According to a change made by Google in the definition of "malware" in its Webmaster Security policies, "unwanted software" is now being detected by Google (including by Chrome Security) as "malicious", as opposed to "adware" or "potential unwanted software".
According to the updated policy, "unwanted software" that would be detected by Google for various purposes (including by the "software removal tool" presented by Google) is "a downloadable program that makes unexpected changes to your computer, such as switching your homepage or other browser settings to ones you don't want".
The policy specified below, according to which any change to a browser’s functionality must be made by an extension, affects downloadable applications that present the user with an associated commercial content or which is integrated with their browsing information, without doing so through a browser extension. Such applications would be detected by Google's security tools (such as the Software Removal Tool) as being malicious, even if they are not served through an extension level and therefore do not breach the applicable terms which apply to such extensions.
The detailed explanation addressing such "unwanted software" provides the following guidelines:
- Avoid silent installs. If your binary installs a browser add-on, it should follow the browser-supported installation flow. For example, if the binary installs a Chrome extension, it should be hosted in the Chrome Web Store and adhere to the Chrome Developer Program Policies. Your binary will be identified as malware if it installs a Chrome extension without explicit user permission.
- Do no harm. Your binary should respect, and not harm, the user's browsing experience. Make sure your downloadable binaries adhere to the following common policies:
- Do not break the browser's reset functionality. Read about the "reset browser settings" button in Chrome.
- Do not bypass the browser's UI control for setting changes. Your program should provide users proper notice and control over settings changes that occur in the browser. The best way to do this is via the Settings Override in the Settings API for Chrome. See this Chromium Blog post on the Chrome Settings API.
- Use an extension to change browser functionality, rather than causing browser behavior change via other programmatic means. For example, your program should not use DLLs (dynamically linked libraries) to inject ads in the browser, it should not use a Layered Service Provider to intercept user actions, nor should it insert new UI into every web page by patching the Chrome binary.
Google also provides a procedure to review downloadable applications that may be affected by this policy.