Google's solution against hijacked Chrome settings is not sufficient
Google Chrome has fewer issues with automated third-party extension installations than Firefox for the simple reason that the browser does not support custom toolbars.
It is still possible that extensions get installed automatically, for instance after installing a security suite on your computer that adds extensions to web browsers for improved functionality.
Things that can happen as well are that programs hijack Chrome browser settings, for instance by changing the browser's home page.
Malicious programs come in disguise more often than not, for instance as a security update that is none, a video plugin that promises better video quality or less buffering, or a free screensaver that looks really cool.
One of the reactions of Google to those attack forms was to add a reset browser settings button to Google Chrome. You find it by opening chrome://settings/ in the browser, clicking on Show advanced settings, and scrolling all the way down to the bottom.
A reset will change important browser settings to their default values, including the homepage, new tab page and search page. It will also disable all extensions, unpin all tabs, and clear data.
It is obvious that this is often not the best option when a third-party program changed only the homepage, or the search provider.
A new feature has been integrated into recent versions of the Chrome browser that moves the reset option to the front of the browser.
Once Chrome notices that settings have been altered by a program -- and not by the user -- it displays a reset notification right there.
If you click reset, all browser settings mentioned above will be reset.Â So, it is the same feature, but more prominently placed so that users who do not know about the reset feature can use it as well.
This may look good on paper, but it is not sufficient enough if you ask me.
First, if something modifies the browser's homepage, why offer to reset other settings as well? Plus, why reset to the default homepage and not to custom homepages that users may have set in the browser?
Second, resetting the settings may work, or, if malware is still running on the user system, may not work as the malware may revert the settings again, making this an endless game of change and reset until the user starts to investigate the matter and removes the malware on the system.
My suggestion would be to add configuration options to the browser that locks settings in place. When enabled, nothing can change the setting unless disabled first. This would resolve many of the issues that browser users face in regards to modified browser settings.
What's your take on this? Is a reset the right choice to deal with the issue?Advertisement