Users of Google's Chrome browser will soon receive alerts telling them that files they're about to download may contain malicious software. The search giant and growing software pioneer announced on its Online Security Blog this week that a new feature, available first to developers, will work with its Safe Browsing Application Programming Interface, which enables client applications to check URLs against Google's blacklists of suspected phishing and malware pages. That list is regularly updated.
"It's easy to find sites hosting free downloads that promise one thing but actually behave quite differently," wrote Moheeb Abu Rajab of the Google Security Team on the blog. "These downloads may even perform actions without the user's consent, such as displaying spam ads, performing click fraud, or stealing other users' passwords. Such sites usually don't attempt to exploit vulnerabilities on the user's computer system. Instead, they use social engineering to entice users to download and run the malicious content."
Growing detection methods may be turning the tables on spammers and hackers. Madrid-based cloud-security company Panda last month reported a decrease in infected computers detected by its online ActiveScan, from 50 percent in January to 39 percent the following month. Trojan programs were the most common threat at 61 percent, with more common viruses at 11.59 percent, and worms at nine percent.
The highest rates of infection were in China, Ukraine, Thailand and Taiwan. The U.S. ranked in the middle of the scale, while Australia had the lowest rate.
Google's update will begin small, as an experiment for certain users who subscribe to the Chrome development release channel, with later inclusion planned for the next stable release of Google Chrome. "We hope that the feature will improve our users' online experience and help make the Internet a safer place," Rajab said.
Google has invested heavily in security for Chrome, paying out thousands of dollars for exploit tips from non-employees, and those efforts paid off last month when no participant in the PWN2OWN hacking contest attempted to exploit the browser.
"I think Google is taking the right approach," said Chester Wisniewski, a senior security adviser at Sophos Canada, a consulting firm. "They are sort of following in our footsteps by chasing after the 'known malware destinations,' as we call them in SophosLabs."
Wisniewski said that given the staggering volume of web sites being infected daily, it's nearly impossible to keep track of them, but the downloads themselves change less frequently, "making the payload an easier target."
While Chrome is not hackproof, Google is trying hard, he added. "They were the first to introduce HSTS support, they are a founding member in stopbadware.org, and they seem to understand the importance of trust on the web. There seems to be a race between Microsoft, Mozilla and Google in the security space, and I heartily welcome the competition to do right by their customers."
Posted: 2011-04-07 @ 3:01pm PT