Sadly, the article doesn’t say what’s being uploaded to Google.
Just the file metadata of my documents folder? Just the metadata of the files that Chrome thinks might be malware?
In this climate, I’m shocked Google thinks they’re above needing to fully inform their users that their web browser is inspecting user files that have nothing to do with that browser.
As far as I could tell as a non Chrome user, Chrome Cleanup Tool is a separate download from Chrome. Chrome may prompt to install it under some circumstances. However, what's described in the article does not appear to be a functionality that exists in normal Chrome installation.
At some point as as community need to recognize that we're grossly out of touch with how people outside our bubble use computers. Browsers are the #1 consumer attack target and have been plagued with all forms of malware since before IE6 -- malicious plugins, extensions, DLL hacks, history harvesting, apps that override settings to push adware.
It's not that surprising that browsers are trying to go on the defensive, Firefox shipped extension signing and Google is trying an active scanner.
It sucks for our bubble but that's ignoring the huge number of people with horribly infected browsers that are about to be cleaned of malware.
So because IE6 was a trainwreck and you could dump dlls over port 80 you think Chrome needs anti virus?
I don't think this is a "bubble" problem, rather a "statistical arrogance" problem. Google seems to have plenty of the latter nowadays, I wonder when someone is going to stand up to all the data people making bad decisions.
> it [antivirus] only has normal user privileges (meaning it can’t go too deep into the system),
On a single user system all personal files are accessible with "normal user privileges".
> In other words, Chrome Cleanup Tool is less invasive than a regular “cloud” antivirus that scans your whole computer (including its more sensitive parts such as the kernel)
How kernel is "sensitive"? It is the same on every computer running same OS.
> Chrome Cleanup Tool is less invasive than a regular “cloud” antivirus that ... uploads some data to the antivirus company’s servers.
How do you know Chrome doesn't? Is this module open source? They write Google got it from ESET so it is possible that Google themselves never saw the source code and received it as a binary module.
Do you believe that this is really an "antivirus"? Is it open source? Please remember the case with Kaspersky software that moved files from NSA contractor's PC to Russia. Now let's think what is the probability of Chrome moving your files to NSA?
Here's the thing I don't get. If you're running Chrome you're already trusting them with basically everything -- they could record every page you visit, every key you press, every ad you click on, every process running on your computer, or secretly use your webcam or microphone. If you don't believe their word carries any weight then this scanner is probably the least of your worries.
If you believe that Google would ship you malware for nefarious purposes and then sraight-faced lie about it then you probably shouldn't be using Chrome.
I use Chromium, not Chrome, but it doesn't matter. Software vendors should not be allowed to do this.
Imagine if you hired an electrician but he would secretly go across your house and searched everything to get rid of bugs (at least that's what he said). Would you like that?
If you advertise your app as a browser then it should not secretly scan files.
> If you advertise your app as a browser then it should not secretly scan files.
Not trying to be snarky, why not? It's one of those statements that seemed obvious until I thought about it. Who even gets to decide what features something called 'X' is allowed to have?
Sure, I would personally prefer that they didn't but I honestly cant think of a reason they should be forbidden from doing so. "Our users' browsers are horribly infected due to malware/adware that's not being purged. So we're including an AV to combat that" seems like enough of a justification.
"Quietly" trying to transform Windows (and soon other OSs?) into ChromeOS? Accessing file system (apart from just downloading & uploading would be a huge leap.
Might sound like a noob dream, but I wish there were a permission system like Android (I'm not used to iOS).
Chrome is, actually, not scanning files on my computer. Because I don't run Chrome on my computer.
This is very much a no-thanks piece of functionality. If I already have malware scanning software, the last thing I want other apps doing is also scanning my entire file system. I'm mostly on SSDs now which significantly reduces the performance hit, but still.
I would also note this is a serious concern with the whole trend for auto-updating "evergreen" software. Without you even knowing, your browser software may decide to load up a different company's antivirus engine without even giving you so much as a heads up about it. You have to be aware of what companies you grant this type of access to, because once they have it, they essentially have complete control of your computer.
I was think the guy was making an Electron joke, but yeah, Electron is Chromium-based, and if each Electron app was packing it's own ESET antimalware engine, you'd see some serious upset going around.
Just the file metadata of my documents folder? Just the metadata of the files that Chrome thinks might be malware?
In this climate, I’m shocked Google thinks they’re above needing to fully inform their users that their web browser is inspecting user files that have nothing to do with that browser.