|
|
|
|
|
|
by Mahn
4136 days ago
|
|
|
My startup, that shall go nameless, provides a service used mainly by the tech illiterate. Early in our first beta we determined we needed to log client side errors since there is quite a lot going on in there, so we quickly implemented a system that phones homes for every uncaught exception and error. Since we didn't filter the source, immediately after we were getting flooded with third party javascript errors. But not the innocuous facebook like button or google analytics kind of errors, mind you, but errors coming from javascript sources we had never added, that is, injected javascript. Upon further inspection at the source code of these scripts and some googling, we found out that it was ad injecting malware in the form of Chrome extensions. Basically and long story short, some 40-50% of our customer base browses the web with ad injecting malware installed, and that's only counting malware that caused errors client side, which is obviously not all. This was naturally disheartening for us, because you pour your heart and soul into building the best product you can deliver only to hear a very large amount of your customers will never experience anything other than a very subpar version of it... Browser malware is a very real problem, and I don't know if Mozilla's approach is the best way to tackle it, but there definitively needs to be more people thinking about it, and in particular the Google Chrome team. |
|
|
I remember when Chrome kicked any youtube-downloading extensions out of the chrome store. What happened? A few people downloaded non-chrome store extensions, but most of them downloaded the ones that were left in the store - the malware extensions that promised to download youtube but didn't. Huge spike in malware on Chrome installs that I saw.