A security-based newsletter entered my Inbox Tuesday afternoon and, like a gerbil, I immediately clicked it open to see what kind of shenanigans were going on in the world of cybersecurity. You can imagine how intrigued I was at the following title: “Chrome Is Scanning Files on Your Computer, and People Are Freaking Out.”
Well, that certainly got my attention, and I clicked on the link to read the article at Motherboard, and a lot of the associated links, and those associated stories and their links, and before I knew it, more than 30 minutes had gone by – and my jaw was just as slack at the end of that adventure as it was at the start.
Here’s the original article: https://motherboard.vice.com/en_us/article/wj7x9w/google-chrome-scans-files-on-your-windows-computer-chrome-cleanup-tool
I’m going to give you the “Reader’s Digest” version because I don’t know if many of you are going to read that.
Let’s start with the basics. Google Chrome is a browser, just like Microsoft’s Internet Explorer, and Mozilla’s Firefox, and Apple’s Safari. The browser lets you explore the pages on the World Wide Web.
The focus of this article is that deep within the Google Chrome settings, there is a ‘clean up’ option that uses a third-party product (from antivirus vendor ESET) to scan for malware that could, potentially, harm the Chrome browser itself.
One of the parameters associated with this option, “Report details to Google,” is defined as follows: “Includes information about harmful software, system settings, and processes on your computer.” And the default for this setting is to ALWAYS SEND the data to Google! Obviously, this setting lets Google’s developers know how to handle any problems that may have been encountered during the scan.
Now that’d be great if Chrome simply scanned a few known locations in which malware frequently appears and then closed down.
Unfortunately, as the reporter describes it, the scanner reached further into the computer than anyone would have suspected, and it was going through the My Documents folder. I can’t imagine that any malicious software would reside there that could cause any harm to the browser. So that’s just overkill. The exaggerated claim is that Google is spying on you, your files, and your computer.
According to a leading Google developer, the scanner “only runs weekly, it only has normal user privileges (meaning it can’t go too deep into the system), is “sandboxed” (meaning its code is isolated from other programs), and users have to explicitly click” on a box if anything is detected.
Like I said, this is the first time I’m hearing about this. But the text of the “agreement” you have with Google when using Chrome can be found here: https://www.google.com/chrome/browser/privacy/whitepaper.html#unwantedsoftware
I looked into this, and it seems that this clean up “feature” has been in existence for more than a year, and is only now getting any reaction. But that’s the wonderful nature of the Twitter universe. Someone makes a discovery; some of her followers take a closer look and get agitated; a reporter asks a few questions, and then everyone gets all riled up about the intrusive nature of a global corporation.
I doubt that any of my clients who have Chrome have EVER seen a pop-up that malware was found. And I know that many of you use Chrome and that some of you have encountered instances of malware. It’s simply that the software I have installed on your computers scans more frequently than once a week, is constantly updated, and – most importantly –I monitor the results (not Google!).
While I would want everyone to turn off the setting that sends data to Google, the steps I have followed do not work for more than the logged on session. If you close your browser and then re-open it, the setting turns itself on again. I have checked, and it seems that this setting simply cannot be eliminated.
What’s my recommendation: If you don’t mind having your machine bogged down every now and then by a scanner over which you (and I) have no control, you can continue to use Chrome. But I would really like to know if you ever get a pop-up from Google about malware. Otherwise, if you’d prefer a less intrusive browser, send me an email or give me a call and I’ll install Firefox and transfer your favorites.
Thanks and safe computing!
For the geeky inquisitive individuals, here’s where the settings are located:
Open Google Chrome.
In the upper, right-hand, corner of your screen –just under the red X – there are three vertical dots (what Google developers call “a hamburger”). Click that and select Settings (near the bottom of the list).
Scroll down the page until you see the word Advanced, and click it to expand the selection.
Scroll all the way to the bottom of the page.
Click on the heading “Clean up my computer.”
Move the slider for “Report details to Google” from the blue (on) to the grey (off) position.
Note that this is only good for your current session. If you close your browser and re-open it, the setting will go back to blue (on). As of now, there is no way to permanently disable it.