Saturday, April 24, 2010

Improved Security

http://www.tomsguide.com/us/BitDefender-Trojan-Google-Chrome-Extension,news-6571.html

I thought this was a great example of social engineering to create security holes. Google Chrome has had excellent growth in the browser market, and there are numerous positive associations with the Google name. This seems targeted explicitly at business users since it claims to improve accessing documents from emails. This is an interesting move and one that directly pits corporate IT against user flexibility. Is the only right path for corporate IT to forbid any user use of .exe packages? What about legitimate updates?
While corporate IT can do all legitimate updates themselves, this type of forced control creates a lot more work for IT in dealing with every time there is a basic upgrade to a browser, graphics driver etc. Th other option would be to deal with cleaning up issues form less sophisticated users falling prey to tactics like this. I assume each company has to do its own cost benefit trade off, and may set policy by department. Where I work all IT employees are assumed to be sophisticated enough users to slef manage most updates etc. but Sales and otehr departments are not.
I also hope if anyone is reading my blog and using Chrome that they are careful of this issue at home and at work.

No comments:

Post a Comment