Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Expands Safe Browsing To Block Unwanted Downloads

Posted by timothy on from the now-you-can-turn-off-adblock dept.

An anonymous reader writes "Google today announced it is expanding its Safe Browsing service to protect users against malware that makes unexpected changes to your computer. Google says it will show a warning in Chrome whenever an attempt is made to trick you into downloading and installing such software. In the case of malware, PUA stands for Potentially Unwanted Application, which is also sometimes called Potentially Unwanted Program or PUP. In short, the broad terms encompass any downloads that the user does not want, typically because they display popups, show ads, install toolbars in the default browser, change the homepage or the search engine, run several processes in the background that slow down the PC, and so on."

69 of 106 comments (clear)

  1. Good idea. by gurps_npc · · Score: 1

    Not that hard to maintain a database of crapware and require people to double check before they activate it?

    --
    excitingthingstodo.blogspot.com
    1. Re:Good idea. by ShaunC · · Score: 2

      As with many things, the theory is fine, we're going to have to wait and see how it's executed. I've grown wary of lists like this because invariably you wind up with false positives, or with benign items being added to the list intentionally.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    2. Re:Good idea. by Anonymous Coward · · Score: 5, Insightful

      The real test is if they block stuff that installs Google Toolbar. If they don't then this is all just bullshit.

  2. Good. by mythosaz · · Score: 1

    Even smart people (in other arenas) don't get it.

    It's that many more days between fixes to someone's computer after you install Chrome -- if Chrome is still your browser of choice.

    1. Re:Good. by Skuto · · Score: 1

      Internet Explorer has offered this for far longer than Chrome and it's actually quite effective when you don't click away the warnings. Note that Firefox and Safari also use the same SafeBrowsing service as Chrome does, though they have to wait for the protocol documentation to be updated before offering features like this one.

  3. That would include Java then... by Anonymous Coward · · Score: 2, Funny

    ...and many open source program installers trying to get you to install toolbars, etc. Should be interesting.

    1. Re:That would include Java then... by mythosaz · · Score: 2

      Java's sideloading of other crap causes anger to the power of a thousand suns.

      It'd be less bothersome if every JRE update didn't suck so much to begin with.

    2. Re:That would include Java then... by lgw · · Score: 1

      Yep - both MS and Google have both said they'll being doing this, but I don't believe them or anyone else till they block download of the Java installer.

      It's easy to block stuff that's matches the "malware pattern" described in the TFA, but it's the potential lawsuits by malware distributers (claiming to be legit, of course) that have prevented us from the right answer so far. Both MS and Google have the money to stand up to any such attack, and to take on Oracle over Java if it comes to that - but do they have the balls?

      Time will tell.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    3. Re:That would include Java then... by Anonymous Coward · · Score: 5, Informative

      Find the Java Control Panel, go to advanced options, and near the bottom in miscellaneous, you can tell java not to bug you with crap ware when it updates.

    4. Re:That would include Java then... by Anonymous Coward · · Score: 1

      Like Sourceforge installers.

    5. Re:That would include Java then... by _xeno_ · · Score: 1

      A lot of companies do. I have to have Java installed on my work computers - and not just because we end up writing a lot of Java code ourselves. The backup software IT uses requires 32-bit Java. (Not 64-bit, it will crash if you use 64-bit Java. Up until recently it would also crash if you used anything after Java 1.6, but since that's no longer supported, they finally fixed that.)

      There are also a few internal sites that require Java applets, so that's fun to deal with too.

      --
      You are in a maze of twisty little relative jumps, all alike.
    6. Re:That would include Java then... by slashmydots · · Score: 1

      I doubt coinstallers are what they block considering the side stuff is downloaded as a separate MSI on the fly while the original installer is running. It sounds like they'll block "flash player pro" and ilivid and others that hide behind fake download button ads THAT THEY THEMSELVES HOST WITH FUCKING ADSENSE!

    7. Re:That would include Java then... by Jason+Levine · · Score: 1

      The number of programs that try to get you to install toolbars is frustratingly large. When I bought my new computer, I installed a bunch of programs that I regularly use. One of my usual programs, as I installed it, suddenly started asking me to install toolbar after toolbar. Only it didn't say "Do you want to install X." It told me X was going to be installed as the next step and I had to go into Advanced Options and uncheck multiple checkboxes to prevent X from being installed. Repeat for Y, Z, Q, etc. I must have slipped up and clicked Next too quickly on one because one or two of the malware programs got on my system. They then tried to bug me to install their buddies. It took me a bit to clean those off my nice, new computer. All it takes is one sneaky program (or one program you previously trusted going to the dark side) and one moment of not paying attention to get infected.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    8. Re:That would include Java then... by dixonpete · · Score: 2, Insightful

      U gotta love Linux's repository model for this. Less choice but a lot more stability/honesty.

    9. Re:That would include Java then... by Jason+Levine · · Score: 1

      On the Windows side, there is one download site that I almost always get my programs from. If the program includes toolbars or the like, they will warn you about it so you can opt-out during the install process. They will completely weed out any programs that are infected. (The previously-trusted program that had a bunch that slipped through had been downloaded directly from the program creator's website, however.) It's not a fool-proof solution, of course, but it helps.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    10. Re:That would include Java then... by mythosaz · · Score: 3, Informative

      On Windows, from an enterprise perspective, that's not the way to do it.

      Java has moved to a set of files that go in %systemroot%\sun\java\deployment that now manages those settings.

      ...except they don't always work, and load in a race with the start of Java, causing options to be ignored half the time.

    11. Re:That would include Java then... by Somebody+Is+Using+My · · Score: 1

      On the Windows side, there is one download site that I almost always get my programs from

      Since I'm sure others are looking for a trustworthy archive of that sort (I know I am), care to name the one you use?

    12. Re:That would include Java then... by UnknownSoldier · · Score: 2

      Considering Minecraft has sold over 54 million copies, a few million which are on PC and OSX, yeah, people STILL use Java.

    13. Re:That would include Java then... by cbhacking · · Score: 1

      Name and shame, dude. What the hell piece of software *WAS* that?

      --
      There's no place I could be, since I've found Serenity...
    14. Re:That would include Java then... by Jason+Levine · · Score: 2

      The one I use is http://www.SnapFiles.com/.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  4. Will Google have the balls to block Oracle? by bmk67 · · Score: 1

    Due to the crapware that the JRE wants to install - will Google block Oracle? Let's hope so.

    1. Re:Will Google have the balls to block Oracle? by Anonymous Coward · · Score: 3, Insightful

      The important question is whether they'll have the balls to block Google Toolbar.

    2. Re:Will Google have the balls to block Oracle? by synapse7 · · Score: 1

      But will save me from the java install trying to trick me into downloading chrome?

    3. Re:Will Google have the balls to block Oracle? by johanw · · Score: 1

      Even better: will they build something that does download Java and then blocks the Ask.com shit? I want to see the reaction of Oracle on that.

    4. Re:Will Google have the balls to block Oracle? by tlhIngan · · Score: 1

      The important question is whether they'll have the balls to block Google Toolbar.

      Last time Java wanted me to update, it asked if I wanted to install Google Chrome!

      Hrm...

    5. Re:Will Google have the balls to block Oracle? by deviated_prevert · · Score: 1

      No, dumbass, you can't use the google toolbar with google chorme. Its redundant.

      Too bad you called the OP a dork, for obvious reasons. If I had mod points I would have given your post a boost. Obviously the same goes for the bing things and all the other crapware from AOL and the like. Google is running into the same image problem that Microsoft did with activeX. Damned if you do, loose user eyeballs if you don't. Java that is another whole kettle of muck. Here is hoping that html5 does not turn out to be as insidious with add on off browser capable apps that just highjack the engine and fool the user into thinking the add on is a real computer program that they absolutely must have.

      The mind of the user is the first target of add on malware, the second target is usually their wallet.

      --
      This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
  5. Google Toolbar? by Anonymous Coward · · Score: 1, Interesting

    So will it flag apps that come with the Google Toolbar bundled?

  6. You just can't make this stuff up by Obfuscant · · Score: 4, Interesting

    Google says it will show a warning in Chrome whenever an attempt is made to trick you into downloading and installing such software.

    That's ... hilarious? I've always considered Chrome to be PUP or PUA considering how it always seemed to be downloaded with something else. I've had to remove Chrome from so many systems where someone has updated some other program and Chrome came along for the ride, sometimes even when I've installed other things and didn't pay extremely close attention. Now Chrome is going to rat out other programs that do the same thing!

    1. Re:You just can't make this stuff up by Gordo_1 · · Score: 4, Insightful

      Well, as any successful malware author knows, you must pull up the ladder behind you once you're on board.

    2. Re:You just can't make this stuff up by AmiMoJo · · Score: 1

      Can you name an app that bundles Chrome? I've never seen it installed via some other app.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:You just can't make this stuff up by Obfuscant · · Score: 1

      Can you name an app that bundles Chrome?

      No, it has been long enough ago that I don't remember which did.

      I know they did because that was the only way it ever made its way onto one of my systems.

    4. Re:You just can't make this stuff up by rsmith-mac · · Score: 2

      Adobe Flash Player as recently as yesterday.

    5. Re:You just can't make this stuff up by AmiMoJo · · Score: 1

      It seems to bundle McAfee, not Chrome. What version are you looking at?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:You just can't make this stuff up by Elbart · · Score: 2

      It's bundling McAfee when you download the Flash player with Firefox, but it's bundling Chrome when you download it in IE. :)

    7. Re:You just can't make this stuff up by Elbart · · Score: 1

      Cyberlink PowerDVD, iirc.

    8. Re:You just can't make this stuff up by rsmith-mac · · Score: 1

      Correct. It wants to bundle Chrome and the Chrome Toolbar for IE when you're visiting the Flash installer page on IE.

  7. Block all file downloaders by BenJeremy · · Score: 4, Insightful

    I'm looking at you, CNET... you used to be cool.

    Pretty much any site requiring a "file downloader" is simply evil and should be expunged by or at least blacklisted by browsers. That would help fight 80% of the delivery of malware that I've seen infecting friend's and family's computers.

  8. God I love the fact by Rinikusu · · Score: 1

    That they're using PUA. Now maybe the "pick up artists" can finally see themselves as what they truly are. Potentially Unwanted Applications (Programs).

    --
    If you were me, you'd be good lookin'. - six string samurai
    1. Re:God I love the fact by KamikazeSquid · · Score: 1

      That really is too perfect.

  9. Everything? by Hamsterdan · · Score: 1

    Any software that opt-ins to install Chrome, set the page to Google, and install the Googlebar too?

    Kinda hypocrit since they're trying to sneak their software in downloads themselves

    --
    I've got better things to do tonight than die.
  10. Block downloads with Chrome bundled by johanw · · Score: 3, Informative

    Would they also block downloads with Chrome bundled? That spyware is definitely unwanted on my system.

  11. Potentially... by nine-times · · Score: 2

    I know it's started becoming a common terminology, but I don't really like the terms "Potentially Unwanted Program" and "Potentially Unwanted Application". Any program/application is *potentially* unwanted. Whenever someone starts talking about PUP/PUA, I can never figure out where they're drawing the line.

    1. Re:Potentially... by Obfuscant · · Score: 1

      Any program/application is *potentially* unwanted.

      If you've clicked on a link that says "install program X", then program X is no longer potentially unwanted. That's the line. Potentially unwanted applies to the programs Y and Z that are bundled in with program X and install without you asking for them. You may want Y and Z or you may not, thus they are potentially unwanted.

    2. Re:Potentially... by nine-times · · Score: 1

      If you've clicked on a link that says "install program X", then program X is no longer potentially unwanted.

      I think you mean something like "unwittingly installed program" then. You could knowingly install an application and still retain the potential for not-wanting it.

    3. Re:Potentially... by Obfuscant · · Score: 1

      I think you mean something like "unwittingly installed program" then.

      No, I think I meant what I said. While Y and Z may also be "unwittingly installed", they are potentially unwanted because there is a good possibility that they were not wanted in the first place. Until the user is asked explicitly, you don't know if he wants them or not, so the potential exists.

      You could knowingly install an application and still retain the potential for not-wanting it.

      The act of knowingly installing it contradicts that. If you don't want it, don't make the choice to install it. Now, it may be that they are wanted just to be evaluated and then they are no longer wanted, or they are wanted because someone who has control over the person who installs them wants them, but the want at the time of the install is still in evidence.

    4. Re:Potentially... by Anomalyst · · Score: 1

      Purulent Unwanted Shiat [PUS] almost recursive. complete with an accurate visual image of the object oozing and malodorous.

      --
      There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
    5. Re:Potentially... by nine-times · · Score: 1

      The act of knowingly installing it contradicts that. If you don't want it, don't make the choice to install it.

      See there, you're talking about *actually* unwanted programs. If a program is potentially unwanted, then it's not currently unwanted. It just might become unwanted in the future.

    6. Re:Potentially... by AmiMoJo · · Score: 1

      Crapware. Is "crap" an offensive word? It's from "Thomas Crapper", inventor of the ballcock and the man who popularized the flush toilet.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Potentially... by nine-times · · Score: 1

      He gave us both the word "crap" and "ballcock"? What a guy.

  12. He got no legal threat from me by Anonymous Coward · · Score: 1

    CA falsely accused me of a ware being malware & removed the threat level (reduced to zero threat in the end) on my passing all 21 of their then questions for removal (This was upon the advice of an attorney John Lowe of Hiscock & Barclay in a conversation with him regarding it on the telephone that I take their test for removal).

    So, I did so, & I passed the 21 questions, & the "alleged threat" was downrated, BUT, should have been removed totally: It wasn't.

    Same happened on my APK Hosts File Engine in 2012 (delaying its release by many months even though it was ready back as far as late 2003, & I held off out of respect for webmasters profiting by ads. However, when the "malware explosion" 2004 onwards took off & ADBANNERS were infected MANY TIMES (shown here in some examples only recently -> http://it.slashdot.org/comment... in its last few posts as concrete, verifiable & undeniable fact, out the door she went in 2012).

    MalwareBytes' hpHosts and others in the security community helped me disprove the false positives (which WERE RESCINDED by these big names in the antivirus industry when it passed MOST of the online tests @ JOTTI & VirusTotal) in McAfee/Intel, Norton/Symantec, ClamAV, Comodo, & ArcaVir (iirc on the exact ones that removed their false positive) AND on the EXACT grounds I noted they were WRONG, blatantly, on... mind you.

    I.E.-> They didn't "get" an exe compression method I used in the 64 bit model, but left the 32 bit model alone (the exact SAME codebase in 99.999% except for noting if 32-bit vs. 64-bit in resources strings only, thus same code)...

    APK

    P.S.=> Even "big names" make mistakes & it appears "little wannabes" like who you mention DID TOO along with CA whose reputation IS questionable:

    http://www.bing.com/search?q=c...

    (Proof's in the pudding on CA accounting scandals the SEC got onto them for + they WERE found guilty - too bad the pudding's all over his face for it now)... apk

  13. I trust... by Ronin+Developer · · Score: 1

    That Bing and MSN are on that list? Darned things took over Chrome on my Mac. Not quite sure how it happened. However, Chrome is now slow as heck.

    Sad state of affairs when I am finding I am using Safari just to avoid it.

    1. Re:I trust... by brainnolo · · Score: 1

      Try Yandex.Browser. It's based on Chromium, comes with an ad blocker and is snappier than Safari. I switched to that from Safari and never looked back. In settings you can set Google as default search engine if you do not like Yandex search (I don't).

  14. even better to blackhole those sites. by swschrad · · Score: 1

    or maybe use those sites to DOS themselves

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  15. how many warmings? by AndyKron · · Score: 1

    So this will be in addition to the anti virus warnings, and the multiple Microsoft warnings?

    1. Re:how many warmings? by Anonymous Coward · · Score: 1

      Yes, of course. You have been trained to ignore all that noise.

  16. It's broken by Guspaz · · Score: 2

    It's currently blocking all downloads of software from dropbox. Which is super annoying. I kickstarted a game for the Oculus Rift, and the developer was trying to distribute the demo to his backers via dropbox, and Chrome is blocking it.

    1. Re:It's broken by puz · · Score: 1

      I feel your pain.

      The aggressive policy of blocking executable files is hurting my shareware business.

      I've come across quite a number of software company web sites that contain a page telling their customer their software is not Malware even though Chrome says it is. e.g., http://portforward.com/virus_h...

      Also, they usually have a screen capture that shows you need to ignore the message "This file will harm your computer" and click the scary button that says "Hurt me plenty". e.g., https://www.outsystems.com/for...

      As for me, I have an identical program hosted on two sites (It is a free version of a maze program I sell).

      (1) http://www.puz.com/sw/amorphou...
      (2) http://www.puz.biz/sw/amorphou...

      Interestingly, Chrome blocks (2) but not (1). This tells me that Chrome is probably making a decision based on the "popularity" of
      the web site where the file is coming from. I.e., (2) is brand new, whereas (1) has been up for many years.

      --
      Download Mazes and Puzzles from www.puz.com
  17. Adobe Flash by FlynnMP3 · · Score: 1

    It's installer wants to include McAffee every once in a while. Can it block that crap too?

  18. Oracle Java by the+eric+conspiracy · · Score: 1

    I hope they block Java and it's updates. It's ridiculous that this should include search hijacking by default.

  19. The title is a lie by Vlijmen+Fileer · · Score: 1

    Apparently, it is not Google (as in the search engine, or the company) that will block things. It is their shady browser, Chrome, that will block things.
    So people not using Chrome (quite some, I'd say) are not helped by this endeavour.

    1. Re:The title is a lie by Skuto · · Score: 1

      As the article points out, the service is used by Firefox (with a number of privacy improvements) and Safari as well.

  20. Re:I'm confused by penguinoid · · Score: 1

    Don't clueless people WANT the functionality that these PUA install?

    Not anymore -- now lots of installers come with "Yes, I want to install random malware" checkbox pre-checked. Used to be you could just mash the "next" button when installing, now if you do that your computer will get p0wned.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  21. Razer Comms by Chrontius · · Score: 1

    Google's blocking me from downloading Razer's in-game VoIP software.

    Trivially worked around, but concerning.

  22. So which is safer ? by MouseTheLuckyDog · · Score: 1

    Firefox running NoScript or Chrome not running NoScript ( since last I heard it wasn't available for Chrome )?

  23. Every Javascript snippet is a PUP by Anonymous Coward · · Score: 1

    To me, every Javascript snippet, especially those from Google (however Urchin.js is called these days) *is* a PUP.

    That's why I'm so pissed off at Mozilla for taking away the "disable Javascript" button from their UI. This has significantly reduced my trust on browser vendors (including Mozilla, the ones I formerly trusted most).

    Not my allies, but the advertising industries' allies.

  24. Better acronyms by bombman · · Score: 1

    I wish they would call it Potential Unwanted and Harmful Application (PUHA) which is the danish word for 'poo'.

  25. Windows 8 by vawarayer · · Score: 1

    run several processes in the background that slow down the PC, and so on

    So Windows 8 is on the list?

    1. Re:Windows 8 by vawarayer · · Score: 1

      Potentially Unwanted Nag intented.

  26. Pups by Starport · · Score: 1

    They can start with all the crap that tries to install Bing,Ask and a good few others that takes over the browser and makes it unusable, and sometimes being an absolute PITA to get rid of... Google toolbar is actually not that bad and I have yet to see it snuck in the backdoor like the rest of them. At least, Google toolbar actually offers a few useful features such as the page translation.