Cringely on Chrome

The New York Times is carrying an op-ed piece by Robert Cringely on Google’s newly-announced Chrome OS, called “Chrome vs. Bing vs. You and Me”.  (Bob Cringely wrote the “I, Cringely” column for several years at PBS; he now has an independent blog site.)  He sees the announcement of the Chrome OS as a weapon aimed at Microsoft, but one that is not necessarily intended or expected to be a commercial success:

THE battle between Microsoft and Google entered a new phase last week with the announcement of Google’s Chrome Operating System — a direct attack on Microsoft Windows.

This isn’t the first salvo in a war that has already seen Google lob its Chrome Web browser against Microsoft’s Internet Explorer, Google pit its Android smart-phone operating system against Microsoft’s Windows Mobile, and Microsoft, in turn, aim its new search technology, Bing, against Google’s very heart — the Google search engine.

This is all heady stuff and good for lots of press, but in the end none of this is likely to make a real difference for either company or, indeed, for consumers. It’s just noise — a form of mutually assured destruction intended to keep each company in check.

He goes on to argue that Google’s principal objective is to position Chrome as a threat to Microsoft, to deter Microsoft from trying some sort of technical sabotage of Google’s applications when they are used from a Windows PC.  He also says that both companies are incredibly focused on protecting their “cash cows”: search, and the associated advertising, in the case of Google; Windows and Office, in the case of Microsoft.  As he points out, these are not only the most profitable business areas for these firms; they are virtually the only profitable ones.

In essence, Cringely sees Google’s Chrome OS and Microsoft’s new Bing search as the weapons in a technological version of Mutually Assured Destruction.  Up to a point, I agree with him: certainly the rivalry between the two firms is an important — maybe the important — motivating factor in these developments.

But I think he is a little too pessimistic when it comes to the effect on consumers.  Technology moves so quickly that it is easy to forget even relatively recent history.  But if we think back 8-10 years, we’ve already seen a big change in the PC software market.  Microsoft has had to deliver some updates to its Internet Explorer browser, mainly because its position was threatened by Mozilla’s Firefox.  Microsoft’s Live offerings, and its multi-billion dollar data center construction program, are very good evidence that Google has gotten their attention.  Google’s services have motivated other vendors to upgrade their offerings, too.  Mapquest is better than it was before Google Maps came along, and virtually every Web E-mail services has improved since the advent of Google Mail.

I think it remains to be seen whether either Google or Microsoft can take significant market share from the other.  But the fact that there is now another player with deep pockets and talented staff in the game has made Microsoft behave more like a competitor and less like a firm leading by divine right.   I think that’s a win for consumers.

Internet Explorer: Exploit of the Week

Microsoft has issued a new security advisory for Internet Explorer.  It relates to a Microsoft Office Web component, the ActiveX control that is used to display Excel spreadsheets retrieved from a Web site.  This is a serious vulnerability, since it potentially would allow execution of an arbitrary program if a user simply visits a compromised Web site.

According to the advisory, there is no fix available at present for this vulnerability.  There is, however, a work-around which disables the vulnerable software control.  This is done by setting the “kill bit” for the relevant ActiveX controls in the Windows Registry.   As I have noted before, this is not for the faint of heart.  Instructions for implementing the fix are in the “Suggested Actions / Workarounds” section of the advisory.  The ClassIDs of the Active X controls are:

{0002E541-0000-0000-C000-000000000046}

{0002E559-0000-0000-C000-000000000046}

Alternatively, you can look at the associated Knowledge Base article.   In the “Fix It for Me” section, you will find a link to download a small Microsoft Installer (.msi) file that will set the appropriate kill bits.

According to Microsoft, implementing the workaround should not affect applications, other than to disable the facility for viewing Excel spreadsheets for the Web.  Since there is apparently an exploit for this vulnerability “in the wild”, I recommend implementing the work-around as soon as you can.

The SANS Institute also has an article on this vulnerability.

Update, Monday, July 13, 22:35

According to the report at SANS, and those from other places, this vulnerability is now being actively exploited on a fairly widespread basis,.  I strongly urge folks using Windows to either install the work-around described above, or use an alternative browser that does not employ ActiveX, such as Firefox or Opera.