Preventing the installation of Chrome Addons

Solution 1:

I would use Windows Access Control and Permission to prevent installation of Chrome extensions to Chrome's folder by removing the Write and Modify permissions of user accounts to this folder:

In Windows Vista/7/8, the folder is at this path:

%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Extensions

Solution 2:

You can prevent Chrome from loading existing extensions, or installing new extensions by appending the --disable-extensions flag to the command that launches Chrome (e.g. via the properties of the shortcut icon):

chrome.exe --disable-extensions

To override the homepage, you could append the --homepage=<URL> flag:

chrome.exe --disable-extensions --homepage=https://encrypted.google.com

You could also try to set up an administrative policy to disable extensions (see documentation). It might be more flexible, but I can imagine that malware developers would modify these policies themselves.

Your sister has probably more to worry about if she blindly installs adware/malware. Some education about the risks of her behavior might be more effective than disabling extensions in Chrome.

Solution 3:

You could use Spybot: Search & Destroy, which has a browser protection feature. It also protects the start page from being changed. You could also use Ninite to install and update some of the most popular freeware and open-source software adware-free.

I think the best way would be to change to firefox, since the opt-in feature is relatively foolproof (this window appears every time a external application installed an addon and if the user doesn't opt in the addon gets deleted): However I've heard that some malicious adware manipulates this dialogue, but this seems to be quite rare.

Solution 4:

You could use a GPO:

In Win7 Ultimate (and probably most other versions of Win7), you have to download and install Google's Administrative Template manually before you have access to Google's GPO settings. Although this may not be true anymore because I installed Chrome years and years ago and have only been updating it; The new installer may automatically add the Template now but I doubt it.

DL: http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

DL and unzip Google's Administrative templates, Then add the template for Google Chrome manually: Right-click Administrative Templates and select Add/Remove Templates then browse to where you Downloaded and Extracted the policies and add the one for your region.

Next go to Computer Configuration > Administrative Templates > Google > Google Chrome. Look for a folder named Allowed extensions. There configure a blacklist of *. This will prevent users from installing plugins. WARNING! It will also block all currently installed plugins!

Or if you have some extensions you use regularly you can use the Whitelist instead and only authorize the ones you want in a similar way, just add the Extensions' IDs to the whitelist.

To find an extension's ID:

"[snip] just open your preferences menu, and go to the extensions tab. Click the checkbox to turn on developer mode, then hit the > arrow on the left of the extension's line item. The ID will be right there." - BrianFreud

https://stackoverflow.com/questions/8946325/chrome-extension-id-how-to-find-it

I have a feeling this won't work for the really nasty, virus-like extensions, however, because I noticed that my AV's Browser Extension from Avira somehow overrides this in both Blacklist and Whitelist mode, but I haven't ever had any problems after I whitelisted what I wanted.

-Tek