Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CAMP for Chrome catches 99% of malware, Google says

Antone Gonsalves | April 10, 2013
Content-agnostic malware protection designed to tackle weaknesses of using whitelisting, blacklisting to stop malicious browser downloads

Once all the information is gathered, it is sent to Google's servers, which analyze the information and decide whether the binary is benign, malicious or unknown. The ruling is passed on to the browser, which provides a notification to the user.

However, Lance James, chief scientist at application security vendor Vigilant, said that as an overall security system, CAMP falls short because it does not catch malware that exploits vulnerabilities within the browser.

Such malware often gets into a computer by email recipients being tricked into clicking on a malware-carrying attachment.

"[CAMP] may be able to see 99% of malware downloaded through the browser, but they won't see 99% of malware that is never seen by the browser," James said. "There's a big blind spot and that's a problem."

Google acknowledges that browser-exploiting malware is not the focus of the system. "CAMP is specifically designed to protect from user-initiated malware downloads, e.g. distributed by means of social engineering, that do not involve browser exploitation," researcher Moheeb Abu Rajab said.

While CAMP may have a 99% success rate today, once it became a feature in Chrome, cybercriminals would change techniques and tactics in order to avoid detection, James said. "Once this is out there, that 99% will not really matter anymore," James said. "It's a cat-and-mouse game."

Rajab's response to an email query did not address how CAMP would adapt to changes in cybercriminals' tactics.

Nevertheless, Google claimed in the research paper that CAMP outperformed major antivirus products, as well as Web services such as McAfee's Site Advisor and Symantec's Safeweb.

Google introduced in Chrome this year filtering for websites that contain malicious downloads. The malware-carrying sites are detected and downloads blocked through Google's Safe Browsing service.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.