The Advanced Persistent Threat You Have: Google Chrome [pdf]

This seems like a good paper that isn't actually about something wrong with Chrome. It's about what security tools need to do to track auto-updating software.

&quot;Making of&quot; paper is here: <a href="http:&#x2F;&#x2F;www.netsq.com&#x2F;Documents&#x2F;MakingOfGoogleAPT.pdf" rel="nofollow">http:&#x2F;&#x2F;www.netsq.com&#x2F;Documents&#x2F;MakingOfGoogleAPT.pdf</a>

I found the paper very eye-opening, but perhaps I missed the &quot;moral&quot; of the story. I understand that Google&#x27;s auto updater can behave similarly to a malicious utility by an APT, but what recourse or mitigation techniques are available? According to the paper, each step individually is indistinguishable from benign activity. Techniques for identifying the end result of the activity and flagging it as suspicious are omitted (or perhaps I missed them).

Presumably Chrome and its updater are digitally signed... not that that stops malware but at least it is another layer.

Others are dumping Chrome for similar reasons: <a href="http:&#x2F;&#x2F;www.extremetech.com&#x2F;computing&#x2F;210576-why-im-dumping-google-chrome" rel="nofollow">http:&#x2F;&#x2F;www.extremetech.com&#x2F;computing&#x2F;210576-why-im-dumping-g...</a>

The paper is dated 18-Apr-2012

total FUD .. nothing gets updated here unless I want it to. And why isn&#x27;t the Microsoft software updater or your AV updater considered an equal threat. Who paid for this &#x27;study&#x27;.

I can&#x27;t read through the pages and pages of grandstanding in this PDF, does this at all have some sort of escape of a security boundary, or is it just &quot;I found a weird way to hack myself&quot;?