Google Chrome's malware protection

Discussion in 'other software & services' started by The Seeker, Aug 19, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    m00n,

    https://wiki.mozilla.org/Electrolysis

    Enjoy :D

    EDIT:

    Note that at the moment they're only looking to improve performance and stability. The security applications such as protected mode and sandboxing are only looked at as "possible future iterations."
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Thank you for the link. At least they are considering it. It's better than nothing. Hopefully, they will implement it, and when ready, provide it to their users. One can only wish. :thumb:
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Yes. But it'll be a while before we see it. Chrome's had it since day one... Firefox now has to rewrite how the entire program works without rewriting the entire program. Expect lots of bugs.

    Sandboxing also isn't a silver-bullet, it may or may not be as effective as Chrome and Adobe's sandboxes.

    Though, perhaps we're starting to see the end of exploits as we know it?

    Chrome has a single vulnerability (not in the wild) that uses Flash and Adobe's Sandbox (in Reader) has none.
    http://www.youtube.com/watch?v=8LyqXRLu3qI&feature=player_embedded
     
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I'd say that users should watch out for extensions. Extensions seem like a weak link to me. A browser may be secure, but if an extension is vulnerable, you're in the soup. Every added extension theoretically increases the attack surface.

    In the Cracking Open Chrome article posted a couple of weeks ago, researchers stole data from LastPass when they took over a different extension and then used it to open new tabs. This gave them the ability to see the password info inserted by LastPass. It's info like this that causes me to be uncomfortable with the vetting Chrome does on its extensions.
     
  5. allizomeniz

    allizomeniz Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    943
    Hi The Seeker. Did you get that message from downloading a web page or a file? From your picture, there doesn't seem to be a way to get more information. Is there more we can't see? Were you able to find out exactly what Chrome was blocking and did you look it up to see if it's a false positive or what?
     
  6. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Hypothetical here... let's say I pasted the same zero day link in Chrome 13, but my AV jumped on it instead. In this purely hypothetical scenario, might one conclude that Chrome had missed its chance at it, and so the AV took over? Or to put it another way, in the process described by The Seeker, doesn't browser security get its chance at malware before any resident AV?

    Just wondering. :)
     
  7. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    If you have the time, it would be nice to have the relevant link. NSS?
     
    Last edited: Aug 20, 2011
  8. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    The identification of Malware, Spyware and Virus`s etc. is not an exact science. No two security programs have the same criteria and blacklists for crucifying a piece of data.

    1+1= 2 ! Not on your Nelly as far as identification of infections go. More like 1+1= 1.5-2.5, where some innocent items are branded as hostile and some hostile items are branded as innocent.

    I see no virtue in discussing a thread that simply makes allegations against Firefox without providing evidence. Convict a suspect without a fair trial ? Not in my book.

    Nobody is asking the OP to generate an epidemic of infections by placing a bug into all our systems. What I suggested, is that he should tell us precisely where to go, tell us precisely what to get and leave the shopping to us.

    I will be more than happy to invite this Chromatized "bug" into my Firefox parlour, then if my real time security programs, Firefox, Sandboxie, AVG 2011 plus other bits and bobs do not pick it up, then I will place this suspect item on my desktop with the greatest of confidence.

    Then, I will scan this Googlised threat with AVG 2011, HMP, MBAM and Emsisoft AM. If I find no Big Bad Wolf then it will justify everything bad I have said about Chrome and thank God I am more intellectual than others in placing my faith and confidence in Firefox. If I find a positively identified bug, then I will have the greatest pleasure in issuing a public apology on behalf of my comments about Google`s elementary Chrome.

    BUT, I do not think that apology has a chance in hell of arising.

    Discussion on some third party allegation against Firefox without providing a scrap of evidence is an idiotic nonsense and makes this entire thread nothing but an argument about speculation and verbally tarnishes a highly reputable company on simply gossip.

    Whatever you may reply to this note, be my guest and enjoy yourselves immensely, because I am OUT ! The entire unsubstantiated allegation made in this thread about Firefox`s accused "deficiency" is not worthwhile discussing. A person is not a criminal just because somebody says so. THAT is circumstantial evidence and as such is simply not credible. We are all guilty of seeing things that are not tangible.

    John
     
    Last edited: Aug 20, 2011
  9. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    A file. It wasn't a false positive, 'twas a trojan which Panda promptly deleted.
     
  10. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    The wording strikes me as odd. Why ask if we wish to "keep" the file if it hasn't even been downloaded?

    In edit: there's some subtlety involved. They decided on "keep" over "save" if this is anything to go by since the file may be actually already downloaded (if I read it right and the link is from before Chrome 12) but with a temporary name until the user confirms keeping or discarding.
     
    Last edited: Aug 20, 2011
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Do you just not know how antiviruses work? They all have separate blacklists -- Chrome has one of its own... the same blacklist that Firefox uses. Some AV's miss something and others will catch it.

    And Firefox takes no measures to protect users from exploits. Chrome does. Chrome is objectively more secure. You can read about it.
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543

    https://www.wilderssecurity.com/showpost.php?p=1922414&postcount=31... How soon you change opinions.


    @HungryMan: I don't see "exploits as we know it" ending anytime soon. As Page42 pointed out, extensions can help do just as much damage. Chrome's sandbox didn't have to be broken for the LastPass attack to work. Also, in regards to sandboxes, you're right, they aren't silver bullets. Hackers know about them too, and you can be sure they won't just give in. Everything has flaws, and eventually, all of them get found and exploited. Next month, next year, it'll happen.

    That's not to say we should "pooh pooh" the tech, it certainly has improved the situation. And, the more vendors that use it, the better off we are in the short run, even if the giddiness doesn't last forever.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I'm not saying that exploits are over. I'm saying that they're ending. You're 4x more likely to run into a malicious file than an exploit and I would bet money that we're going to see exploits become even rarer and more and more malware aimed at social engineering.
     
  14. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Social engineering is most certainly the hot thing, has been for a while. However, it's much easier to become smarter about not clicking random things, not putting faith in emails that just happen to show up, asking you for personal information, and so on. What's not easy is not being in control of holes in the software on your system (we're talking your average user here, we can leave out all the talk of default-deny and all that). Instead of tricking you into something, I can just slip a zero day into an otherwise very innocent file/program, and nail you.

    Now, you know me and my stance on zero days, it's very much over-hyped. However, they do exist, no matter what, and no matter what, traditional security is still playing catch up. The bad news of it all is that traditional security is what is installed on over 90% of home machines. Browsers and software of all kinds will remain exploitable, as long as we fallible humans create them. And, as always, there is no shortage of folks that will take advantage of that.
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    The user doesn't have to be in charge of that. Programs are making huge advances. Same with operating systems. You combine sandboxing with other security methods and you end up with a system that's just not worth attacking, you're better off trying to trick the user.

    0-days aren't a huge deal when you think about it. When you have such layers of security it doesn't matter if one layer is broken.

    Take Chrome. Yes, the program itself has tons of vulnerabilities. They get patches and ASLR/DEP and whatever but there are still 0days. It's the sandbox that protects you even from 0days unless there's ALSO a 0day for the sandbox.

    There's just going to be a point where it stops being cheaper to exploit software and starts being cheaper to trick users. I think we're getting there fast.
     
  16. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Certain programs are making advances. For every Adobe X, there are several Foxit's, you know what I mean? Just because most of the major browser players have stepped up their game, and just because the mother of all things exploitable, Adobe, sandboxed their PDF reader, doesn't mean the media players and other software of the world have too.

    While we're on Chrome, well, by your statement, one could think that Chrome isn't the hot stuff it's claimed to be, right? After all, it's one sandbox away from being just another exploitable browser. Bust that sandbox (and mark my words, it'll happen), and the jig is up. You speak of other security methods, but realize you can't include that when talking about the rise/decline of exploits. Well, not if your "other security methods" include HIPS, behavior blockers and such things. Fact is, that 90% of users I spoke of have no such things. So, that still leaves them out of control of holes, which of course leads to problems.

    I believe we should stop relying on "other security methods", and demand more from our OS vendors. Windows 7, Linux, both are good examples of the direction things need to go (Windows, by the way, should come with all of these tools, regardless of their version. It is simply irresponsible of MS to deny access to security tools based on the version of Windows installed). A user should not have to default deny their system, nor install Comodo or some such crap that just gets in the way. Websites should also have more responsibility in taking care of their own security, and users need far, far more education rather than "stay away from P2P and pr0n" (which, funnily enough, are two areas not as problematic).
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I'm not saying that all software is secure. I'm saying that we're seeing more and more software becoming secure.

    Imagine if every major program (especially internet facing programs) started seriously taking security into account. They stopped JUST patching their software and started looking at ways to make the program itself more secure via sandboxing/ jails and running at low integrity etc.

    At that point I'd say that exploits would start dying out/ not being taken advantage of and malware creators/ hackers would move to social engineering.

    The sandbox may be their strongest layer but it's not the only one. There's still the protected mode and the limited API. And there's also the constant patches provided by the open source community. And Chrome's sandbox has already been broken once via flash.

    I agree. Security needs to start from the OS.
     
  18. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Absolutely precisely put.
    So we have a hotchpot of different blacklists and opinions floating about and nobody knows who the hell is right or wrong.

    Then we all argue about the merits of one program against another - it is no more than a joke.

    Marvelous !
    John

    PS - If Chrome`s blacklist is the same as Firefox, how on Earth can Chrome pick up a bug and Firefox not ? It is getting ridiculous.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    The reason that we have different blacklists has virtually nothing to do with people having different opinions as to what is or is not malware. It has everything to do with there being FAR too much malware for everyone to blacklist.

    It's not that one company says "Well this one could be legit, I'll pass on blacklisting" it's just that they haven't seen it yet so they haven't added it. That's why people always say to layer security.

    Chrome's download blacklist is separate but their Safe Browsing one is the same.
     
  20. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Hello Hungry,

    Expertly put !

    I guess that is life, everybody has an opinion and hence we have a conglomeration of different ideas as to what is good and what is bad. Who is to say what is more reflective of real events - NOBODY is ?

    Swimming against the tide means either you stand still or go backwards.

    Quite frankly, the whole Chrome/Firefox thing being hammered out in this thread is a waste of time, our AV and other security programs sort it all out, so who cares what a browser does ?

    I do not give a toss about browser security, my security is in the hands of more professional programs. I am only taking part in this browser discussion as an interesting joyride.

    John
     
  21. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    Can anyone provide a source for the statement?
     
  22. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    I started this thread to show a cool feature I didn't know Chrome had; it certainly has evolved into an interesting discussion. Cheers guys! (Testing Firefox 7.0 Beta now by the way.)
     
  23. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    You did well raising this thread, 47 replies is not bad going for a simple comment.

    But, you must realise just like I do that any slight suggestion that one browser is better than another, breaks out into a no holds barred free-for all. It is akin to saying that one religion is rubbish compared to some other. Browsers are not just Browsers, they are sacred cows to their users, who vow to defend them until death do us part. It is a "Heads I win, Tails you lose" job.

    Anyhow, it all makes for good fun and bruises all round eh ? It is the way we all get to know each other. And may I add, it provides material for superb discussion.

    John
     
    Last edited: Aug 21, 2011
  24. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    I hope no one thought I was saying Chrome is better than Firefox, I know better than to make such a claim. I was simply pointing out something neat that Chrome did.

    I use and like both Chrome and Firefox. In fact, I've been using both since their inception (Phoenix and onwards for the latter) as both have their strengths and weaknesses. It just happens in this case, Chrome surprised me so I figured I'd share with the Wilders community.

    As you say though, makes for good fun, which is why Wilders is my favourite forum.
     
  25. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Not wishing to dominate this thread, I show the post reply to my question regarding Firefox security that I raised on the Mozilla Forum. Seems to be rather conclusive, especially the Firefox automatic invoking of my AV to scan downloads before acceptance.

    John

    Mozilla reply post.JPG
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.