Tab Isolation

re: Tab Isolation

Pete — Sat, 13 Mar 2010 02:57:42 GMT

My problem with Tab Isolation is that while it sounds good, in practice it doesn't keep a bad page from bringing down the whole IE window and other tabs. I was reading this post when I went to espn.com. The entire IE window hung and I had to close it. When it restarted, it offered to reload the last session, I said yes...but it tried to reload espn.com and the whole window hung up again. Next time, I told it to just go to my home page.

The thing is, that's how pretty much all my IE crashes go. Some site causes a hang, and the whole window comes down. Sometimes an IE restart and reloading the last session brings things back and the problematic tab loads fine. In general, though, this is not the case, and the scenario above holds--I eventually have to give up and start from a single tab window at my home page.

re: Tab Isolation

wechrome — Tue, 09 Mar 2010 02:33:54 GMT

@Aryeh Gregor,

"In reply to Matt..."

I think by "binary extension" and "native plug-in", they are not referring to Chrome extensions, but plug-ins like Flash, Java, Silverlight, etc. etc. which Google admits that those plug-ins are not sandboxed for compatibility reasons.

@Ooh,

"My experience is exactly the opposite."

by "opposite", do you mean that after a clean install, you see IE opening new tabs faster than Firefox, Chrome and Opera? Or do you just mean you think IE open up new tab fast, but didn't compare it with other browsers?

Really, if you don't compare it with other browsers, you may think IE is fast, like opening up a new tab with half a second is already fast. but if you use other browsers that can open up new tabs within 1/10 of a second, you will realize that IE is quite slow, compared to the competitors that is.

re: Tab Isolation

full disclosure — Sat, 06 Mar 2010 20:50:13 GMT

Rather than blame rouge addons for poor IE performance (which is getting real tired!) try helping out the end users with some actual stats for start times for various common addons (say the top 40)

That way end users can make an informed decision as to which addons are slow and if they really need them.

e.g. if the Bing toolbar is causing IE to be really slow then we can uninstall it (or poke MSFT for a patch)

if the IE dev tools are slowing it down we can uninstall them.

ultimately we all want a fast browser - hence the mass exodus to Firefox, Chrome and Opera over the past 3-4 years.

if IE continues to have performance issues there are only 2 outcomes. 1.) the cause is fixed or worked around or 2.) users switch to a better browser.

I don't have any video tools on my PC to record the new tab speed but I assure you it is slower than any tab based browser i've ever used.

re: Tab Isolation

Aryeh Gregor — Fri, 05 Mar 2010 21:52:17 GMT

@Matt: I didn't say anything about plug-ins, only extensions. I use the terms the way Firefox does: plug-ins are things like Flash that use the NPAPI, and extensions are things that use browser-specific interfaces. I guess IE doesn't support the NPAPI, so maybe there's no difference for it? But there is for all the other browsers. You said "binary extension processes are new to Chrome 4.0", and I assumed you meant extensions, not plug-ins.

Anyway, Chrome doesn't sandbox plug-ins last I heard, that's true. I don't know why it doesn't at least run them in low integrity mode on Windows -- if IE8 can do it without breaking them, why can't Chrome? I was only talking about extensions (which are certainly a much smaller share of vulnerabilities).

As for Chrome sandboxing not being secure on XP, do you have any evidence to back that up? Are you aware of any exploits in Chrome's sandbox on XP that an attacker could leverage? All the Chrome documentation suggests that they rely on a variety of features, not just Vista-specific ones -- like giving it an almost zero security token. I don't know much about Windows, but security tokens have been around since the dawn of NT, haven't they?

re: Tab Isolation

Klimax — Fri, 05 Mar 2010 21:20:39 GMT

Tortoise:

Looks like it was only coincidental. But good excludes/includes can improve performance as cache process won't generate that much activity and RAM usage while going through directories woll see reduced delays as Tortoise won't check those under excludes.

Ok.Sorry,looks like I was mistaken...

(Only few ms more or less)

re: Tab Isolation

Klimax — Fri, 05 Mar 2010 20:44:02 GMT

@Kevin:

I have been trying for several hours to capture PM log where it happens,but I couldn't just get new process. So I'll try again at least with new instance (frame,tab) and we'll see.

As for links,I don't have any,I saw it while hunting down a problem, but never got around to see definitely.

Once I get PM logs,I can post links to them.

(So far I have 4 and they show interesting things - like it looks like registry/dll loading is consuming majority of time;if no error in analysis)

re: Tab Isolation

Matt — Fri, 05 Mar 2010 19:10:13 GMT

@alienRancher: Chrome is a good browser, although their protection against phishing and download of malware is weak. So, most users are probably more secure from the most common attacks with IE8.

While it's true that Chrome does what it can to protect users on XP, the truth is that the mechanisms they're using all have holes in them. Why? Because XP doesn't have kernel-enforcement of the features they're using as a security mechanism. That's why Microsoft didn't try to port protected mode to XP-- they needed the security provided by new work done in the kernel.

re: Tab Isolation

Matt — Fri, 05 Mar 2010 19:07:24 GMT

@Aryeh Gregor: You're proving that a little knowledge can be a dangerous thing. First off, let me state that I like Chrome's extension model; they did good work by virtue of being able to start from a fairly blank slate and from learning from the experiences of others.

However, by echoing the talking points of Google's marketing, you're doing a disservice to the truth. The truth is that most web add-on vulnerabilities are in browser add-ons that will run with full user-trust in Chrome (specifically Flash). There's currently no capability in Chrome to say "Run my binary extension in the sandbox" so even if Flash wanted to move, they couldn't. Chrome has a cmdline extension to force ALL addons into the sandbox, but this breaks most of them.

All of your discussion of the gallery and so forth is a red-herring... those mechanisms are about trying to block MALICIOUS browser extensions, while the threat under discussion is the risk of VULNERABLE browser extensions.

re: Tab Isolation

alienRancher — Fri, 05 Mar 2010 18:26:09 GMT

Aryeh brings a good point, since most windows users are still running XP, then most user are worse off security wise running IE8 than running Chrome.

Andy Zeigler, do you agree?

re: Tab Isolation

Aryeh Gregor — Fri, 05 Mar 2010 17:52:51 GMT

A couple of points about Chrome:

1) Chrome processes are sandboxed much more heavily than just Low isolation. According to <http://dev.chromium.org/developers/design-documents/sandbox>, they use Low isolation if on Vista, but also have a very restrictive security token, run as a Job object, and run as an alternate desktop. IE renderer processes can't write to user files, but Chrome renderer processes can do virtually nothing at all (even on XP, where IE8 runs with normal privileges -- right?).

2) In reply to Matt: "Yeah, binary extension processes are new to Chrome 4.0, but it makes no difference, the binary extension process runs at user-trust and thus exploit remains dire." This is not true. See <http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-185.pdf> for a discussion of Chrome's extension security model.

Chrome extensions that want to execute arbitrary code must explicitly say that in their manifest. If an extension does say that, then 1) it won't be put up on Google's extension gallery unless the developer signs a contract with Google, and 2) if the user tries to install it from a third-party site, the UI will be the same as for downloading an executable.

This strongly encourages extensions to not request arbitrary code execution rights, so in practice, the overwhelming majority of Chrome extensions cannot execute arbitrary code (unlike IE or Firefox extensions).