Protecting users from malicious downloads

Tuesday, April 5, 2011 11:27 AM

For the past five years Google has been offering protection to users against websites that attempt to distribute malware via drive-by downloads — that is, infections that harm users’ computers when they simply visit a vulnerable site. The data produced by our systems and published via the Safe Browsing API is used by Google search and browsers such as Google Chrome, Firefox, and Safari to warn users who may attempt to visit these dangerous webpages.

Safe Browsing has done a lot of good for the web, yet the Internet remains rife with deceptive and harmful content. It’s easy to find sites hosting free downloads that promise one thing but actually behave quite differently. These downloads may even perform actions without the user’s consent, such as displaying spam ads, performing click fraud, or stealing other users’ passwords. Such sites usually don’t attempt to exploit vulnerabilities on the user’s computer system. Instead, they use social engineering to entice users to download and run the malicious content.

Today we’re pleased to announce a new feature that aims to protect users against these kinds of downloads, starting with malicious Windows executables. The new feature will be integrated with Google Chrome and will display a warning if a user attempts to download a suspected malicious executable file:

Download warning

This warning will be displayed for any download URL that matches the latest list of malicious websites published by the Safe Browsing API. The new feature follows the same privacy policy currently in use by the Safe Browsing feature. For example, this feature does not enable Google to determine the URLs you are visiting.

We’re starting with a small-scale experimental phase for a subset of our users who subscribe to the Chrome development release channel, and we hope to make this feature available to all users in the next stable release of Google Chrome. We hope that the feature will improve our users’ online experience and help make the Internet a safer place.

For webmasters, you can continue to use the same interface provided by Google Webmaster Tools to learn about malware issues with your sites. These tools include binaries that have been identified by this new feature, and the same review process will apply.
The comments you read here belong only to the person who posted them. We do, however, reserve the right to remove off-topic comments.


Renegade said...

This is a great feature! - All we need now is an easy solution to get all the IE, Firefox and Opera users out there to install Chrome!...

Mickey said...

I am all for a safe internet. I wonder just how this might be used in a bad way? Who (I know Google but WHO @ the Google Organization will manage this kind of stuff. It might take a person to do this. An algorithmic might take care of it.

Windows users always have a bad time with these downloads. And the real issues are that even if the files are safe, Virus Free, They may still be Malicious in nature.

robertoj. said...

I think this is a great idea ; to navigate the Web safely has been a recurrent dream for me .

College said...

Will this ever be implemented on the Mac (Safari) or on the Mac version of Google Chrome. This is an excellent idea that should be available to all users in order to be most effective!

Pravin Vibhute said...

Instead of having a locally installed security software, this is a new way of Cloud based security and Google wants everything in the Cloud. And this strategy really work. If everyone start using Google Chrome, it will be a other way of using security suits.