New Chrome Feature Scans Password-Protected Files For Malicious Content (thehackernews.com) 24
An anonymous reader quotes a report from The Hacker News: Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files. Each category comes with its own iconography, color, and text to distinguish them from one another and help users make an informed choice.
Google is also adding what's called automatic deep scans for users who have opted-in to the Enhanced Protection mode of Safe Browsing in Chrome so that they don't have to be prompted each time to send the files to Safe Browsing for deep scanning before opening them. In cases where such files are embedded within password-protected archives, users now have the option to "enter the file's password and send it along with the file to Safe Browsing so that the file can be opened and a deep scan may be performed." Google emphasized that the files and their associated passwords are deleted a short time after the scan and that the collected data is only used for improving download protections.
Google is also adding what's called automatic deep scans for users who have opted-in to the Enhanced Protection mode of Safe Browsing in Chrome so that they don't have to be prompted each time to send the files to Safe Browsing for deep scanning before opening them. In cases where such files are embedded within password-protected archives, users now have the option to "enter the file's password and send it along with the file to Safe Browsing so that the file can be opened and a deep scan may be performed." Google emphasized that the files and their associated passwords are deleted a short time after the scan and that the collected data is only used for improving download protections.
What is the purpose of this? (Score:3, Interesting)
If I need to enter a password to get the malicious content in a file, then it can't infect me without my actions being actively stupid.
With all that said, I sometimes send password-protected files with viruses for analysis. And whoever analyses these files has much better tools than Chrome at his disposal. Also, I don't want Google knowing what viruses I do encounter.
Re: (Score:2)
Anyone analysing viruses should have a web based uploader. Email is next to useless for malware submission, because most popular email platforms don't let you send executables at all, and increasingly not password protected archives either. And even if you do, between your server and theirs it might get rejected.
Re: What is the purpose of this? (Score:3)
That's why I have my own SMTP server, like in the good old times, and the AV guys I work with have one too.
Re: (Score:2)
Re: What is the purpose of this? (Score:2)
Exactly. Lots of blabber here by tech savvy people. They aren't looking to snag you. This is scattershot across millions looking for the gullible grampa or auntie who sees "you're computer is infected. Click here now!"
Re: (Score:2)
Will they be smart enough to use this feature?
Answer: Nope.
The smart ones will question why they need to enter the password in the first place and click off of it, enter the password into Windows' archive extraction dialog, get infected with ransomware.
The dumb ones will dutifully enter the password into Chrome every single time, read the dialog that nothing was found, Google gets more surveillance data to sell.
Either way the bad guys win.
Re: (Score:2)
Lots of people just blindly do things if the reward is big enough. Probably millions of people walked through installing an SSH server on thei
'Feature' or attack surface? (Score:1)
For my gold-plated daily dose of hatted alumina... How can one be sure this 'feature' won't be weaponized against the user it is purporting to protect?
Thank goodness for Ladybird browser.
razor-blade jockstraps for safety (Score:3, Interesting)
Re: (Score:2)
Yeah, no (Score:2)
"Google emphasized that the files and their associated passwords are deleted a short time after the scan and that the collected data is only used for improving download protections."
I'm sure that no employers would mind an employee willingly facilitating data exfiltration by uploading a protected file along with the password to unlock it to a third party just because that party says they'll delete both "a short time" later, pinky swear. I'll bet that regulatory bodies won't have a problem with that either.
Re: (Score:2)
The obvious question (Score:2)
What could possibly go wrong?
and train (Score:2)
Re: (Score:1)
A short time = 1 second? (Score:2)
Odd admission! (Score:2)
Trust (Score:2)
>"Google emphasized that the files and their associated passwords are deleted a short time after the scan and that the collected data is only used for improving download protections."
Um, riiiiiiiiight. I trust Google with that. Not. I can think of many cases where this could go wrong- intentionally or accidentally. And if you cared enough about security to jump through the extra hoops, you would likely already be familiar with good ways to treat suspect files and identifying the sender, first... in w
Re: (Score:2)
So I do see the need for additional typical-user protections
Just remember that the ultimate protection for the typical-user is a chauffeur. I.e. They don't touch anything and have someone else (Google would love to I'm sure) do all of their computing for them.
Note that this would be the same technology (Score:2)
oppressive regimes would like to use on their people. This is a highly dangerous technology and Google should not be allowed to set a precedence here.
If Google _really_ would want to do something against malware, they'd phase out Javascript (and Websocket) from external domains.