Google Researchers Use Reputation Technology To Thwart Malware Downloads with Chrome Browser
It's clear that where security's concerned, Google is on top of things. The company has no desire to be compromised, or have its users compromised, and so it's doing a variety of things to make sure incidents are kept to a minimum. Last fall, we learned of Google's app scanner utility - included in Android 4.2+ - which has the ability to automatically scan apps you're about to install in order to warn you about the file being malicious, or potentially so.
With its "CAMP" (Content-Agnostic Malware Protection) technology, Google hopes to make our desktops just as secure. This of course involves its Chrome browser, which already goes to great lengths to help protect its users - especially if a website is about to be visited that has been defined as a site serving malware.
CAMP ignores some basic information about the file being downloaded and instead looks to other areas to judge whether or not a it carries a risk. If the file came from a provider which Google has deemed to offer genuine software, the file could be downloaded without incident. If the file happens to come from an IP address known to carry malware, a red flag will be raised. CAMP is in effect a last-resort; if the file being downloaded doesn't appear in either Chrome's whitelist or blacklist, CAMP is called into action and negotiates with Google's servers to establish whether or not a downloaded file is unsafe or not.
Information on a file passed back to Google would include the hash value, its size, referrer information and of course, the download server. With this information in-hand, Google can establish a reputation level for the file, to judge whether or not it's probably safe. A file that is unsafe will generate an error akin to "file.exe appears malicious", whereas if it may be malicious, the error will be "file.exe is not commonly downloaded and could be dangerous."
According to the official CAMP report, it appears that Chrome has been implementing this feature for as many as six months. As a Chrome user, I'm a little surprised, given I haven't encountered such an error yet, but I have noticed that the option for "Enable phishing and malware protection" is disabled in my browser, which I assume is the reason.
So far, CAMP seems to be working out quite well. Google claims a success rate of 99%, and states that its local and server solution combined gives better results than four leading anti-virus products. There are of course privacy concerns here given that some information might be passed along to Google's servers, but it's pretty difficult to build up whitelists any other way. A safer Web is a better Web, plain and simple.