Chrome Browser to Better Explain Why It Blocked a File Download

Google's Chrome browser is also being updated to scan encrypted archives for malware by sending the data first to the company for inspection.

Are you wondering why the Chrome browser flagged a downloaded file as malicious? Google says it plans to better explain why downloads have been blocked.

Last year, Google redesigned Chrome's download experience to add extra room for warnings about malicious downloads. The company is now taking advantage of that extra space to "convey more nuance about the nature of the danger" to help users take the right action.

The browser will break down warning messages into two tiers: suspicious downloads that pose an unknown risk to the user and dangerous downloads for when Google has high confidence the file poses a threat to your computer.

(Credit: Google)
 

In one example, a Chrome warning says: “This file is deceptive and may make unexpected changes to your device."

“These two tiers of warnings are distinguished by iconography, color, and text to make it easy for users to quickly and confidently make the best choice for themselves based on the nature of the danger,” the company says.

According to Google’s tests, the changes have resulted “in significant changes in user behavior, including fewer warnings bypassed, warnings heeded more quickly, and all in all, better protection from malicious downloads.”

The warning system leverages Google’s Safe Browsing service, which scans files and downloads for malware. By default, Chrome users are set to the “Standard protection” tier. But a user can also toggle Safe Browsing to the highest protection by opting into the “Enhanced protection” tier, which scans downloads and potentially dangerous sites in real-time, although the data has to be sent to Google servers for inspection.

(Credit: Google)

Previously, the company would prompt users to send suspicious files or links to Google’s Safe Browsing for deep scanning before opening.

But in a Wednesday blog post, the company noted: “We recently moved towards automatic deep scans for these users rather than prompting each time. This will protect users from risky downloads while reducing user friction.”

The other change is that Google is expanding the malware scans to encrypted archives, which require a password to open. Hackers often use these encrypted archives, such as .zip or .rar files, to hide their malware from antivirus scans. The attack will only be unleashed once the unsuspecting user opens the archive and runs the program or file inside.

(Credit: Google)

In response, Google says the Enhanced protection tier for Chrome “will now prompt the user to enter the file's password and send it along with the file to Safe Browsing so that the file can be opened and a deep scan may be performed.”

“Uploaded files and file passwords are deleted a short time after they're scanned, and all collected data is only used by Safe Browsing to provide better download protections,” the company adds.

For users on the “Standard protection” tier, Chrome will also trigger a prompt to enter the downloaded archive’s password. But in this case, the archive file and the password won’t be sent to Google. Instead, “both the file and the password stay on the local device, and only the metadata of the archive contents are checked with Safe Browsing,” the company says. “As such, in this mode, users are still protected as long as Safe Browsing had previously seen and categorized the malware.”

On the desktop, users can configure their Safe Browsing protections by clicking the three-dot icon in the upper-right corner and navigating to Settings > Privacy and security > Security.

Source