Google Chrome security warnings – now in plain English

Discussion in 'other security issues & news' started by Minimalist, Jul 15, 2014.

Thread Status:
Not open for further replies.
  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    http://www.welivesecurity.com/2014/07/15/google-chrome-security/
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    http://threatpost.com/google-set-to-change-malware-phishing-warnings-following-study
     
  3. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    Interesting article @hqsec , as i recall google bought VirusTotal, currently or in the future is it serving the purpose to help chrome users avoid malware or phishing sites as part of chromes security strategy?
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    I don't know if or how Google is using scan results from Virtustotal. I guess there could be problems with false positives with that many AV engines being used. Results from VT might be useful as additional info or help when detecting malware but IMO each positive result must be double-checked for possible FPs.
     
  5. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    Hmm, i would love to know. What other reason would be for them to buy VirusTotal. False positives could be a problem, but given the range of AV vendors in VirusTotal , the probabiltiy of false positives may be minimized. How would it be any different for a user to see " Attackers on might try to trick you to steal your information, for instance, passwords, messages or credit cards". "Try" suggests may or may not. Its bit of a stab in the dark either way. None the less, its great to see Chrome is still addressing security, even more so with the 64 bit version. regards.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Yes I agree. There are some AV vendors that are more prone to FPs and others who have FPs really rarely. Maybe they could take that into account.
    About warning I see some improvement but as you said "try" is not best word. It would be better to write something like: "If you will visit this site they will steal all your money, all your passwords, destroy your computer and burn down your house." That might put some of them off. If they still decide to visit that site they would have to confirm 3 additional questions, each describing worse consequences.
     
  7. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    Yes exactly. I would also be fantastic that if a user "proceeds anyway" that Chrome will;

    • Disables downloading of all files
    • Disables all java scripts and the like in the browser
    • Disallows saving of cookies of all sorts from storing themselves in the host PC
    • Change browser headers and hides user IP
    Im sure there is more they could do. Wishful thinking i suppose.

    regards.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    @TS4H You have some nice ideas. Though I doubt we will ever get Chrome so secure.

    P.S.: do you know how far is 64 bit version? I'v read that it will employ some additional security measures.
     
  9. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    Thanks, yeah thankfully Chrome is pretty secure out of the box.

    Currently i believe its still in Canary build so it will still be a couple of months away. I think they are aiming for Chrome version 37.

    As for a benchmark in performance between 32 and 64 see; http://www.thetechforum.co.uk/index.php?topic=3335.0 keep in mind its still in Canary build.

    Chrome will take advantages of OS features such as High Entropy ASLR in windows 8 see; http://blogs.technet.com/b/srd/arch...itigating-common-exploitation-techniques.aspx

    It should protect against exploitation such as JIT spraying, and improve the effectiveness of existing security defense features like heap partitioning. Windows 7 should get some security features too as it also has the potential for OS level mitigation although there is really not a great deal of info right now. Im sure we will know more once it has hit the beta channel.

    regards
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Thank you for all info. I'm glad that they decided to include some additional anti-exploit techniques.
     
  11. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    No problem.

    Yeah absolutely, should make the whole sandbox of chrome, and future versions of Chrome OS much more secure.

    regards.
     
Loading...
Thread Status:
Not open for further replies.