Chrome has a malware problem, and Google needs to fix it

Discussion in 'other software & services' started by Daveski17, Oct 9, 2014.

  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
  2. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    225
    Location:
    United States
    I suppose it's only as safe as you make it. I use HTTPswitchboard and Ublock with HTTPS everywhere, but I know people that literally have 10+ non security tools installed on their browser, so I suppose if you set yourself up with that many at bats, you're odds of getting a hit are greater. I've never been too trustworthy of extensions like youtube and photo grabbers and what not, then again I really have no use for them so I'm good.
     
  3. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    It could be that its own success and popularity have made it a target. I've even spoken to someone on the Ubuntu forums who got a Chrome infection running Linux! I personally know a couple of people who have fallen foul of some form of Chrome browserjacking and adware. Let alone people I know in cyberspace. I agree it may be dodgy extensions that are often responsible, but this is a worrying development.
     
  4. guest

    guest Guest

    The fact is Google's extension publishing policy is crappy. Despite my distaste for Mozilla, AMO has a better approach.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Also what O/S are they running Chrome on? That will have a bearing on secure it is, too. The problem, however, seems to be more extension-related than the security of the browser itself. Installing goofy extensions is just an invitation for malware.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    If they're dumb enough to install anything that's offered, nothing is secure.
     
  7. guest

    guest Guest

    And if the used to be clean extension turns evil?
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Stick with the "big names" and you'll be fine.
     
  9. guest

    guest Guest

    Big names as in... what? The most popular?

     
  10. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Link?
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Ad Block, httpsb (trusted), https everywhere, Lastpass. I never heard of Hover Zoom, so I don't consider it big name (trusted, well known). Beside, with Linux I Apparmor restrictions into all my extensions to allow them only what they were designed and expected to do.
     
  12. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I'll try and find it. You're a member of the Ubuntu forums though aren't you, didn't you respond to the same post IIRC?

    EDIT: It was on 'New to Ubuntu' a few days ago, if I remember the poster wasn't able at first to screenshot the problem. I can't see it now and it's probably been moved as it was resolved. I think he created a new profile in Chrome which effectively deleted the adware/malware in the old one.

    http://ubuntuforums.org/forumdisplay.php?f=326
     
    Last edited: Oct 10, 2014
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  14. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    'Extensions are synced to your Google account, which means that even wiping out a computer and reinstalling the OS will not remove the malware—signing-in to Chrome will just download it again.' ~ op cit :eek:
     
  15. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Agree... and the same counts for crapware.
     
  16. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    This: http://ubuntuforums.org/showthread.php?t=2245962 ?
     
  17. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
  18. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    746
    Location:
    Canada
    Let's not exaggerate, I am no big name, and don't plan to. Just a hobby, coding is fun.

    I did receive offers to monetize uBlock. I have no interest in monetizing anything, I did not return answer. Anyways the project is set-up to be monetizing foolproof: GPL, easily forkable on github, etc.
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Yeah but you're trusted and that's no exaggeration. You've been around long enough and I can make the confident determination from reading your posts in these forums that you can be trusted, in my books at least.

    And as I alluded to earlier, I take matters into my own hands to a degree by enforcing the extensions in allowing them only what they're intended and expected to do as far as behavior goes.
     
  20. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    225
    Location:
    United States
    Don't sell yourself short, if more people knew how to take care of their PC's your extensions would be big names, but since most people care more about youtube grabbers and facebook extensions there not 'mainstream' which is too bad for those people. We here at wilders appreciate your efforts and indeed consider them 'big names' and I wouldn't have my chrome without them
     
  21. Countryboy15

    Countryboy15 Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    82

    Perhaps the point Gorhill is making is do not place unquestioned trust in any vendor or extension author. I trust Gorhill enough to run uBlock, but I have no idea what Gorhill may decide to do a year from now. I also agree with Graf that Mozilla watches extensions far better in most cases.
     
  22. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    746
    Location:
    Canada
    I must add that Opera also systematically review extensions. They go through all the code.
     
  23. Countryboy15

    Countryboy15 Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    82
    I just do not understand why Google is rather, well, lazy about it. They spent a lot of time securing their browser what with all the sandboxing and such, but they just let extension makers do whatever they like. It just seems like a contradiction to me.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Yes good point, all browser makers should be serious about extension screening. I personally try to use as less extensions as possible, I use 3 in Opera and 5 in Firefox.
     
  25. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Does anyone here get the impression the rogue extensions are likely, although not necessarily limited to, the social or gimmicky, "cutsie" kind?
     
Loading...