Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Is Scanning Files on Your Computer, and People Are Freaking Out (vice.com)

Posted by msmash on from the privacy-woes dept.

Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there's no reason to freak out about it. From a report: Last year, Google announced some upgrades to Chrome, by far the world's most used browser -- and the one security pros often recommend. The company promised to make internet surfing on Windows computers even "cleaner" and "safer" adding what The Verge called "basic antivirus features." What Google did was improve something called Chrome Cleanup Tool for Windows users, using software from cybersecurity and antivirus company ESET.

[...] Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. "In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation -- even just to preemptively ease speculation," Shortridge told me in an online chat. "Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of 'user-friendly software' that informs the policy for Chrome Cleanup [Tool]." Her tweet got a lot of attention and caused other people in the infosec community -- as well as average users such as me -- to scratch their heads.

11 of 213 comments (clear)

  1. Inappropriate -- Why be secretive about it? by b0s0z0ku · · Score: 5, Insightful

    If there's nothing to hide and this is only scanning for viruses, why not notify users and GIVE THEM AN OPTION? Even if it's "only" an anti-virus, having one AV running on top of another tends to slow older hardware down.

    1. Re:Inappropriate -- Why be secretive about it? by dbialac · · Score: 5, Insightful

      But they disclosed they were sending all your files to them on paragraph 30328 sentence 204.

    2. Re: Inappropriate -- Why be secretive about it? by Anonymous Coward · · Score: 5, Insightful

      Nothing "cool and edgy" about it. As an IT security guy, I can tell you that Chrome is a privacy nightmare. Google is a very big danger, but people don't care because they're getting something for free, privacy be damned. Google, Facebook, virtually anything free leaves *you* as the product, not an actual customer. Again, nothing cool and edgy about taking the safer path. The path of Google, Facebook et al. is the path of the lemmings. Firefox is no longer the darling of the tech world, but it doesn't need to be. It's still the most customisable browser out there.

      Want a real eye-opening experience? Install a Raspberry Pi and a Pi-hole and watch the real-time DNS traffic as it exits your network. You would be gobsmacked by what is phoning home. Even your router is "phoning home" to entities besides the router OEM. This insight allows you to block via the Pi-hole, router, or both. Using a Pi-hole also cuts down on used bandwidth, because it blocks content at the DNS level, which means it doesn't even get called. Highly recommended.

  2. Performance by Translation+Error · · Score: 5, Interesting

    And what kind of performance hit do I suffer when this happy surprise software runs on my older computer? Do I get to choose when it runs?

    --
    When someone says, "Any fool can see ..." they're usually exactly right.
    1. Re:Performance by reboot246 · · Score: 5, Interesting

      A better question is, have they actually found any viruses? And, if they have found any, have they let the user know about it or have they just quietly deleted it?

      An anti-virus that has been running for a year on millions of computers surely has found something by now. If not, then why run it at all?

      Any answers, Google?

  3. Freaking out? by 110010001000 · · Score: 5, Interesting

    Why are people freaking out? You let Google run whatever software they want on your computer. They might be reading all your files and sending them to their servers. How would you know? If you care, why would you run Chrome? What a mess this industry is in now. People should have listened to Stallman. Instead we have "open source" Chrome and Android.

    1. Re:Freaking out? by Actually,+I+do+RTFA · · Score: 5, Insightful

      It's perfectly reasonable to expect a legal framework to restrain what software Google runs on you computer. Installing Chrome shouldn't automatically install (and run) Google's anti-malware. And it certainly shouldn't be built into the application in a hidden way.

      --
      Your ad here. Ask me how!
  4. How about I go to Google and scan their offices? by JoeyRox · · Score: 5, Funny

    They can hire me as a chef, but in between my cooking duties I'll rifle through everybody's office looking for dangerous things. No need to panic - I have only good intentions at heart. What, you didn't think a chef should also double as your security detail?

  5. State of things by Sperbels · · Score: 5, Insightful

    Your ISP is collecting your data. Your OS is collecting your data. Your search engine is collecting your data. Advertisers are collecting your data. Your browser is collecting your data. The NSA knows what I'm thinking before I do. So now everyone knows the size of my bank account, my shoes, and my dick. Hardly seems worth all the trouble. We've created this huge surveillance network ostensibly so they can market shit to me. Yet, I ignore 99% of the advertising that I see. And the network is predictably (also predictedly) leaky as fuck. Several of my unique passwords and all my identity information is probably floating around in dozens of nefarious databases. Are we better off?

  6. The setting is NOT persisted across restarts by nadass · · Score: 5, Informative

    In the settings page, chrome://settings/cleanup

    The option is "Report details to Google" and it defaults to being Checked. When I uncheck it, then eventually shut down the Chrome process (on Windows), then restart Chrome and verify its status, it remains as Checked.

    So, essentially, this option cannot be disabled except MAYBE momentarily. Is it a feature or a bug?

  7. VIRUS ALERT: Chrome has detected SHTSTORM64 by Anonymous Coward · · Score: 5, Insightful

    Let me ask a really stupid question.

    Imagine you were browsing the web minding your own business. Next thing you know all of the sudden your browser flips out opening windows warning you about viruses on your own computer would you believe it? For years we keep telling people not to fall for this shit.

    Now this... just the uncertainty / phishing leverage alone of browsers doing AV the mere fact this feature exists within a browser puts end users at massive unnecessary risk for no valid reason. Google could simply release a standalone virus scanner if they really gave a shit.

    Try Googling chrome and virus scanner.. The results speak to why doing this is a really really bad idea.

    My personal opinion every means by which data is exfiltrated requires some cloak of legitimacy. You can't just have shit rummage through everyone's computer for no reason. You'll be publically skewered and sued. There has to be a plausible enabling excuse hence the virus scanner nobody knows about. Oh look our scanner found something interesting ... there was no prompt asking the user whether they want their computer scanned in the first place so why does anyone think there would be a prompt before your data (or "metadata") starts getting uploaded to Google "for your own good" ?

    As you may have guessed I don't trust Google enough to run any of their software on my computer. Those who prefer Chrome should consider Chromium.