In our last year’s effort, we rolled out an enhanced Chrome downloads experience on desktop, streamlining interactions for users with their ongoing downloads. When discussing our conversation on the topic, we explored how the additional features of the newly designed Chrome download experience – including the extra house and versatile UI – will enable us to provide customers with enhanced opportunities for verifying the security of their downloads.
The revamped Chrome download feature enables us to provide significantly more context when Chrome safeguards users from a malicious or potentially unwanted download. Within the revamped New Downloads interface, we’ve upgraded our warning messaging to provide more granular, informative alerts that accurately convey the risks involved, empowering users to make more informed decisions about their online interactions.
We further enhanced the understandability of obtain warnings by developing a two-tiered obtain warning classification framework informed by AI-driven malware assessments from reputable sources. These are:
- Suspicious information emerges, eroding consumer trust and hinting at potential harm to unsuspecting buyers.
- Excessive confidence in products’ performance and safety can lead to devastating consequences for consumers.
Two tiers of warnings are differentiated through distinct iconography, colour schemes, and textual information, allowing customers to quickly and confidently select the most suitable option based on the nature of the risk and Protective Looking’s level of certainty. Overall, these improvements to readability and consistency have led to significant changes in consumer behavior, including fewer warnings ignored, warnings responded to more swiftly, and ultimately, enhanced protection against harmful downloads.
Customers who have elected to enable the Protected Mode feature in Chrome receive a prompt to send the suspicious file’s contents to Protected Mode for thorough scanning before allowing access to the file. While suspicious files account for a tiny percentage of overall downloads, the primary focus remains on ensuring the integrity of the contents through rigorous scanning processes, which are promptly removed once a conclusive assessment is made.
Our analysis reveals that the additional scans have yielded a substantial financial payoff, enabling us to detect previously unknown malware strains and eliminate harmful content hosted on newly emerged websites. However,
As Enhanced Safety subscribers are aware of the requirement to transmit a limited percentage of their downloads to Protected Looking for enhanced security features, we have recently transitioned to automated deep scanning for these customers, eliminating the need for manual prompts each time. This technology can effectively protect customers from risky downloads, thereby reducing consumer friction.
While some deep scans may not be performed mechanically, Malware distributors have adopted a prevailing tactic of bundling malicious software within an encrypted archive, typically utilizing formats like .zip, .7z, or .rar, secured with a password that conceals file contents from scrutiny by both Protected Looking and various antivirus scanning tools. To combat evasion tactics, we’ve introduced two safety features that leverage the user’s choice of Protected Browsing mode in Chrome.
Attackers often default to using weak passwords for encrypted archives, frequently drawing inspiration from the original download location on a webpage or mirroring the filename used during the download process. To ensure enhanced safety for our valued customers, any suspicious encrypted archive downloaded will prompt an instant request for the file’s password, which must then be submitted along with the file to our dedicated Protected Viewing service, allowing for a thorough and secure deep scan upon opening. Uploaded data and file passwords are promptly deleted shortly after scanning, with the gathered information being minimally utilized in an effort to provide enhanced obtain security.
While most users employ Normal Safety mode as the default setting in Chrome, we still wanted to provide a certain level of protection. When operating in Normal Safety mode, attempting to download a suspicious encrypted archive can trigger an instant request to enter the file’s password; yet, in this scenario, both the file and its corresponding password remain resident on the local system, while only the metadata of the archive contents are scrutinized through Protected Looking. Since customers are covered in this scenario as long as Malwarebytes has already identified and flagged the malware.
The Chrome Security team collaborates closely with Safe Browsing, a Google-led initiative, as well as global safety researchers to gain valuable insights into the tactics employed by attackers. By leveraging these findings, we consistently refine our product approach to stay ahead of potential threats and safeguard customer data while they download content in Chrome. We’re excited to share more with you in the future.
