Google Set to Change Malware, Phishing Warnings Following Study

Google will soon change the way it displays malware and phishing warnings in its Chrome browser to give users a better idea of the risk and to help them make a decision.

In the not too distant future, Google will change the way it displays malware and phishing warnings in its Chrome browser.

Instead of a white warning on a red background, the entire page will be red, with a prominent X featured at the top of the display. Both the malware warning and the phishing warnings advise users that the site ahead may either try to install dangerous programs on your machine or trick you into giving up personal information.

googlemalwareattack

googlephishingattack

The new warnings do away with cartoon images of the past, instead opting for a simpler, bold and more uniform warning. Like the old warnings, if users click “details” they are given the option to bypass the warning and proceed to the unsafe site, but only after they acknowledge the risk to their security.

The changes can currently be seen on the Canary and Dev builds of Chrome.

While the browser’s Canary and Dev channels are notorious for changing quickly – the Canary build is updated daily, the Dev build once or twice a week – it’s expected that after the warnings go through enough testing in the developmental builds, they will graduate to the beta and stable builds of Chrome.

Adrienne Porter Felt, a security and privacy researcher at Google, previewed the changes on her Twitter account last Friday and pointed out that usually when users see a warning that pops up in Chrome, they assume an attack has already happened. With the new warnings, Porter Felt is hoping that when users see that there’s a problem ahead, it fixes that fear.

The malware and phishing warnings follow up a new SSL interstitial warning that began to make the rounds on Canary back in June:

All of the warnings take a cue from Google’s Safe Browsing API, a service the company runs that maintains a continually updated list of suspicious pages that may host malware or phishing.

A Cambridge University study on malware warnings in January suggested that malware warnings shouldn’t scare users away, they should instead work to give users a better idea of what’s happening to their computer and the risk they’re exposing themselves to.

At the time Ross Anderson, the Head of Cryptography at the school, and David Modic, a research associate at the school’s Computer Laboratory found that users heeded warnings that featured authority and were concrete-threat based.

Another study around malware warnings, specifically those in Chrome, was published last week following a presentation at the Symposium on Usable Privacy and Security at USENIX in Menlo Park, Calif.

chromemalwarepaperAuthored by Porter Felt, Hazim Almuhimedi of Carnegie Mellon, and fellow Googlers Robert W. Reeder and Sunny Consolvo, “Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning,” (.PDF) aimed to examine why users largely ignore malware warnings.

After analyzing nearly four million different Chrome malware warning impressions, the study found that users were twice as likely to ignore a warning if the site was already in their browsing history, suggesting people are less likely to believe that a popular site could be malicious.

The paper recommended that malware warnings should be tweaked to let users know that even what it calls “high-reputation websites” can be compromised.

The new Chrome malware warnings incorporate this, and further insight from the paper. The warnings now have new text in the “Learn More” field that lets users know that “Websites that are normally safe are sometimes infected with malware.”

The Chrome team also built a new diagnostics page – reachable through Google’s Safe Browsing site – to give users “clear, contextual information to help them make a decision.”

“Our work on improving the Chrome malware warning continues,” the researchers write.

Suggested articles