back to article Chrome update to raise alarms over deceptive download bundles

Google is planning to roll out an update to the Safe Browsing feature of its Chrome web browser that will alert users to a new category of suspicious downloads: ones that look like they're installing helpful software but could also include additional, unexpected payloads. Safe Browsing already issues alerts to known malware …

  1. Neoc

    Interesting

    Does this mean it'll flash Adobe software as "dubious" because its constant attempts to include the ASK toolbar in its downloads?

    1. Tom 35

      Re: Interesting

      How about Adobe Reader, it keeps trying to install chrome and make it my default browser, they should totally block that!

      1. Anonymous Coward
        Anonymous Coward

        Re: Interesting

        Indeed. Bundling unrelated software that you do not want should be treated no different to attempting to install malware on your computer.

        Lets hope it also stops Adobe flash-plugin which tries to install Mcafee. Was running a qucik install yesterday on a computer and must have missed the checkbox. Next thing I know I have McAfee AV on my desktop which I did not want.

        1. 404

          Re: Interesting

          heh... gotta wait for the 5 second delay as the Adobe install doesn't display the autofilled checkmark box immediately.

          They're bastards,

    2. big_D Silver badge

      Re: Interesting

      Or Java trying to download Chrome?

  2. Cipher

    Windows users could do a lot worse than use Major Geeks, they really do check everything they list...

    1. Anonymous Coward
      Anonymous Coward

      Then you have to ask why do they list the crippled Truecrypt 7.2 version as the latest, rather than the fully-featured (and still being audited) 7.1a? Doesn't give me a lot of confidence in their checking process.

      1. Pookietoo

        Re: why do they list the crippled Truecrypt 7.2 version

        Because that's the latest official and unadulterated version. It's also totally atypical, as anyone familiar with the circumstances will, I am sure, agree.

      2. Cipher

        @credas

        You did read the editor's note, and did see the link to the article they wrote that goes into to the affair, right? Further, any software that has optional addons are clearly indicated and a note on how to avoid it is always mentioned. Point of fact is their downloads are either the tested one they host, or a direct link to the author's site, none of the dodgy 3rd party sites this el reg article is warning about.

        Doing a web search of their safety will give you an idea what different security sites think of them, all extremely positive. In 10 years, I have never even heard a whisper of a problem with them, and I have no ownership position there...

  3. uncle sjohie

    Unchecky

    I just use unchecky, a little tool that does what the name says, it automatically unchecks all of those default toolbars, like the Ask toolbar in the Adobe Flash downloads.

  4. Anonymous Coward
    Anonymous Coward

    Left hand, meet right hand

    Google could just allow trademark owners to pull ads that misuse their trademark, but then how would they make any money off them?

  5. Benjol

    Just in case anyone has not seen this yet (and if anyone still uses Java);

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft]

    "SPONSORS"="DISABLE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft]

    "SPONSORS"="DISABLE"

    1. graeme leggett

      Or go through control panel, Java and under the advanced settings, scroll all the way to the bottom to find "suppress sponsor offerings"

  6. Anonymous Coward
    Flame

    Great...

    ....now will it automatically block that spyware software being installed and set as default by loads of 3rd party software, you know, that Chrome browser thing?

    1. Anonymous Coward
      Anonymous Coward

      Re: Great...

      You do realise this is a feature of the Chrome Browser don't you?

    2. Anonymous Coward
      Anonymous Coward

      Re: Great...

      Does Chrome still install on Windows machines without needing admin privs?

    3. Pookietoo

      Re: Great...

      As you have to be running Chrome to use the feature (at least until Mozilla release their version) it's a bit late to try to block its installation.

  7. Kristian Walsh

    Interesting solution...

    1. Malware producer signs up for AdWord placement on trademarks they don't own

    2. Google accepts the bogus ad.

    3. Google serves bogus ad to unwitting customer

    4. The advert is clicked, so Google gets the higher "clicked ad" payment from malware producer

    5. The malware is requested from the producer's download site.

    6. Google blocks the request to "protect the user".

    All very clever, but I see a pruning optimisation before step 2.

    1. graeme leggett

      Re: Interesting solution...

      7. User selects next search result

      8. Goto 4

    2. Anonymous Coward
      Anonymous Coward

      Re: Interesting solution...

      But then Google wouldn't get the ad money... and Google gets what Google wants.

  8. Fihart

    Maybe Chrome won't be installed unasked either.

    Astonished that an update to a trusted program like Avast tried to thrust the Chrome browser onto my PC unasked.

    Normally I wouldn't object as I have used and liked Chrome in the past but, with recent revelations about its memory footprint and battery thirst, not so welcome.

  9. Anonymous Coward
    Anonymous Coward

    Time for Microsoft

    To clock on to the Linux way of offering legit software updates through a centralized software repository. Could do the same with drivers and codes.

  10. Anonymous Coward
    Anonymous Coward

    This is great news

    Just last week, I found Chrome had switched to using Bing, for the default search, and I couldn't finger the culprit. And having the Ask toolbar installed seems to be an occupational hazard, when installing free software.

    1. eldakka Silver badge

      Re: This is great news

      NEVER accept default installation options.

      If offered, ALWAYS select 'customize' install, or Advanced install or similar. The screens shown when you select those options is where you'll usually find (if it exists) additional software installed and the option to disable it.

      ALWAYS read the text on the installation wizard pages, as they'll often be different to the heading, e.g. the Heading and title on the page in the wizard might say "Chrome Installation", but there might be a license agreement (with the typical scrollbar to read a huge chunck of license text, this u can probably ignore like everyone else does) but then there might be other text just below the license agreement along the lines of "Click Next to accept the license for Ask Toolbar and install it" with 2 buttons, Cancel and Next, in this case you want the CANCEL button, as it's not the Chrome license or installation it's asking about, but the installation of Ask Toolbar. Clicking Cancel will cancel Ask, not Chrome, and it'll take you to another screen where you might be asked the same type of question for another piece of software, or might be the final cancel/next for installing chrome.

  11. eldakka Silver badge
    Mushroom

    Well, since I don't want Google to know every URL I browse to, I turn the Safe Browsing feature off.

    And people wonder how/why Google and whoever know their surfing history...well if you turn Safe Browsing on, every URL you ever visit is sent to Google. Whether you are browsing Facebook, your bank, ebay, pr0n, paypal, kmart, walmart or whoever, it'll get sent to Google if you leave Safe Browsing on. Every link you click, every URL that link loads, all sent to Google.

  12. Jan Hargreaves

    Google bribed many to bundle their browser with their software installers.

    The irony...

  13. Anonymous Coward
    Anonymous Coward

    Oracle Java is guilty too

    Oracle will install the Ask toolbar with Java. Used to be you had to opt out. Now you need to opt in (this month). Ask is a royal pain to have on your system, and getting rid of it requires the use of dynamite.

  14. jonathanb Silver badge

    This won't help Firefox, because most people use Internet Explorer to download it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like