Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Is Scanning Files on Your Computer, and People Are Freaking Out (vice.com)

Posted by msmash on from the privacy-woes dept.

Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there's no reason to freak out about it. From a report: Last year, Google announced some upgrades to Chrome, by far the world's most used browser -- and the one security pros often recommend. The company promised to make internet surfing on Windows computers even "cleaner" and "safer" adding what The Verge called "basic antivirus features." What Google did was improve something called Chrome Cleanup Tool for Windows users, using software from cybersecurity and antivirus company ESET.

[...] Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. "In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation -- even just to preemptively ease speculation," Shortridge told me in an online chat. "Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of 'user-friendly software' that informs the policy for Chrome Cleanup [Tool]." Her tweet got a lot of attention and caused other people in the infosec community -- as well as average users such as me -- to scratch their heads.

11 of 213 comments (clear)

  1. Performance by Translation+Error · · Score: 5, Interesting

    And what kind of performance hit do I suffer when this happy surprise software runs on my older computer? Do I get to choose when it runs?

    --
    When someone says, "Any fool can see ..." they're usually exactly right.
    1. Re: Performance by Rockoon · · Score: 3, Interesting

      So Chrome is virus scanning without permission. Where does it upload files when it finds something interesting? What else is it doing?

      Several years ago I ran into Windows 7 or one of Microsofts security products (defender, security essentials) wanting to upload files so that they can be "examined" or whatever. The files it marked were all copyrighted products and it would be copyright infringement to upload them to Microsoft.

      So now Google may also be in on this click-ok-to-become-a-criminal game? Good idea Google. Sooner or later the wrong file is going to get uploaded and you folks are going to be in a huge world of government hurt because it was the governments data you stole.

      --
      "His name was James Damore."
    2. Re:Performance by reboot246 · · Score: 5, Interesting

      A better question is, have they actually found any viruses? And, if they have found any, have they let the user know about it or have they just quietly deleted it?

      An anti-virus that has been running for a year on millions of computers surely has found something by now. If not, then why run it at all?

      Any answers, Google?

    3. Re:Performance by Anonymous Coward · · Score: 2, Interesting

      No, the better question is - why does Google sneakily try to ship an embedded OS under the guise of a web browser? This is the worst kind of feature creep/bloatware/Trojan horse in the software industry today and Google is not sufficiently being called to task on it. Why the fuck does my OS need an app that installs it's own antivirus, print servers, updaters, networking stack and all the other shit they've tried to jam in there over the past few years?

  2. Freaking out? by 110010001000 · · Score: 5, Interesting

    Why are people freaking out? You let Google run whatever software they want on your computer. They might be reading all your files and sending them to their servers. How would you know? If you care, why would you run Chrome? What a mess this industry is in now. People should have listened to Stallman. Instead we have "open source" Chrome and Android.

    1. Re:Freaking out? by Waccoon · · Score: 3, Interesting

      When Chrome first came out, I gave it a try. This was also the time SSDs were becoming popular, so I had a tool running to monitor how much data was being read/written to the SSD, so I could gauge the amount of "wear" on the drive.

      I found out very quickly that every time Chrome did a cold start (after a PC reboot) that it would read 20GB and write ~4GB of data on startup. That was the first and last time I used Chrome.

      Thank you for putting "open source" in double quotes. I wish more people were aware that Chrome is a closed source build of the open source Chromium project (and trying to get Chromium to work is a PITA, to say nothing about Google intentionally moving the download location all the time).

  3. Chromium, too? by koavf · · Score: 4, Interesting

    Does anyone know if current builds of Chromium do this?

  4. not trusting google by arbiter1 · · Score: 4, Interesting

    I use Eset and purchase their antivirus software on a reg basis and i trust them but i don't for life of me Trust that google is only "scanning for virus's". Given how recent revelation I heard how good pretty much will track gps of where you been and save it for years. Also if sites you visit even when using incognito mode, only thing this tells me its harvesting more info on end users. this video kinda tells you exacty what they collect about you on a reg basis and its kinda scary: https://youtu.be/Ke1gViMc2dY?t...

  5. Re:Yeah, right. by CanHasDIY · · Score: 4, Interesting

    You know they are remotely storing metadata about what it scans.

    This; pretty sure Google made the same assurances when they first started scanning everything in your Gmail account... wasn't long before "we're just checking for viruses" turned in to "all your data is belong to us."

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  6. Sandbox model by Tablizer · · Score: 4, Interesting

    It should be up to the user to decide what a given application has access to outside of standard binaries and user-app-data folder sets. If one wants an app to have access to stuff outside of those, then it should be an OS-level setting, not something the app decides, similar to a fire-wall.

    If the app wants to show a tutorial to users for how to config their "folder fire-wall" to allow an app to outside of the sandbox, that's fine, but it should be outside of the app's control still.

    --
    Table-ized A.I.
  7. I would only run ... by Anonymous Coward · · Score: 4, Interesting

    I would only run Chrome browser in a virtual machine to test websites I develop. Otherwise, I simply do not use it. IMHO, it likely spyware with a browsing feature. I confounds me is that most people use it as their main browser, as if the Google spy-widgets in half the sites out there aren't enough for them.

    While Windows is of late too snoopy by default (if you switch to Basic it collects mostly hardware spec stuff which it's been doing since it offered updating back in the 1990s or XP), it would be very reasonable to assume Google and Facebook has far far (far far far) more on folks than Windows and Microsoft ever will.

    Moreover, if one chooses and configures carefully, one can shut off the excessive telemetry stuff (yes you can) and still use from the Windows 10 family of operating systems relatively privately at least at the computer and operating system side.

    I have many of Google's snoopy URLs deadsunk in a hosts file, and FB completely deadsunk except on one computer. They are in the business of snooping in a way Apple and Microsoft are not. So be wary of Google and Facebook. They are trying to be everywhere online watching what you do.

    But to use Chrome !? As your browser !? Are you a dupe !? You've got to be kidding!