Google Chrome will block dangerous downloads

Forthcoming versions of Google Chrome will block downloads that Google considers dangerous. Upon clicking a questionable file, users will see a pop-up window saying the “file appears to be malicious,” and asking if they want to cancel.

The block is designed to avoid social engineering attacks, usually sent by e-mail, that convince users to download innocent-looking executables that display spam messages, grab confidential data, or (perhaps more usefully for Google) perform click fraud, by which money is generated illegally from false clicks on Website advertisements.

Google says that the service will only block Windows .exe files initially. These continue to account for the lion’s share of malware, so that’s no bad thing, but presumably Mac, Linux, and maybe even mobile phone app coverage will follow.

The new feature doesn’t analyze the file itself, like antivirus programs. Instead, it merely watches if the file comes from a list of suspected malware-distributing Websites.

As such, it’s an extension of Google’s Safe Browsing application programmer interface (API) that’s been built into Google Chrome since the early days, and which is responsible for warning users when they’re about to access any potentially dangerous Website that could lead to “drive-by” download of malicious code (which is to say, Websites that exploit bugs in browser software or plug-ins to surreptitiously install software on user’s computers).

The API relies on lists of suspected malware-containing sites that are built automatically by Google’s search bots. Google’s own search routines use the lists to mark sites in search results that are potentially dangerous.

Some users of the Chromium pre-release software (that is, the testing release of Chrome) are trying the new feature, which is expected to roll out to the main Chrome release soon.

As welcome as the new features are, Chrome is in the unusual position of playing catch up to Internet Explorer 9, which features an arguably superior method of blocking potentially malicious downloads. Microsoft’s SmartScreen Application Reputation rates downloads in three ways: whether they’re digitally signed, the reputation of the author, and–arguably most importantly–how many times the file has been downloaded by others.

As far as users are concerned, usually this means that a warning appears saying the file isn’t “commonly downloaded”, and mentions that if the user was directed to the download by an e-mail then they might want to reconsider their actions.

Microsoft’s heavily engineered approach stands in contrast to Google’s simple lists of suspected malicious sites, although the simpler approach has appealed to Mozilla and Apple, both of which use the Google API in their Firefox and Safari browsers. However, recent tests have shown that Microsoft is winning the online security war by a significant margin.

This leaves users in a quandary: Internet Explorer remains one of the most popular targets for hackers yet it also contains the most effective security. Should you drive an armored tank, knowing that you’ll be shot at, or drive a car with less protection that might be a smaller target?