[Google Chrome] 99% interesting extension

It's not 100% interesting due to one little thing...

The extension in question is Exe Blocker, which you can get at -https://chrome.google.com/webstore/detail/exe-blocker/gpmojgdifdieilleikodmnkeeefihpob

By default, it will block the download of any .exe and .msi files. It does it so by means of blocking any URL ending in those, such as -http://dl7.zemana.com/AntiLogger_Free/AntiLoggerFree_Setup_1.3.1.497.exe

We can add more file types to the extension, though. In order to do it, once you install the extension, you just need to edit the file background.js, like so:

Code:

var blocked_file_extensions = [
  ".exe",
  ".com",
  ".msi",
  ".msp",
  ".dll",
  ".js",
  ".ps1",
  ".vbs",
  ".cmd",
  ".bat",
  ".tmp"
  ".pif",
  ".src"
];

I just added those to test them, and most of those file types are present in Windows 7 AppLocker rules.

It works quite well. The only problem is when I search for a term using my default search engine in the address bar that includes any of those file types. If I search for someexe.exe, it will be blocked. Nothing that can't be worked, by first opening the search engine page.

Nonetheless, it seems an interesting extension.

-edit-

Image attached

 

This is very interesting! Thanks for posting about it!

Can it be locked so users can't disable it? If so, this would make Chrome much more attractive for business use.

 

Nice find!

 

Good question! I've been trying to find for a Chromium/Google Chrome group policy that could allow that, but couldn't find anything. Big bummer.

The closest thing I found was another extension, which apparently also allows to lock the extensions list. It also allows to lock the browser.
I'm not sure if to lock the extensions list we also need to lock the browser, though.

This is the extension: -https://chrome.google.com/webstore/detail/browser-lock/ofilhkhdoiamdkbgciniekmdgjehaadm/details

I haven't tried it. Just found it.

It would be great that Chromium/Google Chrome could allow to block access to the extensions list, though. I may create a issue thread over Chromium's own forum and request that. It would be really useful.

-edit-

The extension Browser Lock doesn't work as I expected. I could still disable any extension. Maybe I did something wrong.

 

Any way to verify who Glenn Wilson (the dev) is?

 

Couldn't find anything useful that could help us contact him/her (don't know whether Glenn is a male/female name). The only hope would be to use Chrome Web Store Reviews tab. One needs to sign in, though. -https://chrome.google.com/webstore/detail/exe-blocker/gpmojgdifdieilleikodmnkeeefihpob/reviews

Someone asked for more file types. I hope that person sees this thread.

-edit-

The developer has two other extensions, and there's a link to -http://spoofer-extension.appspot.com. There's a contact page there. But, basically anything related to the extensions should be done in the extensions pages. Or, anyone interested can go the his/her Google Plus page.

 

Thanks for the info! This type of extension should be part of all browsers by default.

 

This is 0% interesting and 100% useless IMO. Why the heck would I want this kind of blocker restricting my experience?

By default, any modern browser does not start downloading such files without asking the user for his authorization.

 

Hardly useless. This type of app would help prevent driveby downloads from being installed, especially by those users who are not as experienced as most of us on this forum.

 

Yes and it would also prevent any other download from said user LOL. Very useless.

 

My 70yr old mom does not install a single piece of software, as I maintain her machine a couple of times per month. This extension would be great for her, and for me too, as I would no longer have to worry what I'm going to find each time I update her machine.

Remember, not everyone who owns a computer is experienced.

 

The usefulness of something is always a matter of perspective and needs. And, as always, this kind of extension/other security application, will always the depend on the fact that the targeted users are willing to make a compromise.

Scenario: User A only cares about his/her applications being able to update themselves/manually download and install them. User A prefers to use a dedicated downloads manager, where all the different applications are grouped in categories, and where a simple redownload - without having to go through bookmarks/whatever - suffices to get a new version of the software, and have a scheduled batch downloading. Something that Google Chrome does not offer.

In such scenario, such an extension would be welcome to prevent drive-by downloads, IMO. Without sacrificing the user with anti-executables, etc.

I was actually looking for way to have a more visible alert, within the browser, about what gets blocked, and that wasn't my initiative to download. I used to be able to see it happening with previous Chromium versions, but ever since Chromium sandbox was improved, .exe and other file types would be downloaded (deleted afterwards by the browser itself), due to my security settings. Before, they would just fail, as I wanted. So, this extension brings back what I want - downloads to fail in the browser. This also saves me precious traffic, which is limited.

 

I feel sorry for DBone's mom freedom.

 

WTF are you saying?

 

Freedom to download and install what she wants. Like games. What if she wants to play a game.

 

She uses it strictly for the internet and her email. She doesn't know how to install software, and certainly doesn't want to learn.

 

I understand.

However, I can't see this "let's block everything besides the bare essential for what she needs now" as the best approach. The compromise with freedom is too large. People sometimes change their minds. Sometimes, a person wants to break a routine, do something different - be it in the computer, or out of it.

The correct approach, the smart approach, IMO, is to block what really deserves to be blocked - malicious software and the like. Why? Because nobody wants those (except researchers). A good password-protected and/or fully automatic AV or security suite would be enough if the user doesn't care or doesn't want to deal with alerts. Add something like system-wide SmartScreen, leave Windows' and its apps settings at their default ON-automatic (especially regarding updates), and chances are the person will never be "infected" - and will still have her "computing" freedom intact.

 

Just like blocking the malicious scripts. These are mostly responsible for the malicious auto-downloading and installation of malicious payloads.

This otherwise looks to be a pretty nifty and useful extension, except I wonder if it will get long term development or eventually dropped like what's seemingly happened to the ScriptNo extension I would rather whitelist scripts through the browser rather than block file extension types.

 

You can disable users from turning extensions off through chrome policies.

http://www.google.com/url?sa=t&sour...7oHQCA&usg=AFQjCNFTTwkWUpmWC740mvhlbzISai8DUw

 

Your argument is that people should be free to use thier computer the way they want, right? I can see that point. But for those who don't know or understand, restricting some freedoms, like installing whatever they please, actually gives them freedom in return - they are free to have a computer without the issues associated with certain "freedoms". Many people actually value having a problem free computing experience with restrictions over no restrictions and lots of problems.

Of course there are some who value the freedoms you speak of, and they don't want to be "hindered" by restrictions. I know many such people. They also pay others to fix thier machines that would not have needed fixing if only they had a few restrictions in the first place

This is just another tool at your disposal to have things the way you want them. And for some, that will mean a lack of freedom I guess. But, that can be a good thing too.

Sul.

 

Which group policy are you talking about?

 

And, how exactly does one block malicious scripts? Can most users differentiate them? I'd imagine that someone with knowledge would dissect a website before accessing it, etc. Other than that, how would anyone else know that malicious scripts are present? They wouldn't. We would use tools such as NoScript, etc., or even disable JavaScript altogether.

And, the difference with NoScript/similar, is that, you have the chance to whitelist whatever you want to whitelist. The same doesn't mean the user knows what he/she is whitelisting.

The same happens with AppLocker, etc. We block everything, except what we want to allow.

While Exe Blocker itself doesn't have a whitelist approach (maybe someone can suggest it), following my approach (mentioned in my previous comment), one does have a whitelist/blacklist.

It's all about the tool and what you can do with it, or what you can do to assist it.

 

It's easy actually. there's no need to over analyze or dissect anything. Start with the top level domains, then add only exactly what is necessary after that to view the content needed. That's how I use NoScript and it works brilliantly

 

I think the issue here is determining what's "necessary" when so often it's randomly named scripts.

 

But, doesn't it boil down to knowing? First, the user needs to know which TLDs he/she will be using, then figure out which scripts will be needed for any website to function as they want them to function, then whitelist. At the end of the day, it would had been easier to leave the scripts alone, and just block downloads. Simply have a download manager with all the software/files they need to redownload, divided in category groups.

No hassle trying to figure out what to whitelist/blacklist, be it with NoScript/other, anti-executables, etc. Some people need a simpler way, and one that can work along side an antivirus just fine. I do believe such an approach would work, provided that users would be willing to make a compromise - to use a download manager.

Most people I know, from those who don't care about computer security, they simply use their computers for their e-mail, facebook, messenger/skype. Nothing else. lol Things like Office, etc., they update automatically. So, it's a nice approach.