Google Chrome to alert on malware downloads

Google Chrome will warn you when it's been hijacked

Google ChromeGoogle says that the latest beta version of its popular Chrome browser incorporates a new security feature to warn users that they are trying to download malicious software from a website.

That’s not a revolutionary new feature, of course, and various other browsers already protect consumers in this way. Not to mention “conventional” anti-virus solutions which also offer this kind of protection.

Google made the announcement on their Chrome blog, explaining that earlier versions of their browser only warned of drive-by malware attacks.

The latest Chrome beta version, however, “now includes expanded functionality to analyze executable files (such as ‘.exe’ and ‘.msi’ files) that you download. If a file you download is known to be bad, or is hosted on a website that hosts a relatively high percentage of malicious downloads, Chrome will warn you that the file appears to be malicious and that you should discard it.”

I wanted to include a screenshot of Google Chrome intercepting malicious software downloaded from websites – but when both I and colleagues in SophosLabs tried to get Google Chrome to alert when downloading malware, we couldn’t manage to coax it into noticing.

Admittedly, the test we conducted was only against a very small handful of malware – W32/Parite-B, Troj/Agent-OIK, Mal/Behav-130 – and the EICAR test file. So we shouldn’t be too quick to read too much into Chrome’s failure in this very limited test.

It is a beta version of Google Chrome after all. And, regardless of Chrome’s current or future ability to prevent malware downloads, we would never recommend that users rely solely on their browser for anti-virus protection.

Hopefully the feature will be enhanced in the near future to include detection for more malware, and we’ll be able to share a picture of Chrome’s new protection feature in action.