Chrome Improves Real-Time Protection

Google says Chrome will now warn users about risky sites using real-time information. The improvements won't compromise user privacy.

Chrome already offers a feature called Safe Browsing. The default option, "standard protection," kicks in when users are about to visit a site, download a file or install an extension. The feature compares the target URL (website address) against a database of known and suspected security risks and warns the user of a match.

The optional "enhanced protection" option will also actively check the target site for any signs that it may be compromised, threaten security or attempt to scam users into handing over login details. It will then add the results of this check to its database.

Until now, the standard protection version of the tool worked by storing a copy of the database on the user's device. That boosted privacy because there was no need for Google itself to see what site the user was about to visit.

Database Bloat

The downside is that although Google updated the local copy of the database once or twice an hour, that was proving inadequate to keep it sufficiently up to date. Google says its research found the average malicious website (one designed to distribute malware) now exists for less than 10 minutes. That's clearly a deliberate attempt by scammers to evade detection.

Another problem is that the database continues to grow and had started to cause performance problems with limited resources.

The new approach will mean the database is on Google's servers and is kept completely up to date. That means the browser will be able to check in real time to see if the target site is known to be risky. It says this should increase the number of alerts by 25 percent. (Source: blog.google)

Privacy Protected

Google says its devised a deliberate system to protect users' privacy with these changes. The address of the target site will be encrypted and routed through an independent third party, with any information about the user stripped out. (Source: techcrunch.com)

The result will be that Google's database can confirm whether the target site is on the list, but will not have any details on who made the request (and is thus intending to visit the site).

What's Your Opinion?

Did you know about Safe Browsing? Do you welcome the changes to the tool? Are you bothered about Google knowing what sites you visit and would that have deterred you from using its security tools?