Google says that the latest beta version of its popular Chrome browser incorporates a new security feature to warn users that they are trying to download malicious software from a website.
That's not a revolutionary new feature, of course, and various other browsers already protect consumers in this way. Not to mention "conventional" anti-virus solutions which also offer this kind of protection.
Google made the announcement on their Chrome blog, explaining that earlier versions of their browser only warned of drive-by malware attacks.
The latest Chrome beta version, however, "now includes expanded functionality to analyze executable files (such as '.exe' and '.msi' files) that you download. If a file you download is known to be bad, or is hosted on a website that hosts a relatively high percentage of malicious downloads, Chrome will warn you that the file appears to be malicious and that you should discard it."
I wanted to include a screenshot of Google Chrome intercepting malicious software downloaded from websites - but when both I and colleagues in SophosLabs tried to get Google Chrome to alert when downloading malware, we couldn't manage to coax it into noticing.
Admittedly, the test we conducted was only against a very small handful of malware - W32/Parite-B, Troj/Agent-OIK, Mal/Behav-130 - and the EICAR test file. So we shouldn't be too quick to read too much into Chrome's failure in this very limited test.
It is a beta version of Google Chrome after all. And, regardless of Chrome's current or future ability to prevent malware downloads, we would never recommend that users rely solely on their browser for anti-virus protection.
Hopefully the feature will be enhanced in the near future to include detection for more malware, and we'll be able to share a picture of Chrome's new protection feature in action.
Follow @gcluley
Doesn't Internet Explorer (and Firefox probably) already do this?
Firefox does it with addons but IE does it with MSE.
Which addons (Firefox)?
How about Internet Explorer's "smart screen filter"? Doesn't that filter out the malware?
IE filters out everything which is unknown to it.
IE does it using smartscreen, which has the capability of providing file reputation and malware detection. It's separate from MSE.
Firefox, afaik, doesn't do it.
Thank you so much for google team.
The exe file of my program which is hosted on my website is not malicious. Virus total shows 0/43. But Google Chrome gives a warning that the file can be dangerous.