Slashdot Mirror


Chrome Is Scanning Files on Your Computer, and People Are Freaking Out (vice.com)

Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there's no reason to freak out about it. From a report: Last year, Google announced some upgrades to Chrome, by far the world's most used browser -- and the one security pros often recommend. The company promised to make internet surfing on Windows computers even "cleaner" and "safer" adding what The Verge called "basic antivirus features." What Google did was improve something called Chrome Cleanup Tool for Windows users, using software from cybersecurity and antivirus company ESET.

[...] Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. "In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation -- even just to preemptively ease speculation," Shortridge told me in an online chat. "Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of 'user-friendly software' that informs the policy for Chrome Cleanup [Tool]." Her tweet got a lot of attention and caused other people in the infosec community -- as well as average users such as me -- to scratch their heads.

6 of 213 comments (clear)

  1. Inappropriate -- Why be secretive about it? by b0s0z0ku · · Score: 5, Insightful

    If there's nothing to hide and this is only scanning for viruses, why not notify users and GIVE THEM AN OPTION? Even if it's "only" an anti-virus, having one AV running on top of another tends to slow older hardware down.

    1. Re:Inappropriate -- Why be secretive about it? by dbialac · · Score: 5, Insightful

      But they disclosed they were sending all your files to them on paragraph 30328 sentence 204.

    2. Re: Inappropriate -- Why be secretive about it? by Anonymous Coward · · Score: 5, Insightful

      Nothing "cool and edgy" about it. As an IT security guy, I can tell you that Chrome is a privacy nightmare. Google is a very big danger, but people don't care because they're getting something for free, privacy be damned. Google, Facebook, virtually anything free leaves *you* as the product, not an actual customer. Again, nothing cool and edgy about taking the safer path. The path of Google, Facebook et al. is the path of the lemmings. Firefox is no longer the darling of the tech world, but it doesn't need to be. It's still the most customisable browser out there.

      Want a real eye-opening experience? Install a Raspberry Pi and a Pi-hole and watch the real-time DNS traffic as it exits your network. You would be gobsmacked by what is phoning home. Even your router is "phoning home" to entities besides the router OEM. This insight allows you to block via the Pi-hole, router, or both. Using a Pi-hole also cuts down on used bandwidth, because it blocks content at the DNS level, which means it doesn't even get called. Highly recommended.

  2. Re:Freaking out? by Actually,+I+do+RTFA · · Score: 5, Insightful

    It's perfectly reasonable to expect a legal framework to restrain what software Google runs on you computer. Installing Chrome shouldn't automatically install (and run) Google's anti-malware. And it certainly shouldn't be built into the application in a hidden way.

    --
    Your ad here. Ask me how!
  3. State of things by Sperbels · · Score: 5, Insightful

    Your ISP is collecting your data. Your OS is collecting your data. Your search engine is collecting your data. Advertisers are collecting your data. Your browser is collecting your data. The NSA knows what I'm thinking before I do. So now everyone knows the size of my bank account, my shoes, and my dick. Hardly seems worth all the trouble. We've created this huge surveillance network ostensibly so they can market shit to me. Yet, I ignore 99% of the advertising that I see. And the network is predictably (also predictedly) leaky as fuck. Several of my unique passwords and all my identity information is probably floating around in dozens of nefarious databases. Are we better off?

  4. VIRUS ALERT: Chrome has detected SHTSTORM64 by Anonymous Coward · · Score: 5, Insightful

    Let me ask a really stupid question.

    Imagine you were browsing the web minding your own business. Next thing you know all of the sudden your browser flips out opening windows warning you about viruses on your own computer would you believe it? For years we keep telling people not to fall for this shit.

    Now this... just the uncertainty / phishing leverage alone of browsers doing AV the mere fact this feature exists within a browser puts end users at massive unnecessary risk for no valid reason. Google could simply release a standalone virus scanner if they really gave a shit.

    Try Googling chrome and virus scanner.. The results speak to why doing this is a really really bad idea.

    My personal opinion every means by which data is exfiltrated requires some cloak of legitimacy. You can't just have shit rummage through everyone's computer for no reason. You'll be publically skewered and sued. There has to be a plausible enabling excuse hence the virus scanner nobody knows about. Oh look our scanner found something interesting ... there was no prompt asking the user whether they want their computer scanned in the first place so why does anyone think there would be a prompt before your data (or "metadata") starts getting uploaded to Google "for your own good" ?

    As you may have guessed I don't trust Google enough to run any of their software on my computer. Those who prefer Chrome should consider Chromium.