Some time ago Google released their Chrome browser.
Chrome breaks some rules. I'm not sure that this is a bad thing.
In the good old days of MS-DOS and PC-DOS, files were files and pretty much all files stood on an equal footing. Some files were executable code, some were data, but all were files. Disks held files in a bunch, and there was little in the way of organization. (Savvy users grouped files in directories by application, other users placed all files in a single directory.)
With the Windows age, Microsoft provided an organization to files. Executable files become special and lived in the "Program Files" directory. Users had individual directories and stored private data in those directories. Other directories held common data. (Microsoft made little mention that Unix used similar structures for decades before Windows did.)
Collecting executables in the "Program Files" directory (which was divided into subdirectories for vendor and product) provided several benefits. First, it was a common and agreed-upon place to store executables, which made updates easier. Second, it eliminated (or at least reduced) duplication of files. Third, it provided all executables to all users, allowing Windows to expand its multiple-user capabilities. Fourth, it allowed Windows to govern access to executables, and limit access to privileged users. (Not all configurations did this, but it was common.) Ordinary users found that they could not add or adjust program files. This limitation was a good thing; it prevented many viruses from spreading. Users could manipulate their own data (they had total rights to files in their directories) but not change the executable files.
This model was so strong that even I followed it when I configured systems. I had administrator access to systems, and I added applications into the "Program Files" directory. I did not think about adding them under the user directory; such things just "weren't done".
Google's "Chrome" browser, or more precisely its install program, breaks this rule. The Chrome browser does not live in "Program Files"; it lives in the user directory. This is a significant change. It allows some freedom, but it adds some risks.
First the freedom: By installing in the user directory, Chrome allows anyone to install it. Most Windows systems are configured to allow only an administrator to add or change files in "Program Files", and the average user cannot install programs. Chrome's install ignores that tradition and installs into the user directory, where the user has rights to create files. (To be honest, most programs will let you pick a location for installation; most simply default to "Program Files". Although some want to put selected files in system directories where you need administrator access.) Chrome makes it easy for anyone to install it.
Now for the risks: Executables in your user directory are easily modified. The protection that Windows provides is that you, as a user, cannot modify executable programs. Nor can processes that you start, even if they are infected with viruses. (Viruses often propagate through executable files, not data files.) By locking the "Program Files" directory, Windows shuts down one transmission vector. By keeping executables in the user directory, Chrome opens the vector. (Not to other users; just to your files.)
I'm not sure that this idea (install executables in a user directory) is good. Or bad. I'm thinking that it does not scale well. If every application used this technique, we would be back in the days of MS-DOS and individual directories for each application. On the other hand, each user would have their own set of applications and could control the update of them. Home systems are controlled by the user but corporate systems are controlled by a central administration group. How many of you have had an application (such as MS-Word) upgraded to a new version by your support teams? And did they ask for your permission?
Chrome has broken a rule, for good or bad. It has some interesting consequences. I expect few companies to follow Google's lead; staying with the tradition will serve them well.
The benefit would be to a company that built small, cheap applications and made them easy to buy (perhaps in an "App Store"?) for individuals. Then users -- even corporate users -- could purchase applications and install them on their locked-down PCs.
No comments:
Post a Comment