This article is more than 1 year old

Google isn't saying Microsoft security sucks but Chrome for Windows has its own antivirus

ESET scanning engine now built in – plus other defenses

In its ongoing effort to improve browser security, school Microsoft on security, and retain its search audience, Google is today rolling out several Chrome for Windows fortifications.

The search biz has modded Chrome for Windows to detect when extensions switch people's Chrome settings, such as the default search engine, without authorization, a common tactic for deceptive software. The browser will now ask whether it can restore previous settings, which for the majority of Windows users will reestablish Google as Chrome's default search engine.

The operation can also be done by visiting a reset URL:

What's more, Google has enlisted security biz ESET to rebuild its Chrome Cleanup engine for removing deceptive code. In effect, the browser is getting built-in basic antivirus protection for your Windows computer.

"Our engine scans for and cleans potentially harmful applications, specifically the types that negatively impact or target the Chrome browsing experience," said Juraj Malcho, chief technology officer at ESET, in an email to The Register. "It is not meant to provide full coverage against all modern threats, its capabilities are limited to detecting specific malware families and/or specific ways of tampering with Chrome or operating system."

Chrome Cleanup began life in 2014 as Software Removal Tool, a sort of factory reset for Google's browser. Referred to as both Chrome Cleanup Tool and Chrome Cleanup, it has evolved into a way for Windows users to undo the damage from "unwanted software," the neutered term Google uses for malware.

"Unwanted software" emphasizes desirability, or lack thereof, rather than responsibility. The web giant takes a similar tack by referring to ad fraud as "invalid clicks." It also uses the defanged phrase "potentially harmful apps," or PHAs, in lieu of something stronger.

In its Android Security 2016 Year in Review report, Google said it employs the term "unwanted software" as "a way to deal with applications that are not strictly considered malware, but are generally harmful to the software ecosystem."

For what it's worth, Chrome, by default, automatically tries to stop software nasties from being accidentally downloaded onto a machine, by checking website URLs against lists of known dangerous and unsafe sites. If you surf to a website known for distributing malware, er, unwanted software, a big red warning will appear in the browser urging you to stop and go back the way you came.


Microsoft flips Google the bird after Windows kernel bug blurt


However, this kind of prevention isn't perfect, because new evil sites pop up all the time and may not be on the blacklist immediately, and so now Chrome has its own proper builtin antivirus for catching and removing particular types of malicious code, if that code manages to run on a machine.

And here's why Google opts for "unwanted software" rather than "malware." To avoid any arguments or court battles over accusations of wrongdoing, rather than label a dodgy application as "malware," Google opts for no-fault removals, without apology, blame or recompense. It's not removing illegal or deliberately malicious software from your computer, it's removing unwanted software.

Semantics aside, the tweaked Chrome Cleanup sports a revised interface for more clearly communicating what will be removed. It's also, Google insisted, capable of removing "more unwanted software than ever before," which isn't a particularly clear metric.

Malcho said ESET's engine doesn't monitor the system all the time, but instead runs scans periodically with a focus on remediation – restoring the settings to a known good state.

"The speed of the scan and minimal performance impact are crucial," Malcho said. "Hence only the most necessary parts of the scanning engine are included, resulting in a pretty tiny product. Also, only selected parts of OS are being scanned as compared to full a blown security solution."

Nonetheless, it's a useful expansion of Google initiatives like Safe Browsing to muck the stalls of the web. Google also stresses that it is not supposed to replace Windows Defender or whatever antivirus tools you have on your system. "Note this new sandboxed engine is not a general-purpose antivirus — it only removes software that doesn’t comply with our unwanted software policy," the ads giant said.

A Google spokesperson told The Register via email: "All Canary and Dev Chrome for Windows users should have the new Chrome Cleanup features. Those on Beta and Stable will receive later this week. These features are not tied to our regular Chrome release schedule and users with Chrome 61 and higher will receive the new features."

This comes after Google researchers have, over the years, pointed out various flaws in Microsoft's programming – from bugs in the Windows kernel to cockups in the operating system's bundled antivirus engine. ®

More about


Send us news

Other stories you might like