Tame the Chrome – The browser is a spyware – avoid it by all means – for office use only

This blog post is obsolete now. Chrome’s spyware capabilities has grown by leaps and bounds. It is not safe for any organisation to use Chrome.

If Chrome was not made by Google, then the browser would be designated as a spyware. Chrome gets away with it only because of the goodwill that Google has built up over the years. There was a time when Google would err on the side of caution.

I don’t use Chrome as my default browser. (I use Opera instead. For a webmaster, Opera is indispensable. All other browsers are too slow.) I use Chrome occassionally when I need to check out Webkit’s non-standardised CSS extensions.

Even then, Chrome’e excessive spyware-like behavior and made-for-dummies attitude got on my nerves. So, I decided take my whip and remove the hide off Chrome’s back. Now, Chrome behaves like it should. It does what I tell it to do, not the other way around. Well, almost…

Almost Regular Installation

Google does not give you a regular installer for Chrome. This is Chrome Annoyance #1. The unwashed masses do not deserve their priced jewel?

What Google allows you to download is the “pre-installer setup” ChromeSetup.exe, which downloads the silent installer chrome_installer.exe. This is annoying because you cannot just download a regular installer, copy it to a network location, and ask your office co-workers to install the latest version of Chrome from the network.

Google does not disclose the location of the chrome_installer.exe easily. You can do a search for chrome_installer.exe, find an old download link in the results, replace the version number in the URL with the current version and download the latest installer. (You can get the version number from http://googlechromereleases.blogspot.com/. You should download the file only from a Google link. Other sites may, unknown to you, bundle a virus or other malware.)

For example, Bing provides the URL http://dl.google.com/chrome/install/202.0/chrome_installer.exe as one of the results. (A Google search will also work.) The latest version at the time of writing this article was 249.79. So, I could replace the number 202.0 with 249.79 and got a valid download link. I downloaded chrome_installer.exe from the new link (http://dl.google.com/chrome/install/249.78/chrome_installer.exe) and gave the downloaded file to my colleagues.

Originally, I found the download link for chrome_installer.exe using a different route. I use a very old software called Naviscope. Naviscope runs as a standalone proxy and all Internet connections on a Windows PC will have to go through it. Naviscope is an extremely powerful tool and has lots (really lots) of easy-to-use features. I particularly like its “Transfer Rate” features which shows real-time average and peak speeds of the Internet connection. It has another very useful feature that helped me when I tried to install Chrome. Its “Resource Bars” provides a visual alert when some application tries to access the Internet. This provided me the download link for the Chrome installer.

SCREENSHOT_Google_Chrome_Capture_Download_URL

The setup ChromeSetup.exe downloads the regular installer from a Google site to a folder in the C:\Documents and Settings\[YOUR_USERNAME]\Local Settings\Application Data\Google\Update\Download. (Windows Vista/7 user may find this folder in their C:\Users directory.) The Chrome installer is a silent installer. It does not ask for any installation folder location or the Start menu folder. This is Chrome Annoyance #2. After installation, ChromeSetup.exe deletes chrome_installer.exe.

When the installer completes its job, Chrome starts running from C:\Documents and Settings\[YOUR_USERNAME]\Local Settings\Application Data\Google\Chrome\Application\Chrome.exe. (Chrome Annoyance #3). This folder is usually used by software applications for storing user settings and other data. So far, I have seen only malware running from folders in Application Data. Logic here seems to be that people in offices might use a Windows account with limited previleges and installing in the Application Data is the best solution. This seems clever at first but malware writers will be exploiting this vulnerability soon. There are several Google programs that run surreptitiously and respawn even if you kill the process. Google may have unwittingly supplied the best vector for malware programs.

Offline Installer

Google provides an offline installer. I haven’t tried it yet. However, the download URL seems to be somewhat unique for each download.

Death To Chrome Crash Handler

After the installation, Chrome runs a background application GoogleCrashHandler.exe. This is Chrome Annoyance #4. This application runs all the time, even when Chrome is not open. It connects to Google even when there is no obvious crash.

You can disable this by perform the following steps in Chrome browser:

  1. Click on the Customize and Control Chrome (Spanner) icon.
  2. Select Options menu option.
  3. Click on Under The Hood tab of the Google Chrome Options dialog.
  4. Under the Privacy section, uncheck Help make Google Chrome better by automatically sending usage statistics and crash reports to Google option.

Just to be sure on my PC, I removed this application from my computer. For this, I closed Chrome, killed the GoogleCrashHandler.exe process in Task Manager, and deleted the C:\Documents and Settings\[MY_USERNAME]\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe. No, Chrome runs just fine after that.

More Privacy

Every key you press, even your corrections, in the address bar or the search bar is immediately echoed to Google. This takes up bandwidth and I find it be the Chrome Annoyance #5. So, I unchecked all options under the Privacy section mentioned earlier. Again, to be sure, I blocked Google subdomains such as clients1.google.co.in, clients2.google.co.in, clients2.google.co.in… in my firewall. I use R-Firewall, not Windows Firewall or the ex-Mossad ZoneAlarm. If you use R-Firewall, you can check its DNS cache to see which Google subdomains are used for Google Suggest feature. If you use Naviscope, you can peruse its HTTP request log for finding the Google subdomains.

R-Firewall Content Filter

 

Chrome’s default option for clearing browsing history shows a certain sneakiness by holding on to personal data. It deletes only the last day’s browsing data. If someone has moved from Firefox or some other browser, they would have assumed that it deleted all browsing history. This is not the case. In the Clear data from this period list, go for the option Everything.

Manual Updates

Google checks for updates more often than required. If you open the browser to visit some web page, the update will instead hog the bandwidth. This is Chrome Annoyance #6. There is no way to disable automatic updates. To do this by brute force:

  1. Open Windows Explorer and navigate to C:\Documents and Settings\[YOUR_USERNAME]\Local Settings\Application Data\Google\Update.
  2. Delete any exe files that resemble GoogleUpdate.exe and GoogleCrashHandler.exe.

If you don’t want to risk anything by deleting files, then remove the “Google Update” option from Windows Startup. Mike Lin’s Startup Control Panel can help you in this. I am not sure if Chrome will restore the startup setting. In some previous versions of Chrome or the Google Pack, I have seen GoogleUpdate.exe respawning itself when it is deleted. This was very disconcerting because I have seen only malware show this behavior.

You might even find Google update entries in the Scheduled Tasks Control Panel applet. Delete those entries too.

If you enable Chrome’s Enable phishing and malware protection option, it will be download files all the time from safebrowsing.clients.google.com. I disable this feature because I have a good firewall, antivirus, and anti-spyware, and, I browse quite responsibly. To ensure that the setting does not enabled without my knowledge, I block safebrowsing.clients.google.com in my firewall.

Here is a nice reality check – hilarious it may seem – the Google Safebrowsing Clients report for who else but Google!

Safe Browsing Diagnostice Page for Google.com

This is another reason why you should not blindly trust Google. And, this is true for Google search results too. A lot of SEO con-artists have sucessfully spammed Google’s index and many of their pages appear for ANY search that you perform. (Try Google Image search for more earlier results.) When you click one of the search results, you browser is hijacked and your computer starts hosting malware.

Total Uninstall

If you uninstall Chrome, not all files get deleted. GoogleUpdate.exe, GoogleCrashHandler.exe and quite a lot of other files still remain. To say good bye properly, go to C:\Documents and Settings\[YOUR_USERNAME]\Local Settings\Application Data and delete the Google folder.

Chrome Alternatives

If all this is too much for you, then download the alternative Iron Chrome browser, which uses the same code base as Chrome but the browser has better privacy settings and does not incessantly phone home. Apple’s Safari is also based on Webkit.

Firewall and SSL security firm Comodo has a browser called Comodo Dragon. It is also based on the Chromium source code but it comes with greater security and respect for privacy. It has a decent installer and does not run any suspicious background processes. It does check for updates each time you start it. However, the browse settings are not very different from Google Chrome. You have to disable the same settings mentioned earlier for Chrome. Additionally, you may want to block download.comodo.com and tools.google.com connections for Dragon in your firewall.