Picture this: you're sitting down at your computer at the start of your workday. You open up Google Chrome to process your email and look at your calendar. You immediately notice that something is off, however, because the New Tab page now looks like this:
"That's weird," you say to yourself, that's not how Chrome usually looks. It usually looks more like this:
Weird. At this point, you might be tipped off that something isn't normal with your web browser, but whatever, you've got work to do. You don't have Google Calendar bookmarked, so you enter "Google Calendar" in the omnibox and hit enter. Again, you see something that's out of the ordinary:
Ask.com? When did you start using Ask.com as your search engine? When you start seeing unexpected new tab pages and unwanted search engines in your browser, it's a good chance that you may have some malicious browser extensions installed.
Malicious browser extensions are programs that run inside your web browser that may not have your best interest at heart. We often see them installed by students at our independent schools. In searching to find some examples for this article, I noticed a common theme: they almost always promise free stuff. What kind of free stuff?
- FREE online games
- TV and movies you can watch for FREE
- FREE PDF converters
- Extensions that will download YouTube videos for FREE
You get the idea. Some of these extensions do actually deliver some version of what they promise, but they also make some changes that you may not know you're signing up for. The two most obvious behaviors of shady extensions are to change your New Tab page and your search engine. Now, Chrome has gotten much better about warning users when a malicious extension tries to mess with your settings, but it's not uncommon for users to accidentally install one of these malicious apps anyway.
Google has released a tool to combat this problem called the Chrome Cleanup Tool. It's a downloadable Windows application that will inspect your copy of Chrome for malicious extensions and reset your browser settings to their default. If you're seeing strange behavior from Chrome, the Cleanup Tool is a good first step towards figuring out what's wrong.
Installing and Using the Chrome Cleanup Tool
1. Visit the Cleanup Tool website and click 'Download Now'. You'll also be prompted to agree to Google's Terms of Service. Bear in mind that this tool will only work on Windows computers.
2. The Cleanup Tool is a small download, so it won't take long. When it's finished, you'll see it appear in the downloads pane at the bottom--left corner of your Chrome window. Click on the cleanup tool to run it.
3. You'll need to grant permission to run the Cleanup Tool; it's OK to click Yes here:
4. The Cleanup Tool will first look for any malicious programs that might be installed on your system. If it finds any unwanted programs, you should opt to remove them. Next, you'll want to click 'Continue' to carry on with the process.
5. Next up, the Cleanup Tool will prompt you to Reset your settings. You definitely don't want to skip this step. Bear in mind that it will also disable all of your extensions.
6. After clicking 'Reset', your browser settings will be restored to normal. Now, at this point you might want to look at your extensions and see what has been disabled. Type chrome://extensions into the omnibox and hit enter, or click on the Chrome menu -> More Tools -> Extensions. Be very wary about re-enabling extensions; it's likely that the culprit that hijacked your settings is still on this list of disabled extensions. If you have any doubts about the legitimacy of an extension or add-on, contact IT for a second opinion. In my example below, ALL of the installed extensions are ones I wouldn't want to re-enable:
Avoiding Shady Extensions
While it's not always obvious whether a browser extension is malicious or not, there are a few key hints you can look for that might suggest that an extension isn't on the up-and-up.
Questionable Functionality- Does the app offer to do something that you could easily do yourself? As an example, this extension offers to 'search the entire internet' for you. You don't need an extension to do this, you just need to use Google or Bing
Too Many Permissions- When you install or enable an extension, Chrome will warn you about the permissions that it's going to be granted. Extensions that want to "replace the page you see when opening a new tab", "read and change your browsing history", or 'change your search settings" should make you pause and ask "Why?". There are very few legitimate extensions that need permissions like this:
Warnings When You Install the Extension- Chrome will now warn you when an extension tries to change important settings in your browser. If you've just installed a new extension and Chrome is warning you about what it's trying to do, that should be interpreted as a waving red flag that reads "This Extension is Bad News!"
