to allow such dated technology on the network.

Even three year old systems like Windows Vista and Internet Explorer 7 in the default configuration are immune to this sort of attack.

And it is just amazing that this has somehow been spun into an anti-Internet Explorer story when the real story is how can we trust Google with our data in the cloud when they're running such antiquated systems?

1 2