Google announced a new security feature today for the Google Chrome product. The Chrome team are enhancing the implementation of their Safe Browsing API service to include downloaded files.
What is the Safe Browsing API? It is an online database of known phishing sites and malware infected web pages that is hosted at Google.
Applications like Chrome, Firefox and Safari can query this database in real time to provide protection against the latest internet threats.
Google’s API is open to other software application developers as well, although the primary use case seems to be browsers.
What Google is announcing is that starting with the developer builds of Google Chrome they will now check files you attempt to download against their API.
This could be a very valuable technique for protecting users of Google Chrome against threats like Fake anti-virus.
Often there are many, many sites, some of which are not blacklisted in Safe Browsing, but they all point to the same location for the actual malware download.
By adding support for these known malware destinations they will reduce the number of infections for users using Chrome. This is a very similar method to protect endpoints that we use in Sophos Live URL Filtering.
To learn more about threats on the web, download our paper “Modern Web Attacks” by SophosLabs researcher Fraser Howard.
This API has helped me out quite a few times, good stuff.
Every time I read an article about malware hosted on known web-sites, I wonder the same thing. Why are these sites allowed to exist and continue?
What possible rationale exists among law enforcement that considers this sort of malicious assault legal and protected?
Why are such sites not immediately destroyed upon discovery and their owners fined or jailed?
Utterly Baffled
It is hard to go through the process of getting warrants and shutting them down. It’s a long drawn out process. Also some of these servers are perfectly legitimate and have been hacked.
Some are hosted in places that don’t listen to demands by the US.
Google is looking to store your data on their servers, so the only security involved is the quality of your password.