Google Chrome Gets Malware Download Alert

Google has started experimenting with a small but interesting upgrade to Chrome designed to make it harder for users to download malware without realizing they are doing so.

In common with Mozilla Firefox, Chrome's current defense against criminal websites is the Safe browsing API, which checks a URL against a list of blacklist of known bad sites. This warns users not to visit a specific website, but offers no protection against files downloads that can be initiated by such sites.

It's also possible to imagine a compromised but legitimate site calling a download from a site that appears on the blacklist, a technique common with fake antivirus software. Currently, browsers allow such things to happen without displaying a warning.

The new tweak is to warn users when they are downloading a file associated with a blacklisted site. The feature has been available to Chrome's development release channel subscribers for some time, but the company now wants to roll it out to all users.

On encountering a bad download the use will encounter the message; "This file appears to be malicious. Are you sure you want to continue?" with an option to 'discard' or 'save' the file. Chrome has no way of assessing the contents of the file simply that it is associated with a known bad site.

Chrome already has an extensive array of security features including a sandbox that isolates browser processes from data on the system and an integrated reader for Adobe PDFs that bypasses the latter's own frequently-attacked software

As worthy as Google's Chrome security upgrades seem, an odd dichotomy has grown up in the company's technology between browsers and Internet search. Google and other search providers are often rightly criticized for leading users to bogus and manipulated links which then have to be defended against using browser security.

Search security has improved a lot in recent years but it is still far from perfect. Users commonly encounter malware after using search. Last summer, one security company even crowned Google the 'king of malware' for the length of time it took the company to filter out bad links.

Subscribe to the The Advisor Newsletter

Comments