Google Chrome Plans To Block AV Module Process Injection

Discussion in 'other security issues & news' started by WildByDesign, May 18, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    From that same page:
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,869
    Location:
    The Netherlands
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,052
    Yes, as long as the banking trojan is not Microsoft signed... :)
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    98
    Location:
    Some country in the European Union
    It is also interesting for me.

    I don't think so. Fine grained in-app privilege-separation (which means programmers/developers need to use several system-level processes for different purposes) can better restrict app than outside approach.
     
  5. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    910
    I don't know all the implications of this, but it sounds good. Better isolation of browser and operating system.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,869
    Location:
    The Netherlands
    What I basically meant is that the end-goal which is to run malware will be successfully stopped by Sandboxie 99% of the time. That doesn't mean that browser security isn't important, it's still necessary to code browsers in a way that remote code execution is hard to achieve.

    If it will be using the same method as Edge, it's apparently not good enough to block banking trojans:

    http://www.sekoia.fr/blog/microsoft-edge-binary-injection-mitigation-overview/
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,052
    I think they are aware of it and doing it in a different way or are implementing additional checks. We'll see :)
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,417
    Location:
    Ontario, Canada
    From a Webroot point of view:

    "Rather than accept injected code, Chrome will require applications to use either Native Messaging API calls or Chrome extensions to add functionality to the browser. Google believes both methods can be used to retain features without having to risk browser crashes." http://www.theregister.co.uk/2017/11/30/google_chrome_antivirus_shutout/

    And from a Webroot Web Shield Developer: https://community.webroot.com/t5/Se...-meddling-Windows-antivirus/m-p/307923#M39018

    "On first read, Google Chrome folks want people to use extensions and comply with their standards - which is what we do with our stuff.

    We'll keep on an eye on what they are requiring for sure.

    Jonathan"
     
  9. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    52
    January 2019? I was hoping it would be sooner :(
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,869
    Location:
    The Netherlands
    Interesting stuff, so Google thinks that it will be able to offer the same protection methods via Native Messaging API calls or Chrome extensions? I highly doubt this, especially when it comes to anti-exploit tools.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,947
    Location:
    Outer space
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,869
    Location:
    The Netherlands
Loading...