Forgot your password?
typodupeerror
Google Privacy Security Software Spam

Google Expands Safe Browsing To Block Unwanted Downloads 106

Posted by timothy
from the now-you-can-turn-off-adblock dept.
An anonymous reader writes "Google today announced it is expanding its Safe Browsing service to protect users against malware that makes unexpected changes to your computer. Google says it will show a warning in Chrome whenever an attempt is made to trick you into downloading and installing such software. In the case of malware, PUA stands for Potentially Unwanted Application, which is also sometimes called Potentially Unwanted Program or PUP. In short, the broad terms encompass any downloads that the user does not want, typically because they display popups, show ads, install toolbars in the default browser, change the homepage or the search engine, run several processes in the background that slow down the PC, and so on."
This discussion has been archived. No new comments can be posted.

Google Expands Safe Browsing To Block Unwanted Downloads

Comments Filter:
  • Not that hard to maintain a database of crapware and require people to double check before they activate it?
  • Even smart people (in other arenas) don't get it.

    It's that many more days between fixes to someone's computer after you install Chrome -- if Chrome is still your browser of choice.

    • by Skuto (171945)

      Internet Explorer has offered this for far longer than Chrome and it's actually quite effective when you don't click away the warnings. Note that Firefox and Safari also use the same SafeBrowsing service as Chrome does, though they have to wait for the protocol documentation to be updated before offering features like this one.

  • by Anonymous Coward

    ...and many open source program installers trying to get you to install toolbars, etc. Should be interesting.

    • by mythosaz (572040)

      Java's sideloading of other crap causes anger to the power of a thousand suns.

      It'd be less bothersome if every JRE update didn't suck so much to begin with.

      • by Anonymous Coward on Thursday August 14, 2014 @02:41PM (#47672859)

        Find the Java Control Panel, go to advanced options, and near the bottom in miscellaneous, you can tell java not to bug you with crap ware when it updates.

    • by lgw (121541)

      Yep - both MS and Google have both said they'll being doing this, but I don't believe them or anyone else till they block download of the Java installer.

      It's easy to block stuff that's matches the "malware pattern" described in the TFA, but it's the potential lawsuits by malware distributers (claiming to be legit, of course) that have prevented us from the right answer so far. Both MS and Google have the money to stand up to any such attack, and to take on Oracle over Java if it comes to that - but do the

    • by Anonymous Coward

      Like Sourceforge installers.

    • I doubt coinstallers are what they block considering the side stuff is downloaded as a separate MSI on the fly while the original installer is running. It sounds like they'll block "flash player pro" and ilivid and others that hide behind fake download button ads THAT THEY THEMSELVES HOST WITH FUCKING ADSENSE!
    • The number of programs that try to get you to install toolbars is frustratingly large. When I bought my new computer, I installed a bunch of programs that I regularly use. One of my usual programs, as I installed it, suddenly started asking me to install toolbar after toolbar. Only it didn't say "Do you want to install X." It told me X was going to be installed as the next step and I had to go into Advanced Options and uncheck multiple checkboxes to prevent X from being installed. Repeat for Y, Z, Q, e

      • Re: (Score:2, Insightful)

        by dixonpete (1267776)
        U gotta love Linux's repository model for this. Less choice but a lot more stability/honesty.
        • On the Windows side, there is one download site that I almost always get my programs from. If the program includes toolbars or the like, they will warn you about it so you can opt-out during the install process. They will completely weed out any programs that are infected. (The previously-trusted program that had a bunch that slipped through had been downloaded directly from the program creator's website, however.) It's not a fool-proof solution, of course, but it helps.

      • by cbhacking (979169)

        Name and shame, dude. What the hell piece of software *WAS* that?

  • Due to the crapware that the JRE wants to install - will Google block Oracle? Let's hope so.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      The important question is whether they'll have the balls to block Google Toolbar.

      • by tlhIngan (30335)

        The important question is whether they'll have the balls to block Google Toolbar.

        Last time Java wanted me to update, it asked if I wanted to install Google Chrome!

        Hrm...

    • by synapse7 (1075571)

      But will save me from the java install trying to trick me into downloading chrome?

    • by johanw (1001493)

      Even better: will they build something that does download Java and then blocks the Ask.com shit? I want to see the reaction of Oracle on that.

  • Google Toolbar? (Score:1, Interesting)

    by Anonymous Coward

    So will it flag apps that come with the Google Toolbar bundled?

  • by Obfuscant (592200) on Thursday August 14, 2014 @02:47PM (#47672909)

    Google says it will show a warning in Chrome whenever an attempt is made to trick you into downloading and installing such software.

    That's ... hilarious? I've always considered Chrome to be PUP or PUA considering how it always seemed to be downloaded with something else. I've had to remove Chrome from so many systems where someone has updated some other program and Chrome came along for the ride, sometimes even when I've installed other things and didn't pay extremely close attention. Now Chrome is going to rat out other programs that do the same thing!

  • by BenJeremy (181303) on Thursday August 14, 2014 @02:50PM (#47672935)

    I'm looking at you, CNET... you used to be cool.

    Pretty much any site requiring a "file downloader" is simply evil and should be expunged by or at least blacklisted by browsers. That would help fight 80% of the delivery of malware that I've seen infecting friend's and family's computers.

  • That they're using PUA. Now maybe the "pick up artists" can finally see themselves as what they truly are. Potentially Unwanted Applications (Programs).

  • Any software that opt-ins to install Chrome, set the page to Google, and install the Googlebar too?

    Kinda hypocrit since they're trying to sneak their software in downloads themselves

  • by johanw (1001493) on Thursday August 14, 2014 @02:59PM (#47673019)

    Would they also block downloads with Chrome bundled? That spyware is definitely unwanted on my system.

  • by nine-times (778537) <nine.times@gmail.com> on Thursday August 14, 2014 @03:08PM (#47673101) Homepage
    I know it's started becoming a common terminology, but I don't really like the terms "Potentially Unwanted Program" and "Potentially Unwanted Application". Any program/application is *potentially* unwanted. Whenever someone starts talking about PUP/PUA, I can never figure out where they're drawing the line.
    • by Obfuscant (592200)

      Any program/application is *potentially* unwanted.

      If you've clicked on a link that says "install program X", then program X is no longer potentially unwanted. That's the line. Potentially unwanted applies to the programs Y and Z that are bundled in with program X and install without you asking for them. You may want Y and Z or you may not, thus they are potentially unwanted.

      • If you've clicked on a link that says "install program X", then program X is no longer potentially unwanted.

        I think you mean something like "unwittingly installed program" then. You could knowingly install an application and still retain the potential for not-wanting it.

        • by Obfuscant (592200)

          I think you mean something like "unwittingly installed program" then.

          No, I think I meant what I said. While Y and Z may also be "unwittingly installed", they are potentially unwanted because there is a good possibility that they were not wanted in the first place. Until the user is asked explicitly, you don't know if he wants them or not, so the potential exists.

          You could knowingly install an application and still retain the potential for not-wanting it.

          The act of knowingly installing it contradicts that. If you don't want it, don't make the choice to install it. Now, it may be that they are wanted just to be evaluated and then they are no longer wanted, or they

          • The act of knowingly installing it contradicts that. If you don't want it, don't make the choice to install it.

            See there, you're talking about *actually* unwanted programs. If a program is potentially unwanted, then it's not currently unwanted. It just might become unwanted in the future.

    • by Anomalyst (742352)
      Purulent Unwanted Shiat [PUS] almost recursive. complete with an accurate visual image of the object oozing and malodorous.
    • by AmiMoJo (196126) *

      Crapware. Is "crap" an offensive word? It's from "Thomas Crapper", inventor of the ballcock and the man who popularized the flush toilet.

  • That Bing and MSN are on that list? Darned things took over Chrome on my Mac. Not quite sure how it happened. However, Chrome is now slow as heck.

    Sad state of affairs when I am finding I am using Safari just to avoid it.

    • by brainnolo (688900)
      Try Yandex.Browser. It's based on Chromium, comes with an ad blocker and is snappier than Safari. I switched to that from Safari and never looked back. In settings you can set Google as default search engine if you do not like Yandex search (I don't).
  • So this will be in addition to the anti virus warnings, and the multiple Microsoft warnings?
    • by Anonymous Coward

      Yes, of course. You have been trained to ignore all that noise.

  • by Guspaz (556486) on Thursday August 14, 2014 @05:15PM (#47673785)

    It's currently blocking all downloads of software from dropbox. Which is super annoying. I kickstarted a game for the Oculus Rift, and the developer was trying to distribute the demo to his backers via dropbox, and Chrome is blocking it.

    • by puz (222978)

      I feel your pain.

      The aggressive policy of blocking executable files is hurting my shareware business.

      I've come across quite a number of software company web sites that contain a page telling their customer their software is not Malware even though Chrome says it is. e.g., http://portforward.com/virus_h... [portforward.com]

      Also, they usually have a screen capture that shows you need to ignore the message "This file will harm your computer" and click the scary button that says "Hurt me plenty". e.g., https://www.outsystems.com [outsystems.com]

  • It's installer wants to include McAffee every once in a while. Can it block that crap too?

  • I hope they block Java and it's updates. It's ridiculous that this should include search hijacking by default.

  • Apparently, it is not Google (as in the search engine, or the company) that will block things. It is their shady browser, Chrome, that will block things.
    So people not using Chrome (quite some, I'd say) are not helped by this endeavour.

    • by Skuto (171945)

      As the article points out, the service is used by Firefox (with a number of privacy improvements) and Safari as well.

  • Google's blocking me from downloading Razer's in-game VoIP software.

    Trivially worked around, but concerning.
  • Firefox running NoScript or Chrome not running NoScript ( since last I heard it wasn't available for Chrome )?

  • by Anonymous Coward

    To me, every Javascript snippet, especially those from Google (however Urchin.js is called these days) *is* a PUP.

    That's why I'm so pissed off at Mozilla for taking away the "disable Javascript" button from their UI. This has significantly reduced my trust on browser vendors (including Mozilla, the ones I formerly trusted most).

    Not my allies, but the advertising industries' allies.

  • I wish they would call it Potential Unwanted and Harmful Application (PUHA) which is the danish word for 'poo'.

  • run several processes in the background that slow down the PC, and so on

    So Windows 8 is on the list?

  • They can start with all the crap that tries to install Bing,Ask and a good few others that takes over the browser and makes it unusable, and sometimes being an absolute PITA to get rid of... Google toolbar is actually not that bad and I have yet to see it snuck in the backdoor like the rest of them. At least, Google toolbar actually offers a few useful features such as the page translation.

Suburbia is where the developer bulldozes out the trees, then names the streets after them. -- Bill Vaughn

Working...