Security

Google isn't saying Microsoft security sucks but Chrome for Windows has its own antivirus

ESET scanning engine now built in – plus other defenses

By Thomas Claburn in San Francisco

66 SHARE

In its ongoing effort to improve browser security, school Microsoft on security, and retain its search audience, Google is today rolling out several Chrome for Windows fortifications.

The search biz has modded Chrome for Windows to detect when extensions switch people's Chrome settings, such as the default search engine, without authorization, a common tactic for deceptive software. The browser will now ask whether it can restore previous settings, which for the majority of Windows users will reestablish Google as Chrome's default search engine.

The operation can also be done by visiting a reset URL:
chrome://settings/resetProfileSettings

What's more, Google has enlisted security biz ESET to rebuild its Chrome Cleanup engine for removing deceptive code. In effect, the browser is getting built-in basic antivirus protection for your Windows computer.

"Our engine scans for and cleans potentially harmful applications, specifically the types that negatively impact or target the Chrome browsing experience," said Juraj Malcho, chief technology officer at ESET, in an email to The Register. "It is not meant to provide full coverage against all modern threats, its capabilities are limited to detecting specific malware families and/or specific ways of tampering with Chrome or operating system."

Chrome Cleanup began life in 2014 as Software Removal Tool, a sort of factory reset for Google's browser. Referred to as both Chrome Cleanup Tool and Chrome Cleanup, it has evolved into a way for Windows users to undo the damage from "unwanted software," the neutered term Google uses for malware.

"Unwanted software" emphasizes desirability, or lack thereof, rather than responsibility. The web giant takes a similar tack by referring to ad fraud as "invalid clicks." It also uses the defanged phrase "potentially harmful apps," or PHAs, in lieu of something stronger.

In its Android Security 2016 Year in Review report, Google said it employs the term "unwanted software" as "a way to deal with applications that are not strictly considered malware, but are generally harmful to the software ecosystem."

For what it's worth, Chrome, by default, automatically tries to stop software nasties from being accidentally downloaded onto a machine, by checking website URLs against lists of known dangerous and unsafe sites. If you surf to a website known for distributing malware, er, unwanted software, a big red warning will appear in the browser urging you to stop and go back the way you came.

Microsoft flips Google the bird after Windows kernel bug blurt

READ MORE

However, this kind of prevention isn't perfect, because new evil sites pop up all the time and may not be on the blacklist immediately, and so now Chrome has its own proper builtin antivirus for catching and removing particular types of malicious code, if that code manages to run on a machine.

And here's why Google opts for "unwanted software" rather than "malware." To avoid any arguments or court battles over accusations of wrongdoing, rather than label a dodgy application as "malware," Google opts for no-fault removals, without apology, blame or recompense. It's not removing illegal or deliberately malicious software from your computer, it's removing unwanted software.

Semantics aside, the tweaked Chrome Cleanup sports a revised interface for more clearly communicating what will be removed. It's also, Google insisted, capable of removing "more unwanted software than ever before," which isn't a particularly clear metric.

Malcho said ESET's engine doesn't monitor the system all the time, but instead runs scans periodically with a focus on remediation – restoring the settings to a known good state.

"The speed of the scan and minimal performance impact are crucial," Malcho said. "Hence only the most necessary parts of the scanning engine are included, resulting in a pretty tiny product. Also, only selected parts of OS are being scanned as compared to full a blown security solution."

Nonetheless, it's a useful expansion of Google initiatives like Safe Browsing to muck the stalls of the web. Google also stresses that it is not supposed to replace Windows Defender or whatever antivirus tools you have on your system. "Note this new sandboxed engine is not a general-purpose antivirus — it only removes software that doesn’t comply with our unwanted software policy," the ads giant said.

A Google spokesperson told The Register via email: "All Canary and Dev Chrome for Windows users should have the new Chrome Cleanup features. Those on Beta and Stable will receive later this week. These features are not tied to our regular Chrome release schedule and users with Chrome 61 and higher will receive the new features."

This comes after Google researchers have, over the years, pointed out various flaws in Microsoft's programming – from bugs in the Windows kernel to cockups in the operating system's bundled antivirus engine. ®

Sign up to our NewsletterGet IT in your inbox daily

66 Comments

More from The Register

Neil Young slams Google, after you log in to read his rant with Google or Facebook

Heart Of Gold meets Piece Of Crap

Ex-Intel exec Diane Bryant exits Google cloud

Could Chipzilla replace Brian with a Bryant?

Google cuts price of cloudy interconnects from partners

If you can't get to a POP yourself, this plan's for you

Google kills AdWords!

LOGOWATCH Don’t pop the champagne – it’s just a rebrand with some AI pixie dust

Google Cloud CEO admits: Yeah, we wanted GitHub too. Whatevs

'I really hope Microsoft can keep them totally neutral.' Haha

Google-free Android kit tipped to sell buckets

China, you see, has its own chocolate factories

Google freezes Android P: Get your shoes on, tire-kicking devs

Final 'droid P APIs, latest system images

Google offers to leave robocallers hanging on the telephone

♫ If you don't answer, I'll just ring it off the wall ♫

Scammers use Google Maps to skirt link-shortener crackdown

Chocolate Factory's map service cuts commute times, URL lengths

Aussie bloke wins right to sue Google over 'underworld' images

Suit will also tackle biz over 'is a former hitman' autofill howler