Chrome Antivirus Tool Scans Private Files
The Daily Mail (among many others) is reporting that a New York cybersecurity expert discovered that a Google Chrome browsing tool was actively scanning private files in a document folder on her Windows PC. Ms. Kelly Shortridge sounded the alarm from the New York-based cyber-security startup, SecurityScorecard, a third-party vendor risk management company.
CCT: Chrome Cleanup Tool is the Culprit
The unauthorized file scanning culprit turned out to be Google Chrome's built-in anti-virus CCT program, the Chrome Cleanup Tool. CCT was available in 2014 under the original name "Software Removal Tool" as an optional add-on for Chrome browsers to provide a tool for getting rid of unintentionally installed bloatware and malware. The key word here is "optional."
In the fall of 2017 the Mountain View firm rebranded the AV tool, and since then it has been a compulsory part of the Google Chrome configuration, automatically installing without the user's knowledge. Ms. Shortridge raised the alarm on Twitter claiming that "It turns out Google Chrome quietly began performing AV scans on Windows devices last fall." Shortridge was concerned that the tool was operating beyond the scope of antivirus functionality and was busily collecting data from Windows document files.
Chrome's head of security, Justin Schuh, offered little consolation with his public response on Twitter explaining that CCT's sole purpose is to remove unwanted software which could manipulate Chrome. He claimed, "Potential data collection and associated consents are described in the Chrome Privacy Whitepaper, and every cleanup action requires an explicit user approval." This did little to alleviate the outcry from Chrome users in the wake of recent headlines concerning enormous volumes of personal data collected by industry giants including Google and Facebook.
Cybersecurity Involves More Than Hackers and the Dark Web
DNS Privacy: Vulnerabilities in the Domain Name System
While Facebook and Google provide a wave of troubling headlines ISP, and mobile carriers are not far behind when it comes to privacy concerns due to inherent vulnerabilities in today's internet infrastructure. The Domain Name System (DNS) is the internet directory, matching web addresses to a site's specific online location, its IP address.
This matching process is the first operation occurring between your device and the network whenever you click on a link, open an app, or send an email. Since, by default, ISPs, mobile carriers, and WiFi hotspot providers control the DNS resolving processes they can access and store all the data used to make DNS connections, accumulating a comprehensive history of every site visited. The identity of encrypted secure sites can be stored by the DNS provider.
Staying Ahead of Security Challenges With Total Computer Solutions
In today's digital world cyber-crime is on the rise and most experts agree that the risk of cyber-attack is not a question of if but when for any enterprise or organization handling sensitive digital information. With public concern for privacy on the rise, companies now need to evaluate and assess potential data risks from all aspects of the internet, going above and beyond the very real risk of malicious actors and the dark web.
At Total Computer Solutions, we consider the broadest definition of Network Security, and we can provide the consultation, training, and solutions to ensure that your organization can recognize and protect against all threats to the applications and data you need to run your business.