Google releases new email, browser security features to prevent common hacking issues
Google has rolled out new security features for users of Gmail and Drive, as well as its Chrome web browser.
For Gmail and Drive users, Google is offering an opt-in feature called the Advanced Protection Program, aimed at those who are more prone to online threats because of the nature of their work. The company announced the program in a blog post on Tuesday.
“We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks,” the post says. “For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety.”
That could be seen as a reference to John Podesta, the Hillary Clinton campaign adviser whose who fell for a phishing scam, giving Russian hackers access to his Gmail account during the 2016 election. Many of his emails were later published by WikiLeaks.
Google says the Advanced Protection Program is designed for people risk-prone users who are “willing to trade off a bit of convenience for more protection.”
Part of the convenience tradeoff comes in the form of a physical two-factor authentication requirement. Users have to use a USB or wireless security key in addition to their password to log into their accounts.
The Advanced Protection Program also implements additional protections against hackers attempting to use the password lockout process to impersonate a user. It adds extra steps to process, like requesting information about why the user has lost access to their account.
On Monday, Google also announced a set of a set of improved anti-malware features in Chrome for Windows users. They include protections against unwanted settings changes and malware that might be bundled with other downloaded software.
The update revamps the way Chrome informs users when malware is detected by showing a dialogue box asking whether the user wants to remove the harmful software. The browser will now also detect when downloaded extensions change critical settings like the default search engine and asks whether the user wants to revert the changes.
Google has long offered malware detection and protection in its browser through the Chrome Cleanup feature. A notable change, however, is that it is now partnering with anti-virus software company ESET to expand the scope of the malware it detects.
Google would not classify the updated detection engine as a “general-purpose antivirus,” saying that “it only removes software that doesn’t comply with our unwanted software policy.” That means the feature only protects against certain types of harmful software. A Google spokesperson told CyberScoop that Chrome Cleanup doesn’t protect against ransomware, computer worms or viruses.
Google says the new Gmail and Drive features are only available to consumer accounts, leaving out G Suite business accounts for now. The updates to Chrome are rolling out to all users on Windows.