Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

'Canary' Chrome chirps when it smells malware

Gregg Keizer | Nov. 4, 2013
Google expands on work since 2011 to keep attack code off personal computers

Google on Thursday expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.

Chrome's current "Canary" build — the label for very-early versions of the browser, earlier than even Chrome's Dev channel — will post a warning at the bottom of the window when it detects an attempted download of malicious code.

Features added to the Canary build usually, although not always, eventually make it into the Dev channel — the roughest-edged of the three distributed to users — and from there into the Beta and Stable channels. Google did not spell out a timetable for the expanded malware blocking.

Chrome has included malware blocking for more than two years, since version 12 launched in June 2011, and the functionality was extended in February 2012 with Chrome 17.

Chrome is now at version 30.

Canary's blocking, however, is more aggressive on two fronts: It is more assertive in its alerts and detects more malware forms, including threats that pose as legitimate software and monkey with the browser's settings.

"Content.exe is malicious, and Chrome has blocked it," the message in Canary reads. The sole visible option is to click the "Dismiss" button, which makes the warning vanish. The only additional option, and that only after another click, is to "Learn more," which leads to yet another warning.

The Canary very-early build of Chrome displays this warning if it suspects a to-be-downloaded file is dangerous.

In Canary, there is no way for the user to contradict the malware blocking.

That's different than in the current Stable build of Chrome, which relies on a message that says, "This file is malicious. Are you sure you want to continue?" and gives the user a choice between tossing the downloaded file or saving it anyway.

As it has for some time, Chrome will show such warnings on select file extensions, primarily ".exe," which in Windows denotes an executable file, and ".msi," an installation package for Windows applications. Canary's expansion, said Google, also warns when the user tries to download some less obvious threats, including payloads masquerading as legitimate software — it cited screen savers and video plug-ins in a Thursday blog — that hijack browser settings to silently change the home page or insert ads into websites to monetize the malware.

Browser hijacking is old-school malware — it's been around for years and was one of the first ways attackers funded their work — associated with rogue toolbars and "adware," a malware label that's fallen out of favor.

In the Thursday blog, Linus Upson, a Google vice president of engineering, claimed that browser hijacking remained one of the most popular complaints by Chrome users on its support forums. Previously, Google also added a "Reset browser settings" option in the browser's settings panel so users can restore Chrome to its original state after a hijack.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.