Google Expands Safe Browsing To Block Unwanted Downloads

An anonymous reader writes "Google today announced it is expanding its Safe Browsing service to protect users against malware that makes unexpected changes to your computer. Google says it will show a warning in Chrome whenever an attempt is made to trick you into downloading and installing such software. In the case of malware, PUA stands for Potentially Unwanted Application, which is also sometimes called Potentially Unwanted Program or PUP. In short, the broad terms encompass any downloads that the user does not want, typically because they display popups, show ads, install toolbars in the default browser, change the homepage or the search engine, run several processes in the background that slow down the PC, and so on."

Good idea.

[gurps_npc]

Not that hard to maintain a database of crapware and require people to double check before they activate it?

Re:

[ShaunC]

As with many things, the theory is fine, we're going to have to wait and see how it's executed. I've grown wary of lists like this because invariably you wind up with false positives, or with benign items being added to the list intentionally.

Re:Good idea.

[Anonymous Coward]

The real test is if they block stuff that installs Google Toolbar. If they don't then this is all just bullshit.

even better to blackhole those sites.

[swschrad]

or maybe use those sites to DOS themselves

Good.

[mythosaz]

Even smart people (in other arenas) don't get it.

It's that many more days between fixes to someone's computer after you install Chrome -- if Chrome is still your browser of choice.

Re:

[Skuto]

Internet Explorer has offered this for far longer than Chrome and it's actually quite effective when you don't click away the warnings. Note that Firefox and Safari also use the same SafeBrowsing service as Chrome does, though they have to wait for the protocol documentation to be updated before offering features like this one.

That would include Java then...

[Anonymous Coward]

...and many open source program installers trying to get you to install toolbars, etc. Should be interesting.

Re:

[mythosaz]

Java's sideloading of other crap causes anger to the power of a thousand suns.

It'd be less bothersome if every JRE update didn't suck so much to begin with.

Re:

[_xeno_]

A lot of companies do. I have to have Java installed on my work computers - and not just because we end up writing a lot of Java code ourselves. The backup software IT uses requires 32-bit Java. (Not 64-bit, it will crash if you use 64-bit Java. Up until recently it would also crash if you used anything after Java 1.6, but since that's no longer supported, they finally fixed that.)

There are also a few internal sites that require Java applets, so that's fun to deal with too.

Re:

[UnknownSoldier]

Considering Minecraft has sold over 54 million copies, [gamespot.com] a few million which are on PC and OSX, yeah, people STILL use Java.

Re:That would include Java then...

[Anonymous Coward]

Find the Java Control Panel, go to advanced options, and near the bottom in miscellaneous, you can tell java not to bug you with crap ware when it updates.

Re:That would include Java then...

[mythosaz]

On Windows, from an enterprise perspective, that's not the way to do it.

Java has moved to a set of files that go in %systemroot%\sun\java\deployment that now manages those settings.

...except they don't always work, and load in a race with the start of Java, causing options to be ignored half the time.

Re:

[lgw]

Yep - both MS and Google have both said they'll being doing this, but I don't believe them or anyone else till they block download of the Java installer.

It's easy to block stuff that's matches the "malware pattern" described in the TFA, but it's the potential lawsuits by malware distributers (claiming to be legit, of course) that have prevented us from the right answer so far. Both MS and Google have the money to stand up to any such attack, and to take on Oracle over Java if it comes to that - but do the

Re:

[Anonymous Coward]

Like Sourceforge installers.

Re:

[slashmydots]

I doubt coinstallers are what they block considering the side stuff is downloaded as a separate MSI on the fly while the original installer is running. It sounds like they'll block "flash player pro" and ilivid and others that hide behind fake download button ads THAT THEY THEMSELVES HOST WITH FUCKING ADSENSE!

Re:

[Jason Levine]

The number of programs that try to get you to install toolbars is frustratingly large. When I bought my new computer, I installed a bunch of programs that I regularly use. One of my usual programs, as I installed it, suddenly started asking me to install toolbar after toolbar. Only it didn't say "Do you want to install X." It told me X was going to be installed as the next step and I had to go into Advanced Options and uncheck multiple checkboxes to prevent X from being installed. Repeat for Y, Z, Q, e

Re:

[dixonpete]

U gotta love Linux's repository model for this. Less choice but a lot more stability/honesty.

Re:

[Jason Levine]

On the Windows side, there is one download site that I almost always get my programs from. If the program includes toolbars or the like, they will warn you about it so you can opt-out during the install process. They will completely weed out any programs that are infected. (The previously-trusted program that had a bunch that slipped through had been downloaded directly from the program creator's website, however.) It's not a fool-proof solution, of course, but it helps.

Re:

[Somebody Is Using My]

On the Windows side, there is one download site that I almost always get my programs from

Since I'm sure others are looking for a trustworthy archive of that sort (I know I am), care to name the one you use?

Re:

[Jason Levine]

The one I use is http://www.SnapFiles.com/ [snapfiles.com].

Re:

[cbhacking]

Name and shame, dude. What the hell piece of software *WAS* that?

Will Google have the balls to block Oracle?

[bmk67]

Due to the crapware that the JRE wants to install - will Google block Oracle? Let's hope so.

Re:

[Anonymous Coward]

The important question is whether they'll have the balls to block Google Toolbar.

Re:

[deviated_prevert]

No, dumbass, you can't use the google toolbar with google chorme. Its redundant.

Too bad you called the OP a dork, for obvious reasons. If I had mod points I would have given your post a boost. Obviously the same goes for the bing things and all the other crapware from AOL and the like. Google is running into the same image problem that Microsoft did with activeX. Damned if you do, loose user eyeballs if you don't. Java that is another whole kettle of muck. Here is hoping that html5 does not turn out to be as insidious with add on off browser capable apps that just highjack the engine a

Re:

[tlhIngan]

The important question is whether they'll have the balls to block Google Toolbar.

Last time Java wanted me to update, it asked if I wanted to install Google Chrome!

Hrm...

Re:

[synapse7]

But will save me from the java install trying to trick me into downloading chrome?

Re:

[johanw]

Even better: will they build something that does download Java and then blocks the Ask.com shit? I want to see the reaction of Oracle on that.

Google Toolbar?

[Anonymous Coward]

So will it flag apps that come with the Google Toolbar bundled?

You just can't make this stuff up

[Obfuscant]

Google says it will show a warning in Chrome whenever an attempt is made to trick you into downloading and installing such software.

That's ... hilarious? I've always considered Chrome to be PUP or PUA considering how it always seemed to be downloaded with something else. I've had to remove Chrome from so many systems where someone has updated some other program and Chrome came along for the ride, sometimes even when I've installed other things and didn't pay extremely close attention. Now Chrome is going to rat out other programs that do the same thing!

Re:You just can't make this stuff up

[Gordo_1]

Well, as any successful malware author knows, you must pull up the ladder behind you once you're on board.

Re:

[AmiMoJo]

Can you name an app that bundles Chrome? I've never seen it installed via some other app.

Re:

[Obfuscant]

Can you name an app that bundles Chrome?

No, it has been long enough ago that I don't remember which did.

I know they did because that was the only way it ever made its way onto one of my systems.

Re:

[rsmith-mac]

Adobe Flash Player as recently as yesterday.

Re:

[AmiMoJo]

It seems to bundle McAfee, not Chrome. What version are you looking at?

Re:

[Elbart]

It's bundling McAfee when you download the Flash player with Firefox, but it's bundling Chrome when you download it in IE. :)

Re:

[rsmith-mac]

Correct. It wants to bundle Chrome and the Chrome Toolbar for IE when you're visiting the Flash installer page on IE.

Re:

[Elbart]

Cyberlink PowerDVD, iirc.

Block all file downloaders

[BenJeremy]

I'm looking at you, CNET... you used to be cool.

Pretty much any site requiring a "file downloader" is simply evil and should be expunged by or at least blacklisted by browsers. That would help fight 80% of the delivery of malware that I've seen infecting friend's and family's computers.

God I love the fact

[Rinikusu]

That they're using PUA. Now maybe the "pick up artists" can finally see themselves as what they truly are. Potentially Unwanted Applications (Programs).

Re:

[KamikazeSquid]

That really is too perfect.

Everything?

[Hamsterdan]

Any software that opt-ins to install Chrome, set the page to Google, and install the Googlebar too?

Kinda hypocrit since they're trying to sneak their software in downloads themselves

He got no legal threat from me

[Anonymous Coward]

CA falsely accused me of a ware being malware & removed the threat level (reduced to zero threat in the end) on my passing all 21 of their then questions for removal (This was upon the advice of an attorney John Lowe of Hiscock & Barclay in a conversation with him regarding it on the telephone that I take their test for removal).

So, I did so, & I passed the 21 questions, & the "alleged threat" was downrated, BUT, should have been removed totally: It wasn't.

Same happened on my APK Hosts File

Re:

[rogoshen1]

it's like saying "candyman" 3 times into a mirror..

Block downloads with Chrome bundled

[johanw]

Would they also block downloads with Chrome bundled? That spyware is definitely unwanted on my system.

Potentially...

[nine-times]

I know it's started becoming a common terminology, but I don't really like the terms "Potentially Unwanted Program" and "Potentially Unwanted Application". Any program/application is *potentially* unwanted. Whenever someone starts talking about PUP/PUA, I can never figure out where they're drawing the line.

Re:

[Obfuscant]

Any program/application is *potentially* unwanted.

If you've clicked on a link that says "install program X", then program X is no longer potentially unwanted. That's the line. Potentially unwanted applies to the programs Y and Z that are bundled in with program X and install without you asking for them. You may want Y and Z or you may not, thus they are potentially unwanted.

Re:

[nine-times]

If you've clicked on a link that says "install program X", then program X is no longer potentially unwanted.

I think you mean something like "unwittingly installed program" then. You could knowingly install an application and still retain the potential for not-wanting it.

Re:

[Obfuscant]

I think you mean something like "unwittingly installed program" then.

No, I think I meant what I said. While Y and Z may also be "unwittingly installed", they are potentially unwanted because there is a good possibility that they were not wanted in the first place. Until the user is asked explicitly, you don't know if he wants them or not, so the potential exists.

You could knowingly install an application and still retain the potential for not-wanting it.

The act of knowingly installing it contradicts that. If you don't want it, don't make the choice to install it. Now, it may be that they are wanted just to be evaluated and then they are no longer wanted, or they

Re:

[nine-times]

The act of knowingly installing it contradicts that. If you don't want it, don't make the choice to install it.

See there, you're talking about *actually* unwanted programs. If a program is potentially unwanted, then it's not currently unwanted. It just might become unwanted in the future.

Re:

[Anomalyst]

Purulent Unwanted Shiat [PUS] almost recursive. complete with an accurate visual image of the object oozing and malodorous.

Re:

[AmiMoJo]

Crapware. Is "crap" an offensive word? It's from "Thomas Crapper", inventor of the ballcock and the man who popularized the flush toilet.

Re:

[nine-times]

He gave us both the word "crap" and "ballcock"? What a guy.

I trust...

[Ronin Developer]

That Bing and MSN are on that list? Darned things took over Chrome on my Mac. Not quite sure how it happened. However, Chrome is now slow as heck.

Sad state of affairs when I am finding I am using Safari just to avoid it.

Re:

[brainnolo]

Try Yandex.Browser. It's based on Chromium, comes with an ad blocker and is snappier than Safari. I switched to that from Safari and never looked back. In settings you can set Google as default search engine if you do not like Yandex search (I don't).

how many warmings?

[AndyKron]

So this will be in addition to the anti virus warnings, and the multiple Microsoft warnings?

Re:

[Anonymous Coward]

Yes, of course. You have been trained to ignore all that noise.

Re:

[penguinoid]

Don't clueless people WANT the functionality that these PUA install?

Not anymore -- now lots of installers come with "Yes, I want to install random malware" checkbox pre-checked. Used to be you could just mash the "next" button when installing, now if you do that your computer will get p0wned.

It's broken

[Guspaz]

It's currently blocking all downloads of software from dropbox. Which is super annoying. I kickstarted a game for the Oculus Rift, and the developer was trying to distribute the demo to his backers via dropbox, and Chrome is blocking it.

Re:

[puz]

I feel your pain.

The aggressive policy of blocking executable files is hurting my shareware business.

I've come across quite a number of software company web sites that contain a page telling their customer their software is not Malware even though Chrome says it is. e.g., http://portforward.com/virus_h... [portforward.com]

Also, they usually have a screen capture that shows you need to ignore the message "This file will harm your computer" and click the scary button that says "Hurt me plenty". e.g., https://www.outsystems.com [outsystems.com]

Adobe Flash

[FlynnMP3]

It's installer wants to include McAffee every once in a while. Can it block that crap too?

Oracle Java

[the eric conspiracy]

I hope they block Java and it's updates. It's ridiculous that this should include search hijacking by default.

The title is a lie

[Vlijmen Fileer]

Apparently, it is not Google (as in the search engine, or the company) that will block things. It is their shady browser, Chrome, that will block things.
So people not using Chrome (quite some, I'd say) are not helped by this endeavour.

Re:

[Skuto]

As the article points out, the service is used by Firefox (with a number of privacy improvements) and Safari as well.

Razer Comms

[Chrontius]

Google's blocking me from downloading Razer's in-game VoIP software.

Trivially worked around, but concerning.

So which is safer ?

[MouseTheLuckyDog]

Firefox running NoScript or Chrome not running NoScript ( since last I heard it wasn't available for Chrome )?

Every Javascript snippet is a PUP

[Anonymous Coward]

To me, every Javascript snippet, especially those from Google (however Urchin.js is called these days) *is* a PUP.

That's why I'm so pissed off at Mozilla for taking away the "disable Javascript" button from their UI. This has significantly reduced my trust on browser vendors (including Mozilla, the ones I formerly trusted most).

Not my allies, but the advertising industries' allies.

Better acronyms

[bombman]

I wish they would call it Potential Unwanted and Harmful Application (PUHA) which is the danish word for 'poo'.

Windows 8

[vawarayer]

run several processes in the background that slow down the PC, and so on

So Windows 8 is on the list?

Re:

[vawarayer]

Potentially Unwanted Nag intented.

Pups

[Starport]

They can start with all the crap that tries to install Bing,Ask and a good few others that takes over the browser and makes it unusable, and sometimes being an absolute PITA to get rid of... Google toolbar is actually not that bad and I have yet to see it snuck in the backdoor like the rest of them. At least, Google toolbar actually offers a few useful features such as the page translation.