Google Chrome browser Contains Malware

[playdayz]

This is an excerpt that I thought some of you might find amusing. Clever title, eh? This is the outcome of what I started back during Lucid. Most people here are beyond this, but the goal is maximum privacy protection consistent with unimpaired usability--and no geek stuff required.

You should know that the Google Chrome browser contains malware that attempts to trick you into letting it remove Adblock Plus without telling you what it is doing. It does not identify what it is looking for, what it has found, or what it has removed. It uses deception to manipulate you into removing a program that you have intentionally installed because you wanted it there to protect your computer security and privacy, so that the perpetrators might somehow benefit. If that is not malware I don’t know what is. In this case you have installed the program to protect yourself from the invasion of your privacy by Google, and the malware perpetrators, yes, that would also be Google, have suckered you into removing it so that they might track you more effectively and make more money for their advertising. I wonder why they don’t tell you what they are doing? Oh, look, Adblock Plus is gone!

If it looks like a duck, walks like a duck, quacks like a duck...then it is malware!

The whole article is available at http://longtimethinking.com/privacy/ That's my blog: No Spying. No Tracking. No Ads. Privacy is a priority. Long Time Thinking does not collect any information on you, does not track your movements on the web, does not give or sell any information about you to anyone, and does not display any ads.

[disciple]

I thought it was a separate tool that you download only on Windows if you are having a problem?

[bark_bark_bark]

Debian users were getting their conversations recorded with the most recent Chromium update.

[James C]

http://www.theregister.co.uk/2015/06/17 ... ium_hubbub

The Debian Project thinks it's fixed an issue where Google's Chromium web browser snuck proprietary code into the fiercely Free Software oriented Debian Linux distro. That hasn't stopped Debian users from wondering how the issue got past project maintainers in the first place.

Debian user Yoshihito Yoshino first raised the red flag on the project's bug report mailing list in May, after noticing suspicious network activity from Chromium 43, the most recent stable release of the open source version of the Chrome browser.

"After upgrading chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading 'Chrome Hotword Shared Module' extension, which contains a binary without source code," Yoshino wrote. "There seems no opt-out config."

Even worse for some users was the nature of the proprietary code that Chromium downloaded. It was reportedly a library that supported Google's "OK Google" voice recognition feature, which some security researchers have pointed out is a potential open door for invasion of privacy.

"The fact that Audio Capture Allowed is set to yes, and that both the extension and the shared module are marked as 'enabled' are definitely bothering me," wrote Debian bug forum participant Yves-Alexis Perez.

Other commenters went on to say that removing the browser extension that relies on the Hotword Shared Module was difficult, and that other bug reports suggest that even disabling it in the browser's settings might not keep it from running.

[playdayz]

I thought it was a separate tool that you download only on Windows if you are having a problem?

I may be wrong about this next sentence. See below. In the latest version of Chrome disciple, it was built in and just popped up. I was astounded. It never said what it was doing--if you told it to go ahead, it just removed Adblock Plus and never said what it had removed. Surely they will sucker a lot of people with what I regard as a malware technique. I grabbed screenshots during the whole process. I won't have enough time to shrink the photos for this forum for a while but others should be able to confirm. Install Chrome, install Adblock Plus in Chrome, and see what happens. It doesn't necessarily come up every time. And this was all in windows 7.

In a related matter, Facebook is also warring on Adblock. People who manage a "business" page like my non-profit blog page, will see a message that FB advertising will not work correctly with Adblock installed. Well, duh, but they are implying that *I* should disable it in managing the page (or else my posts won't spread?). Regular personal users probably don't see this. But anyone who manages a page, just click Boost Post or Create Ad with ABP installed and you will see it. Then cancel;-) that's facebook.com/longtimethinking. Way to avoid fb altogether is to subscribe to receive blog by email.

[playdayz]

disciple, You may be right. I am rechecking. Certainly you are right about how it used to be. My daughter may have downloaded the Software Removal Tool without me knowing. It is supposed to delete itself after use, but maybe she never used it. It popped up on me twice, but maybe that is because I didn't let it do it's thing the first time.

You probably saved me some embarrassment, but that's why we test, eh? Thanks.

It certainly does remove Adblock Plus without warning though.

[mikeb]

Blocking facebook at the router stops all their junk easily...works for google ads too. Surprising how widespread the former is ...the many faces of microsoft eh

mike

[playdayz]

Blocking facebook at the router stops all their junk easily...works for google ads too. Surprising how widespread the former is ...the many faces of microsoft eh

mike

What do you use to do that mikeb?

In a sense I am trying to perform a balancing act: I think it says "maximum privacy protection consistent with unimpaired usability." It is just my experience and belief that most, let's say, naive users, will not take any actions that are complicated to them or that require any constant intervention on their part, or that make their browsing experience less "smooth." Yes, most of them are windows and Mac users--it's a greatest good for the greatest number kind of thing--but all of my suggestions will apply to Linux. This is just a small part of the overall article. You can see above that disciple caught an error I was about to make. Puppy users are great debuggers!!! I remember

BTW, if anyone wants a cheap, but not free, VPN, PureVPN is selling 2 years for the price of one year, and that is discounted to 49.95 USD. It anonymizes one's IP address, and offers up to 256 bit encryption. I am not advertising for them, just info. I am trying it and the speed is better than the last time I experimented with VPN's, easily fast enough to stream smoothly, but I did get some stuttering occasionally on my first attempts. http://www.purevpn.com I am not sure if I should put a for-profit company here. If not, please let me know or moderator kill it. thanks.

[mikeb]

well its a netgear router though others may have similar facility...go into the web interface and the block sites part...I just added the word facebook to the list... it either does a word pattern block ...good for porn/kids or you can put a full domain in there...I used the latter method for google ads so can still use google search engine.

Once added thats it..no computer gets anything.

kproxy.com is nice... works pretty transparently (ie javascript works) and is fast.

mike

[gcmartin]

Thx @MikeB
@MikeB point out something most users overlook for various reasons. But, it provides broad ability to control various traffic at the router level versus trying to do so at each and every device on our LANs. If you are willing to spend the time to investigate, this is a very good and a CENTRAL place for traffic governance. Use of the internet has become MORE important, today, than the use of our old, "on PC" apps use (this is a phenomenon seen everywhere).

Antivirus Flaggings/behavior
Just want to share that over the past 3 decades, there has been antivirus software which has flagged/remove other antivirus software; not to mention that there have/are other useful tools that various antivirus software flag as suspect and candidates for removal.

Without going into the code explanation, various programs can be coded in such a way as antivirus software will flag the program.

Summary of this post
Hope this is helpful to be inserted in your "prism" as you look for proper behavior in product use and specifically as you go forward in use of antivirus software. The fact that Google flagged something does not mean it or Google is inherently malware. And, we may have additional controls to use on our LAN for how we want information to be filtered.

[bark_bark_bark]

The fact that Google flagged something does not mean it or Google is inherently malware.

Google is doing this on purpose, so yes this is malware.

[James C]

http://www.theregister.co.uk/2015/06/17 ... ium_hubbub

The Debian Project thinks it's fixed an issue where Google's Chromium web browser snuck proprietary code into the fiercely Free Software oriented Debian Linux distro. That hasn't stopped Debian users from wondering how the issue got past project maintainers in the first place.

Debian user Yoshihito Yoshino first raised the red flag on the project's bug report mailing list in May, after noticing suspicious network activity from Chromium 43, the most recent stable release of the open source version of the Chrome browser.

"After upgrading chromium to 43, I noticed that when it is running and immediately after the machine is on-line it silently starts downloading 'Chrome Hotword Shared Module' extension, which contains a binary without source code," Yoshino wrote. "There seems no opt-out config."

Even worse for some users was the nature of the proprietary code that Chromium downloaded. It was reportedly a library that supported Google's "OK Google" voice recognition feature, which some security researchers have pointed out is a potential open door for invasion of privacy.

"The fact that Audio Capture Allowed is set to yes, and that both the extension and the shared module are marked as 'enabled' are definitely bothering me," wrote Debian bug forum participant Yves-Alexis Perez.

Other commenters went on to say that removing the browser extension that relies on the Hotword Shared Module was difficult, and that other bug reports suggest that even disabling it in the browser's settings might not keep it from running.

Google removes "always listening" code from Chromium

http://www.zdnet.com/article/google-rem ... RSSbaffb68

Giving in to user backlash, Google has removed code from Chromium that originally allowed the browser to listen in on a computer's microphone.

The code in question will no longer be included, starting with Chromium build r335874. Prior builds automatically downloaded an extension that could tap a microphone for the purpose of hearing voice commands.

The intent of the extension is listen for the "OK Google" hot word to perform searches and voice commands, as well as get Google Now information.

The problem here is that Chromium isn't Chrome; it's an open-source browser. As such, all of the code can be publicly examined. That wasn't the case with the extension, however; it wasn't even appearing in the list of installed extensions even though it was present in prior Chromium builds.

Essentially, Google was installing a code package that couldn't be inspected and doing so without a user's consent. That's a big no-no for privacy advocates and flies against the spirit of open-source software.

[mikeb]

I remember on windows chrome used at least one specifically IE only dll....

it was comforting

mike