nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Google to kill Symantec certs in Chrome 66, due in early 2018

Silver badge
Pint

I haven't trusted Symantec since 2007

I'm happy to see that others have finally caught on...

7
0
Silver badge

Re: I haven't trusted Symantec since 2007

You shouldn't trust Google either, so this is pretty much Meh.

20
3
Silver badge

Re: I haven't trusted Symantec since 2007

I haven't trusted Symantec ever.

7
2
Silver badge
Happy

Re: I haven't trusted Symantec since 2007

I don't know who Symantec are!

4
0
Silver badge
Headmaster

Re: I haven't trusted Symantec since 2007

They used to be "Norton Antivirus"

10
1

Re: I haven't trusted Symantec since 2007

> I don't know who Symantec are!

They're the virus installed on laptops bought from PC World that usually require a clean reformat to remove.

11
0
Silver badge

Re: I haven't trusted Symantec since 2007

Fuck's sake! Do i have to start putting sarcasm tags round my posts now?

3
0
Bronze badge

Re: Sarcasm

Oh, so you were just being funny. Meh, the wide eyed innocent interpretation ended up being more useful for those lazy sods like me who vaguely recollected the name but couldn't be bothered to search.

I haven't been anywhere near them or their predecessors since viruses came on floppies.But why does it have to be "Big Google" that is judge, jury and executioner? Because there is no-one else? Hmm.

1
0
Silver badge

Re: I haven't trusted Symantec since 2007

People buy computers from PC whirled?

0
0
Silver badge
Boffin

Old certs surely?

The certificates will be 2 years old by the time Google block them. I can only buy certificates that last up to 3 years, so surely most will have expired by the time they're blocked.

8
0
Silver badge

Re: Old certs surely?

If you think something's expired when it has a year to go then yeah.....

(That is some degree level thinking!!!)

4
5
Silver badge
Trollface

Re: Old certs surely?

"If you think something's expired when it has a year to go then yeah....."

Assuming that cert lifespan is always three years and purchase/renewal rate is reasonably constant, by the law of averages around 66% of certs currently in use will have expired by the time this comes into effect - that's a more solid "most" than the Brexit result...

19
0
Silver badge

subbie missed a trick

Symantec kicked; in Chrome 66

8
0
Silver badge

I dislike Symantec business practices more than I do Adobe and Microsoft. They all buy out other companies and often ruin a good product when they get hold of it but Symantec ruin EVER product they get their hands on. So i hope this blocking of their certs by Chrome really hit them in their bank balance.

8
0

go to example:

Veritas.

4
0

This post has been deleted by its author

Re: Norton / Symantec is not slow

How's the job as head of marketing at Symantec going AC?

12
1
Anonymous Coward

Re: Norton / Symantec is not slow

Translation:

I am smoking the Symantec pipe, and although it tastes bad, I have got used to it.

If you have tried AV on an SSD equipped PC or laptop, the performance isn't too bad. Compared to other AV products, we slow down performance by about the same amount and generally hit the industry averages for bricking your PC via updates.

When we buy new businesses, we are quick to splash out the brown paint so that our levels of quality are quickly met...

11
1
Facepalm

Re: Norton / Symantec is not slow

I think it was Norton who welcomed the advent of the dual-core processor.

Because, they said, now one core could be dedicated to running antivirus without slowing down the "real" work being done on the other core.

3
0
Silver badge

Re: Norton / Symantec is not slow

When we were borged by the bug yellow bucket o'fail, we got yellow silicone rubber wristbands in Fail Yellow, embossed with the word "BELIEVE". We hardly could.

True story.

1
0

not sure I like the power and muscle google is flexing here. I do not see how it is their job to stop a browser from working with certificates from a particular provider. I would not be at all surprised to see google start issuing its own certificates, and a little down the road have chrome only accept google certificates. I am already totally irritated by how they get to decide what they are going to let me view. Not their choice to make IMO. None of this going in a good direction. Too much control.

1
1
Bronze badge

not sure I like the power and muscle google is flexing here. I do not see how it is their job to stop a browser from working with certificates from a particular provider.

1) It is exactly their job to asses as to whether their software will trust a CA. This is how the certificate system works. It is a chain of trust. The software receiving the certificate has to somehow trust the cert (usually via a chain of trust to the signer). To 'trust' a CA, the software has to include (i.e. a pro-active step from the developer of the software) the trust chain in the software (or it can trust the operating systems truststore). Therefore a CA like Symantec, Digicert, etc. has to ask the developer (Firefox, Chrome, or the OS like windows which has an OS-wide truststore) to include them in that chain of trust, so they can put the cert in the software-supplied truststore (one of the things updates to browser/OS software does is add/remove certs from their truststores). If the developer of the software no longer trusts a CA, then they are perfectly within their rights - in fact this is how it is supposed to work - to have their software to stop accepting certs signed by that CA.

2) I'm not 100% sure on this, but you could probably manually trust the Symantec CA by installing the certs yourself in the appropriate truststore. Most of these systems have exceptions/documented/standard ways of enforcing a user-preference on the certs, manually updating the trust-stores and revocation lists. What we are talking here is the out-of-box, un-user-configured/personalized experience of Chrome.

3) Chrome is Google's browser, so they can do with it as they will. Chrome isn't by any means a monopoly. The browser market is a crowded place. This is not a situation where there aren't viable alternatives. Don't like it, there are PLENTY of other browsers out there, Firefox, IE, Edge, Safari, Vivaldi, and more. Many of those others are forks of the main browsers engines, but since they are forks they can decide whether or not to include certain features.

4
0

Indeed - it is exactly their job to do this.

And it's not the first time. In fact, Firefox acted much faster than Google over the StartCom/WoSign shenanigans, but Google have done the same with them.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing