This type of file can harm your computer warning in Chrome
Google announced recently that it made the decision to improve protection against unwanted software downloads in the Chrome browser and Google search.
The company did not reveal which sites would be affected by this and it was unclear if major download sites such as Sourceforge, Download.com or Softonic would get a pass or not.
Update: The messages don't show up in Chrome Stable yet.
Update 2: It appears that Chrome warns before downloading any executable file regardless of origin. It even displays a warning when you try to download Google Chrome from Google.
Google Chrome users who download files on many download sites as of today are starting to get warning messages for any file offered on those sites.
It is interesting to note that this seems to apply to all file downloads on those websites even those that are delivered directly and not wrapped in adware installers, and that it even affects some portals that don't use wrappers at all.
The message displayed in Chrome is always the same: This type of file can harm your computer. Do you want to keep "filename" anyway?
The options that Chrome provides are to keep the file which saves it to the local hard drive or discard the file instead which removes it again.
As mentioned in a previous article, Chrome downloads these files completely to the system even before you make a decision but displays unconfirmed downloads as Unconfirmed xxxxxx.crdownload files on the system until you make a decision.
Only Chrome displays the warning message. Neither Chromium nor Firefox, which uses Google's Safe Browsing database as well, display it at the time.
Google is doing the right thing in my opinion even though it may not be enough, as the warning is not highlighting why that program is potentially dangerous. A better explanation, maybe even with a link to a help page offering further information would be welcome.
One side-effect of displaying the warning for all program downloads, even direct ones that don't contain wrappers, is that people may associate "bad" with the company developing the software and not with the download portal.
This too could be resolved by improving the algorithm and information displayed on the screen to make it clear that the download site is the offender and not necessarily the company that developed the program.
So which sites are affected by the message? Sites that are known to wrap downloads in advertisement packages such as Sourceforge, Download.com, Filehippo and Softonic are but it may come as a surprise that other download sites such as Softpedia which don't wrap downloads in adware installers are also affected by this.
So, here is my problem with that.
First of all, the message should only be displayed if software is offered in wrappers or if software itself contains adware offers.
The system right now does not seem to make a distinction between any of that. If you download Firefox from Softpedia you get a message that the file could harm your computer even though the download and installer are clean.
That's bad for Softpedia, Mozilla and maybe also the user who may decide not to download the program even though it would not do any harm.
Unless I missed that Softpedia started to use ad-wrappers as well, it is unclear why warnings are displayed on the site.
Google needs to fine tune the feature. First, it should not display the warning for files that are offered directly unless they include adware.
I think that this can be easily done by analyzing file names of said wrappers on sites that use them.
Second, it should make it clearer that the program itself is not the culprit here but the download portal. It paints a negative image on the developer, Mozilla for instance, if Firefox is flagged as a file that can harm your computer.
Third, it should really do something about the exposure of these download portals in its search engine as this is where the majority of traffic comes from.
Now You: What's your take on this?
Is it safe to download the file even if it shows (this type of file can harm your computer?) For I needed this app for educational purposes.
after downloading this one can cause trouble for system are not problem we can download?
Chromium does display the message
Two years later, and Google has yet to improve upon this “feature” :\
Frankly, it’s more of an annoyance than a deal-breaker, (especially if you know the file is from a known-good site), and it has saved me a few times by making me think twice, but I know they only do these kinds of things to relieve themselves of liability. The average user can be irrational at the best of times, and Google Chrome has become the #1 browser world-wide, so there are plenty of ways for something to go wrong.
Not saying that all Chrome users are tech-dumb, of course, but boy there are some doozies out there :)
I am just now as of Jan 2017 starting to see that warning. It did not appear on any downloads during 2016 . I usually go to CNET for my downloads especially free ones I went to try a version of InPixio and the Waring came up for the 1st time. Hence my google search to see what it meant and if it was safe..
My question now becomes how come I never saw this message warning until now when you wrote this article back in Feb 2015 ?
Thank you, Martin. I just received that message while downloading Office 365. And I backed out of the download, thinking it was a problem with Microsoft. I agree it would be nice if the message linked to an explanation.
GOOGLE IS AN ANTI-*OPTIONS* “COMPANY”.
Or it might just be a bug. I noticed one warning this morning for an .exe file and a few minutes ago no warning for the same file, same download location.
I thought that as well as I was downloading my video card software update this morning and no warning came. It was a new version very much different than my old version and I selected a few wrong update options and used task manager to stop the download/install process to try again. The 2nd time I got the warning flag, but because I know my video card manufacturer’s software I disregarded the notice and clicked through.
Well… Google decide instead of letting the users takes their responsability. May be this good for some of them but not me. Just yesterday I received this (stupid “COULD HARM YOUR COMPUTER”) warning from GChrome about the updated version of Free Download Manager… updated from the editor web site:
http://www.freedownloadmanager.org/ with this analysis from VirusTotal (owned by Google by the way) : https://www.virustotal.com/fr/url/f440503129a34a3ac7c136f279c524cec76faba9bca695ce872cc60ddbec8a74/analysis/ for the URL and
https://www.virustotal.com/fr/file/4361e48b499bf2480fe3d0ef8ac004107cd91db6b8d802fe8c964458ff93ecb5/analysis/1424963460/ (with one warning: a false positve imho)
analysis for the installation program itself:
https://www.virustotal.com/fr/file/4361e48b499bf2480fe3d0ef8ac004107cd91db6b8d802fe8c964458ff93ecb5/analysis/1424963460/ (harmless)…
Is GChrome is a browser dedicated for irresponsible and may be moron user or what? :-(
Have a nice day. :)
It seems that this is pretty similar to the Windows warning about installing software: something many people click right on through once they’ve seen it a few times. Only marginally effective.
If the algorithm did detect wrappers and PUPs, the warning would be much more useful.
Yes, yes, this reminds me of the UAC (user account control) setting in Windows, 7/8/10 where every little program change or modification needs to be approved. Useless and time consuming if everything needs to have a dire warning.
“Sourceforge, Download.com or Softonic would get a pass or not.”
Why should they get a pass? Softonic especially has (unsuccessfully) attempted to redirect me to tons of useless downloads in the past. Are they saying that because these three sites are notorious for that kind of behavior they will be dismissing it? Moreover, its not so much the download that gets you as it is the tricky little agreements embedded within the software at installation you have to watch for.
The big question for Martin though – Did you take advantage of the 20% off savings on all the furniture and accessories from that ad on your screenshot? If not RUN down there now! The week will be over before you know it!
Herman, the past has shown that large networks and sites are often handled in a different way on Google Search (and probably other search engines as well) as smaller networks and sites.
For me, this kind of warning is similar to antivirus companies who, when they detect a file they do not understand, sometimes label it a possible virus — it’s one more step towards making it harder for independent developers because it affects small coders and not big companies who have the connections to get their software whitelisted.
I applaud any attempt to warn users that the file they are about to download is UNKNOWN to google, and that the user should ensure that the file is safe — but to say that the file “COULD HARM YOUR COMPUTER” is akin to saying: this site is bad and harmful and you should run away from it fast. I find it completely irresponsible to use such language to describe a file that you have no information on.
If google believes a file is harmful, say it’s harmful. But if google has no information about the file, they should say they have no information about the file, and not scare people.
I agree that the message is misleading and that Google needs to work on the system.
I’ve been receiving warning message when downloading any executable file for long time now. Even when downloading google chrome installer eg. http://www.google.com/intl/hr_HR/chrome/browser/thankyou.html?platform=win
…and wrappers are exe files by default
You are right. I just tested it and it seems that all executable file downloads show that warning.
in the beginning, I think (not sure), those warnings were only if “enable phishing and malware protection” was checked. But then it started no matter of options in settings.
Warnings are not only for exe files. This is from chrome download API
https://developer.chrome.com/extensions/downloads#type-DangerType
Thanks for clarifying this. I first thought that this was related to Google’s recent announcement but it is apparently not the case.
I agree they need to add a link to more information about the download. Maybe they will later.