I read about a new feature Google will be offering in its Chrome Canary beta Web browser that will detect malware and prevent it from downloading. How will this feature work and what impact will it have on the other security products my enterprise employs?
Ask the expert
Do you have a security question for Michael Cobb? Submit it now via email! (All questions are anonymous.)
The easiest way for hackers and cybercriminals to infect computers and smartphones surfing the Internet is to trick users into downloading malicious code. User-initiated downloads, be they accidental or intentional, are the most common way that devices and networks become infected. In these scenarios, malicious code typically hides inside a file disguised as a harmless application, such as a game or even a security update. Assuming these files to be innocuous, unwary users download them, giving hackers a foothold in their device. An increasingly common objective of these attacks is to take control of the settings of the user's Web browser. Known as "browser hijacking," cybercriminals silently alter their victims' browser settings so default home and search pages are changed to ones controlled by the attacker. Hackers can also inject unwanted ads into the pages of visited websites.
To ensure the browser stays under the attacker's control, this type of malware blocks attempts to restore the browser's default settings or uninstall the program. To combat this and other types of attacks that aim to download files to user devices, Google is testing a new feature in its pre-released version of Chrome Canary that will trigger an alert to be displayed in the download tray at the bottom of the screen saying that Chrome has blocked a malicious file from being downloaded. Google hasn't released full details of the how this will work -- I assume it will block files already flagged by Google as malicious -- but it should complement other security controls Google recently added, such as the option to reset browser settings to a safe default state, and alerts for when a user is about to visit a site that Google has identified as dangerous.
Another measure Google has adopted to stop malicious downloads is not allowing Chrome extensions to install themselves silently -- that is, without the user's express permission. Silent installs were originally intended to allow users to opt into adding useful Chrome extensions as a part of the installation of another application. However, this has been widely abused as of late, so Google changed its policy. Now, if a program tries to silently install an extension, Chrome will check with the user first. The Chrome menu will be badged and users can click through to see a dialog containing an option to enable the extension or remove it from their computer. In addition, all extensions previously installed using external deployment options will be automatically disabled; Chrome will show a one-time prompt to re-enable any of the extensions.
Enterprises must check that Chrome Canary's new download-prevention feature doesn't cause any conflicts with existing antimalware software or perimeter defenses that are also trying to vet attempts to download files from the Web. For companies that write their own in-house applications, developers may need to adjust how these apps are installed. The best approach will be to have Windows users install Chrome extensions from within Chrome itself.
This was first published in February 2014