Google Chrome Adding Malicious Drive-By-Downloads Protection

Discussion in 'other software & services' started by Minimalist, Jan 25, 2019.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://www.bleepingcomputer.com/ne...ding-malicious-drive-by-downloads-protection/
     
  2. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    How about users use actual protection like an SRP or an anti-exe or a sandboxed/VM-ed browser etc. rather than useless AVs
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Most users wouldn't know how to use those tools.
     
  4. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    No one was born knowing, we all started somewhere. Besides, there's nothing hard in using most of those, like even if you don't know how to do something all you have to do is google, it's that simple. Don't know something? Google. Wondering how something is done? Google. (I personally use startpage.com but "google" is the universal verb for using a search engine). For example, SRP is easy, you just set up a configuration and forget about it (and, guess what, you can GOOGLE how to set up one). Anti-exes can be set to make the decisions for you etc.
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I agree. The people that need those tools the most are the ones that know how to use them the least.

    @Floyd 57
    Not everyone is a security enthusiast. I know people that can't forward an email to me unless I go to their house and start the process. Asking them to research Google for directions on advanced PC security issues is like asking the average driver to rebuild their own transmission. Most of these folks are grateful for any improved security measures a browser can give them. As am I for the one less phone call I get. Your points are valid for experienced computer users. The computer illiterate do not have the time or understanding to follow up. Their time is better spent doing things I cannot do.
     
  6. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    What you said is true, and I never said I'm against google doing that, maybe my wording made you think so. The users you used as example are literally the people who have never touched a computer or just recently started doing so, like an old grandma trying to check her news site, for those users it's likely it'll be someone else (usually a relative) that will be setuping up the computer for her to use. It's those users that I'm talking about, those who know how to use a computer at some level
     
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    No, I did not assume that you had anything against what Google is doing. Just the impression that your expectation of others was too general. Some folks need any feature like this they can get, and it will always be that way. I believe you were trying to inspire people to educate themselves, and that is good. It's just that I have relatives that all of the Google in the world will not help. :argh:
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Absolutely, most users know nothing about SRP, sandboxes and anti-executable security tools. They have been conditioned to understand that only antivirus solutions can protected them :rolleyes: I do like this initiative from Google, however.
     
  9. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    741
    Location:
    United States
    What does this have to do with an AV? It's a browser policy to prevent downloads in sandboxed iframes.
     
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    It seems like a good idea.
     
  11. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Because vast majority of people are using an AV
     
  12. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    741
    Location:
    United States
    Sorry, I missed the apparently obvious link between blocking malicious downloads in sandboxed iframes and your overall security preferences.
     
  13. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    280
  14. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    There is no link in reality, just in perception. But there are a lot of folks that still live in the 1990's world where Norton Antivirus is the savior of all things computing, and by using it you will be safe. Most of us help these folks on a regular basis, so I am sure that is why it was brought into the conversation.
     
  15. guest

    guest Guest

    Average joe needs everything to be built-in and immediately operational without needing to open the GUI.

    Reason i approve Win10 security concept despite disliking windows in general.

    Those able to set up properly SRP/anti-exe/sandboxes are the fact the one that don't need them, like me, we are just toying with sec apps.

    Those with skills and really worrying about security are on linux already.
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Respectfully, I disagree. I guess I don't worry about security, because I know how to utilize security tools in both Windows and Linux so that securing either one is easy. Besides, security in Linux is practically a non issue since it's still, to this day, virtually un-targeted by attackers, especially toward home users.
     
  17. guest

    guest Guest

    it is why i emphasized "really worrying" , Linux out of the box is more secured than windows, just the users compartmentalization with non-admin default account is better than silly Windows default admin account and UAC.

    then if we start tweaking the OS, it is another discussion.
     
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada

    :thumb: Agreed.
     
  19. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    Chromium and chrome have the option to ask each download, why not use it? :rolleyes:
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    But how does this work? I have never seen the browser downloading and executing software by itself? This normally only happens if some memory corruption exploit is being used.

    Don't forget that Chrome is already hardened by its own sandbox, that's why you almost never hear of remote code execution via exploits in browsers like Chrome, Vivaldi and Opera. Actually, even Firefox that's not based on Chromium is almost never being attacked anymore. Ad-blockers probably also play a big role, they simply block connections to malicious payloads.
     
  21. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    741
    Location:
    United States
  22. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
  23. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    You have clearly never worked in customer support. This just doesn't work. People don't Google, it's "too difficult", "I didn't features like that existed" and "I don't know what to search for"
     
  24. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Tell that to my 68yr mom and 77yr dad. And no, it's not that simple...smh
     
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.