'Canary' Chrome chirps when it smells malware
Google expands on work since 2011 to keep attack code off personal computers
Computerworld - Google on Thursday expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.
Chrome's current "Canary" build -- the label for very-early versions of the browser, earlier than even Chrome's Dev channel -- will post a warning at the bottom of the window when it detects an attempted download of malicious code.
Features added to the Canary build usually, although not always, eventually make it into the Dev channel -- the roughest-edged of the three distributed to users -- and from there into the Beta and Stable channels. Google did not spell out a timetable for the expanded malware blocking.
Chrome is now at version 30.
Canary's blocking, however, is more aggressive on two fronts: It is more assertive in its alerts and detects more malware forms, including threats that pose as legitimate software and monkey with the browser's settings.
"Content.exe is malicious, and Chrome has blocked it," the message in Canary reads. The sole visible option is to click the "Dismiss" button, which makes the warning vanish. The only additional option, and that only after another click, is to "Learn more," which leads to yet another warning.
In Canary, there is no way for the user to contradict the malware blocking.
That's different than in the current Stable build of Chrome, which relies on a message that says, "This file is malicious. Are you sure you want to continue?" and gives the user a choice between tossing the downloaded file or saving it anyway.
As it has for some time, Chrome will show such warnings on select file extensions, primarily ".exe," which in Windows denotes an executable file, and ".msi," an installation package for Windows applications. Canary's expansion, said Google, also warns when the user tries to download some less obvious threats, including payloads masquerading as legitimate software -- it cited screen savers and video plug-ins in a Thursday blog -- that hijack browser settings to silently change the home page or insert ads into websites to monetize the malware.
Browser hijacking is old-school malware -- it's been around for years and was one of the first ways attackers funded their work -- associated with rogue toolbars and "adware," a malware label that's fallen out of favor.
In the Thursday blog, Linus Upson, a Google vice president of engineering, claimed that browser hijacking remained one of the most popular complaints by Chrome users on its support forums. Previously, Google also added a "Reset browser settings" option in the browser's settings panel so users can restore Chrome to its original state after a hijack.
Google's malware blocking is part of its Safe Browsing API (application programming interface) and service, which Chrome, Apple's Safari and Mozilla's Firefox all access to warn customers of potentially dangerous websites before they reach them.
In Chrome's case, the malware warning stems not only from the Safe Browsing "blacklist" of dodgy websites, but according to NSS Labs, a security software testing company, also from the Content Agnostic Malware Protection (CAMP) technology that Google has baked into its implementation of Safe Browsing.
CAMP is a reputational technology, similar to Microsoft's SmartScreen Application Reputation (App Rep), which was first added to Internet Explorer in version 9 (IE9) in March 2011. Both CAMP and App Rep use a combination of whitelists, blacklists and algorithms to create a ranking of the probability that a download is legitimate software. Files that don't meet a set legitimacy bar trigger a warning.
Since Google started using CAMP, NSS Labs said in a report issued last week (download PDF), Chrome's ability to spot and block malware has increased dramatically: From a 70% blocking rate in 2012 to 83% in 2013.
Users can try out the Canary build of Chrome by downloading it from Google's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Malware and Vulnerabilities White Papers |