Forgot your password?
typodupeerror
Chrome Upgrades IT

Google Chrome Is Getting Automatic Blocking of Malicious Downloads 138

Posted by timothy
from the whose-opinion-of-the-malware-though dept.
An anonymous reader writes "Google today announced Chrome is getting an automatic download blocking feature for malware. Google has already added the new functionality to the latest build of Chrome Canary. All versions of Chrome will soon automatically block downloads and let you know in a message at the bottom of your screen. You will be able to "Dismiss" the message, although it's not clear if you will be able to stop or revert the block."
This discussion has been archived. No new comments can be posted.

Google Chrome Is Getting Automatic Blocking of Malicious Downloads

Comments Filter:
  • by barlevg (2111272) on Thursday October 31, 2013 @01:54PM (#45292485)
    I shouldn't have to install IE if I want to set up a little virtual ecosystem. [xkcd.com]
    • by Jeremiah Cornelius (137) on Thursday October 31, 2013 @02:16PM (#45292733) Homepage Journal

      Well. There goes your downloads of TOR and Transmission... What's blocked next?

      Maybe XBMC. Those plugins are GATT and SOPA problems just waiting to happen.

      If people want to cut the cable? Just wait for Google to "steal" the XBMC source for GoogTV, like they raped Linux for Android.

      The moral of this speculative fable? Google should be making software, not policy decisions.

      • by nullchar (446050)

        But us users need protection from ourselves!

        Consume media. Don't think.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      This latest build of Chrome Canary is indispensable in my job at the coal mine.

  • So it already has a drive-by download installed and running. Just sayin'.

    • Not really a drive-by, more a bundle. But you get that kinda crap bundled with lots of free stuff.

    • This.

      Anyway, I'm way less worried about some lame malware developer's effect on society than Google's.

    • by tepples (727027)
      I thought googleupdate.exe was just so that Chrome didn't have to ask for an administrator's password when a security patch is available.
      • by lgw (121541)

        Yes, that's the intention, and software always works as intended, so we have nothing to worry about. Automatically installing software from whatever server that googleupdate.exe thinks is the mothership has no potential security problems of any kind.

  • Bah... (Score:4, Insightful)

    by Lumpy (12016) on Thursday October 31, 2013 @01:59PM (#45292555) Homepage

    Yet they wont let me disable the god forsaken auto complete in the address bar. I completely ditched Chrome because of that damned evil annoyance.

    • Re: (Score:3, Interesting)

      by zidium (2550286)

      You should use Srware Iron, a Chromium fork. It removes a LOT of the nastiness and annoyances from Chrome. I've been using it as my standard for years and ditched chrome completely since v29's fucked up New Tab Page.

      • by 0b1knob (927658)
        Comodo Dragon is another chrome clone with most of the google spyware cut out. It has some other interesting tools (cookie blockers etc.) built in. If you set it up to use comodo DNS service you will be out of the google ecosystem altogether. It also warns about sites that the Comodo webcrawler has found to contain malware altho it generates a lot of false alarms. And its free....
    • Re:Bah... (Score:5, Informative)

      by Anonymous Coward on Thursday October 31, 2013 @02:14PM (#45292713)
      If you go to Chrome's settings and search for Privacy, you can uncheck "Use a prediction service to help complete searches and URLs typed in the address bar" to turn off this behavior. Then it will only autocomplete things from your browser history and bookmarks.
      • That addresses part of the privacy concern, but not the fact that some people don't want the goddamn browser "correcting" our typing without asking. At least the command shells these days wait for you to ask for it.

         

      • by Lumpy (12016)

        does not work. They still auto complete from history and other sources. Already been down that road and had google devs tell me, "nobody sane would want to turn that off"

        • Re:Bah... (Score:4, Insightful)

          by Jeff Flanagan (2981883) on Thursday October 31, 2013 @03:04PM (#45293215)
          >nobody sane would want to turn that off

          They're approximately correct with that. Autocomplete is a huge help, and only a problem for people in bad situations where they need to hide what URLs they access or their search strings. If someone is going to give you trouble over your auto-complete, get that person out of your life.
          • by Waccoon (1186667)

            Firefox has had a problem for years where field autocomplete will automatically change capitalization. It makes it impossible for me to log into some of my development tools, because it enforces the capitalization change no matter what. I use Firefox for one tool login and Opera for the other.

            Also, I was slamming my head against a desk, trying to find out why my web site caused Firefox to insert usernames into the IRC channel field of a user's profile page. Turns out, Firefox will automatically insert yo

      • by Waccoon (1186667)

        Why don't they just call it autocomplete, like everyone else, rather than call it a "prediction service?"

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Interesting... I find Chrome's autocomplete to be nearly perfect for me, and it's probably my primary reason for staying with Chrome. This is definitely the sort of thing where personal taste would come into play, though, and I can see its behavior being annoying if you're not on its wavelength.

  • by The MAZZTer (911996) <megazzt@noSpAM.gmail.com> on Thursday October 31, 2013 @02:06PM (#45292617) Homepage

    Chrome already blocks malicious downloads. Not sure how this is new. Maybe it's a more advanced version of the existing feature.

    The existing feature already looks like the current screenshot, except the text might be different. And yes, you can allow downloads using the drop down on the right.

    Possibly this is integration of anti-virus hooks? I think the existing version might just use a Google list of known safe and dangerous downloads.

    • Well, you go to a site to download something that isn't an executable, and there are all these fraud links that, when clicked, start an auto download of a .exe or similar. Now you're two layers of defense defeated. You must carefully delete it without clicking on it. You have one more layer, "This is an executable, are you sure you want to run it?"

      I'm fine with a block of this mechanism. Oh you can be careful, but grampa? Kids? You with a clumsy finger on that 3rd and last layer?

    • by Deathlizard (115856) on Thursday October 31, 2013 @03:19PM (#45293339) Homepage Journal

      If its what I think they're going to do (reputation detaction Ala IE9) it won't help much. See my sig if you want to go more in depth as to why.

      Besides, The biggest Threats are the following

      1) Malicious Forked Open Source Software
      2) Installers with Bundled Adware

      for #1: look at VLC. there's so many malicious forks of this I can't even count them. Many times they're just Renames, but other times they have more adware and spyware Embeeded in them than I can count. Hell One I found Shows ads before you watch any video.

      Another example is "Fast Browser" which is a chromium browser fork with spyware baked in. it looks exactly like chrome and the only difference I can tell is the Icon (which rips off the chrome Icon, only Square) and the name in the about box.

      for #2. Lets do a search for VLC and highlight any download site that's not from videolan.org or sourceforge (although I should count sourceforge. they're doing this too now) (obfuscated to avoid clicking)

      VLCapp,com
      vlcmediaplayer,org
      Softonic,com
      4soft,org
      softwareinstall,com
      soft82,com
      softdls,com
      download-pc,com
      download366,com
      os-downloads,com ..and these are just the results from 1st page direct searches or ads from bing and google alone.

      I can all but guarantee that downloading anything from the above sites will get you some Potentially unwanted program or virus. I just wish that someone would make an Adblock plus list like the malware domain list for fake downloading sites.

      Now I know that it sounds like I'm Picking on VLC here, but it's just one of the more hijacked examples. You can do this with just about any popular Program. Firefox, Chrome, 7zip, Openoffice, Minecraft, even IE10 and Windows Media Player have software wrappers.

      Hell. Even the Microsoft Store in WIndows 8 isn't safe. Do a search for VLC there and the first or second hit is a link to getdesktopapp,com which piles on the junkware. when you look at the app's Publisher. he's doing the same thing with peazip, 7zip UMPlayer and openoffice.

      If Chrome does something about these software wrappers then were talking, otherwise it's nothing new from what they were doing before or what IE's been doing for years, and that hasn't stopped anything either.

      • I just install software from the signed application repository...

      • by fa2k (881632)

        Many of these "forks" may do nothing wrong legally (some may infringe trademarks). I wonder what criteria Google will use for blocking potentially legal apps

  • Great news! (Score:5, Insightful)

    by sootman (158191) on Thursday October 31, 2013 @02:07PM (#45292629) Homepage Journal

    Now, can you let me choose for myself which filetypes are safe or not? For my job, I have to download many PDFs (up to 100 at a time) and Chrome asks me EVERY... SINGLE... FUCKING... TIME "This type of file can harm your computer. Do you want to keep <filename> anyway?"

    LISTEN IDIOT: These PDFs come from a trusted source. Yes, I have to download them. No, I don't want to view them in the browser right this second. Also, I'm on a Mac, and also also, I don't use Acrobat, and also also also, this is my work machine, and IF anything would happen to it, I'd let I.T. blow it away and re-image it if needed. LET ME DOWNLOAD THE GODDAMN FILE. Every few months I search to see if there's a way to disable this, and so far I've come up empty.

    Needless to say, I don't use Chrome for this part of my job.

    • For my job, I have to download many PDFs (up to 100 at a time) and Chrome asks me EVERY... SINGLE... FUCKING... TIME "This type of file can harm your computer. Do you want to keep <filename> anyway?"

      Yeah, I find this a bit annoying too. At the same time it allows me to happily download EXEs. I don't see the big risk in opening PDFs, it is not a format which often carries vulnerabilities.

      • by Anonymous Coward

        Yeah, I find this a bit annoying too. At the same time it allows me to happily download EXEs. I don't see the big risk in opening PDFs, it is not a format which often carries vulnerabilities.

        Are you new to the internet? PDFs with Adobe reader is generally in the top attack vectors.

      • There is a script bunny tool called metasploit. It includes something called "reverse_tcp_bind." Since it has appeared pdfs have become quite the thriving infection route.

        • by lgw (121541)

          Is there any easy way to clean dubious PDFs? I'm bothered by the number of PDFs I have than might contain exploits if I ever accidentally had an Adobe product installed on some system. Any open source "PDF cleaner" or somesuch?

    • Try VisualWget. Might save you some time in general.
      Then again that's for windows. Fairly sure there are a few apps that do the same thing though.

    • Re:Great news! (Score:5, Informative)

      by Gravis Zero (934156) on Thursday October 31, 2013 @02:58PM (#45293165)

      Now, can you let me choose for myself which filetypes are safe or not? For my job, I have to download many PDFs (up to 100 at a time) and Chrome asks me EVERY... SINGLE... FUCKING... TIME "This type of file can harm your computer.

      this will remove the down warning for all file types.

      on OSX, open /Users/yourusername/Library/Preferences/com.google.Chrome.plist and replace the "download" section with this


            "download": {
                "directory_upgrade": true,
                "prompt_for_download": false
            },

      found it in 2 minutes. my google fu is strong.

    • If you have to download 100 PDFs from a trusted source at one time, then you shouldn't be using a web browser. That's a job for perhaps a WebDAV setup or any one of a zillion syncing solutions.

    • by Joce640k (829181)

      Weird, it doesn't do that to me.

      What if you view it then type CTRL-S then ENTER? Is that easier?

    • by mcmonkey (96054)

      Just imagine when this same company, instead of driving your browser, is driving your car and deciding where you go.

    • Re: (Score:3, Informative)

      by oreiasecaman (2466136)

      $ wget -i url_list.txt

    • by leiz (35205)

      Fix has already landed on Chrome Canary: http://crrev.com/231405 [crrev.com]

  • by RLiegh (247921) on Thursday October 31, 2013 @02:07PM (#45292639) Homepage Journal

    ...software contrary to corporate (RIAA/BSA) interests?

    • Re: (Score:3, Insightful)

      ...software contrary to security (NSA) interests?

      This is 2013. Fixed that for ya.

    • Re: (Score:3, Interesting)

      by novakreo (598689)
      I've already had Chrome tell me that youtube-dl was potentially malicious the first time I downloaded it several months ago. Hasn't happened since, but the potential to abuse this feature is definitely there.
  • by tepples (727027) <{moc.liamg} {ta} {selppet}> on Thursday October 31, 2013 @02:18PM (#45292761) Homepage Journal
    Microsoft has tried something similar [microsoft.com]. Each distinct executable has to build up a reputation over some long period before IE SmartScreen stops flagging it as "not commonly downloaded". The only way to make an executable build up reputation faster is to apply for an Authenticode software publisher certificate from a commercial CA ($$$) and keep it renewed ($$$ per year), which lets good reputation spill over from other executables from the same publisher that have earned good reputation. This especially messes with the release early, release often mentality of amateur free software developers who might not be willing to form an LLC and buy and maintain an Authenticode certificate.
    • by Riddler Sensei (979333) on Thursday October 31, 2013 @02:38PM (#45292981)

      God, that sounds like extortion.

      "It'd be a shame if we told the user that your software might maybe sorta kinda be malware."

      • Especially because reputation spillover could have been implemented just as easily with the key continuity management (KCM) paradigm. In KCM, each software publisher acts as its own CA and self-signs its own code signing certificate. This way a developer can prove that he's the same developer as last time without having to prove the developer's real world identity. Android code signing uses KCM, as does SSH. OS X used to before 10.8 when Apple introduced GateKeeper with default settings to block running cod
      • Extortion is the bread and butter of most major software companies' security standards. If you think this is bad, you should look into what is involved when updating Oracle.

    • by sootman (158191)

      Yeah, well, Microsoft also bugs me whenever I click a link in Outlook that leads to a file on my company's SharePoint site. A/V on the server, A/V on every desktop, and I have to click "Yes, I really want this file" every single time.

      • by batkiwi (137781)

        Your SharePoint site isn't in the trusted zone. Get your company's IT department to fix that with a simple Group Policy update.

    • by fa2k (881632)

      WTF, *this* is what the flag in the corner is nagging me about? "Turn on SmartScreen (Important)" yeah wouldn't you love that M$

  • it would be nice if there was a Windows program to install programs from a centralized repository of software that was actually scrutinized to ensure it's malware free and perhaps a security risk rating. It certainly would make open source programs more attractive because they could quickly be certified as being malware free. the rest wouldn't be able to be certified as being 100% malware free since there cant be a true analysis of the software without REing the whole thing unless they submit the source b

    • amen. Every time I use my windows machine a bunch of separate shitty updaters pops up a window about a new version. Man I wish I could go to windows update and update all my software in the background. I'm surprised Microsoft hasn't picked up on the repo thing yet. It's better for everyone.
    • it would be nice if there was a Windows program to install programs from a centralized repository

      Sounds good.

      software that was actually scrutinized to ensure it's malware free

      Sounds even better.

      open source programs [...] could quickly be certified as being malware free.

      BAHAHAHAHA! You really think Microsoft would give you a package manager and allow open-source programs to appear in the listings?! Oh, man...you almost got me there...

      • by lgw (121541)

        MS doesn't care either way about open source. What they'd likely object to is small publishers (much like the current "infrequently downloaded").

        What we really need, no joke, is "UL for software". Some 3rd party company who's only business is rating software as "not malware", and who is in turn kept honest by the big distros. Then as the little guy you could pay them to test your software, and even the most paranoid could trust that. (That's how it works today with UL and most things in your home, and U

        • I feel like your argument would be more persuasive if I knew what you meant by 'UL'...two-letter acronyms have a hell of a lot of meanings...

          • I feel like your argument would be more persuasive if I knew what you meant by 'UL'...two-letter acronyms have a hell of a lot of meanings...

            http://en.wikipedia.org/wiki/UL_(safety_organization) [wikipedia.org]

          • by lgw (121541)

            If you're in the US (or have products also sold in the US), look on the back of, well, anything with a plug and you'll see the "UL" logo. It stands for Underwriters Laboratories and they do safety testing (mostly fire safety, and not just electronics). It's an great example of a non-governmental safely solution that actually works.

            I've been involved in making products that need to be UL tested, and they're great to work with for such a big organization. They're test quickly, and tell you exactly what fai

  • You mean it might stop offering to install Flash for me?

    That would be nice.

  • On MacOS there's a setting, "Allow Apps Downloaded from", under the security and privacy section of the control panel that controls this behavior. If I have that set to download from anywhere, it should download from anywhere.

  • by slashmydots (2189826) on Thursday October 31, 2013 @02:55PM (#45293149)
    Chrome usage has been falling by approx 0.25% market share per month for the last year or so. It's like they're just trying to accelerate it now. Plus, I'm 99% sure this is an exact clone of a feature included with IE7. The IE10 version is even more popular with it's 5 or so clicks to finally get to the "I don't give a fuck if you haven't heard of this download, it's from fucking Sourceforge, don't delete it and let me run the damn thing. Yes I know it's a fucking MSI file" button. REAL popular feature.
  • Stupidity is here to stay choice is not.

  • If this feature is implemented as a cloud service, i.e. each URL will be checked by Google before the browser is executing it then say good-bye privacy. It would be the last thing that you would like to have: a browser that spies on you.

    If this feature is implemented with a signature file that is updated from time to time, then it is the same snake-oil as each anti-virus and is probably not harmful. It might even be useful for those people who also have use for anti-virus software.

  • Chrome asks me EVERY... SINGLE... FUCKING... TIME "This type of file can harm your computer. Do you want to keep anyway?"

    seems like this is a common and unnecessary annoyance for non-Windows people.

    this will remove the down warning for all file types.

    1) open preference file
    -- OS X: /Users/yourusername/Library/Preferences/com.google.Chrome.plist
    -- Linux: ~/.config/chromium/Default/Preferences
    -- Windows: GFY, you need this warning.

    2) replace the "download" section with this


    "download": {
    "directory_upgrade": true,
    "prompt_for_download": false
    },

  • Yeah, Sure, Blocking malicious downloads has the potential for bad, but it also has the potential for good. You get hit with Cryptolocker and not have any good backups then tell me how much you hate a feature like this. I have already seen it too many times, companies that loose data because of that virus and the sysadmins that are too proud to pay the ransom. Or even worse, the employees who get hit with it then doesn't say anything until after the timer runs out. People might hate on features like this,
    • by PPH (736903)

      Do they have a version available for Linux yet?

  • Malicious, but malicious to WHOM? If they ever start blocking useful tools which "could" be used to break laws or otherwise do harm, that will be the end of Chrome.
  • The really cool part is it blocks poisonous viral meme downloads, too, so you only see a black screen when you go to Huffington Post*.

    *Substitute Drudge Report for humor effect if you are already infected with the Huffington meme defense mechanism.

  • Depends on perspective.

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...