1

Is there a way to prevent installers from changing the default search engine in Chrome? Answers to a similar question talk about a "Protector" feature in development versions from 2011, but I can't find any recent references to such a feature:

Prevent Browser Search Hijack

Any advice for recent release versions of Chrome?

Community
  • 1
Stefan
  • 121
  • 1
  • 7
  • Is your question asking how relevant the cited post is (since it's a bit old)? – Dave Mar 26 '13 at 12:43
  • No. The cited post doesn't appear to be relevant, but I wanted to give some background since my question is a duplicate of that one, but I want a new answer. – Stefan Mar 26 '13 at 12:47

2 Answers2

1

Chrome 25 is adding two new features to prevent silent extension installs. From the Chrome blog post:

Extensions installed by third party programs using external extension deployment options will be disabled by default. When a third party program installs an extension, the Chrome menu will be badged, and users can click through the Chrome menu to see a dialog containing an option to enable the extension or to remove it from their computer.

In addition, all extensions previously installed using external deployment options will be automatically disabled. Chrome will show a one-time prompt to allow the re-enabling of any of the extensions.

I don't know if this will block all search engine hijacks but it will go a long way to stopping a lot of them.

Brad Patton
  • 10,540
  • 12
  • 40
  • 68
  • Thanks. Chrome did report this morning (after it auto-updated) that it had disabled one of the extensions which had been installed during my test yesterday. Seems this is just being addressed...will wait and see how effective it is overall. – Stefan Mar 27 '13 at 09:16
0

Protecting your system with the right software will prevent browser hijacking. Something such as Spybot will immunise your system and all installed browsers to prevent this type of malicious attack (Spyware Browser Hijacking).

Other than 3rd party protection, it is a case of using all in-browser configurations possible to prevent external access to change your default search engine (and similar).

zigojacko
  • 278
  • 1
  • 7
  • 17
  • According to this: http://www.wilderssecurity.com/showthread.php?t=21688, Spybot does not protect against changing the search engine in the registry, so won't help with installers. – Stefan Mar 26 '13 at 13:25
  • That thread is from 2004, Spybot had only just been created then. It's come a long way since then and is considered a reliable and popular piece of software to protect against browser attacks. – zigojacko Mar 26 '13 at 13:39
  • I tried installing Spybot and did a quick test using an installer which includes changing the default search engine. Spybot did detect a number of registry changes, which I denied, but the installer still managed to change the default search engine in Chrome :-(. – Stefan Mar 26 '13 at 15:27
  • Did you immunise your system first with Spybot prior to the test? (To be fair, if someone has manually installed a program that includes an option to set default search in browsers and this is checked/approved - this is going to over-ride any other measures to prevent this as it has been manually agreed by installer). – zigojacko Mar 26 '13 at 15:34
  • Yes, I used the "immunize" button, whatever that means. Without getting into a semantic discussion about what user permission is, I'm looking for a way to prevent ANY changes to the search engine settings. – Stefan Mar 26 '13 at 15:49
  • Erm... Try parental control settings then. You can't expect the system to prevent ANY changes to the browser's search engine settings and then for when you manually allow the change logged in as Admin to ignore your request. Your requirement is contradictory. Check out http://news.cnet.com/8301-13880_3-10277784-68.html - Chrome normally plays ball but other than that, you'll have to use a non-admin user and restrict non-admin users from making system changes. – zigojacko Mar 26 '13 at 16:10