The Ghost In The Browser: Analysis of Web-based Malware (pdf) describes how Google is leveraging their overwhelming search dominance to combat browser malware installations. In a blog entry last summer, Matt Cutts said:
Wonât this affect their claim to be common carriers? Did they even make that claim, or am I imagining things?
âWhy does Google deploy the ultimate weapon of search delisting on sites using black-hat SEO techniques to game search rankings, while known evil malware sites get stern warning interstitials instead?â
Sites are delisted because they try to work around advertising system and get some money FROM Google. Evil sites still attract users, so they can be presented with ads that bring money TO Google. Just a business.
A certain country has tried to be the worldâs policeman. Gets lots of complaints. Is accused of being a bigger threat than the evil it tries to remove. I predict the same fate for Google.
fred: No, theyâd just assume Google was wrong, since âI didnât send any spam!â.
âWhy does Google deploy the ultimate weapon of search delisting on sites using black-hat SEO techniques to game search rankings, while known evil malware sites get stern warning interstitials instead?â
Thereâs a difference (alluded to above). One is commercial and the other moral. Most people will accept the defence âI do this to protect my businessâ whereas âI do this because itâs good for youâ is less acceptable due to its subjective nature.
Google have been doing this for a while now. Itâs a bad idea that will inevitably lead to lawsuits. They will not be able to catch all bad sites, and by implication any site they donât flag is ok. They could flag sites with nothing wrong, which could be potentially devastating to a websites reputation.
Google is a search engine, it is not their role to pass judgement on the sites returned in search results. Far from making the internet safer, they are actually increasing the risk to themselves and others. They really havenât thought this through at all.
http://bbaadd.com/blog/2007/01/whos-watching-watchers-stopbadware_11.html
What a coincidence, I was literally just at that Life in Hell fansite last week via a Google search. It must have been cleared since January, because I certainly didnât see the malware warning in my Google results. I just searched for it again, and itâs clean.
Point taken about notifying people whose websites are compromised or otherwise accidentally hosting malware. Removal from the search index is more subtle (and more painful) than a prominent, hard-to-miss warning with links back to the Google support page for the malware topic.
Perhaps they should warn people they are using flawed browsers while they are at it.
Like I said, I think the malware problem is so big that you have to attack it on multiple fronts. I agree that users should be nagged about using a modern browser.
I am very, very happy that google does this from a website admin point of view.
A few weeks ago I logged in to my site via a hotel (5 star I might add) to check mail and traffic etc. No problem, logged out and enjoyed my hoiday.
A couple of weeks later I get several emails from Google saying that my site is hosting malware, huh? They gotta be kidding!? But sure enough I went to the page they mention and my virus checker and IE started going mental showing warnings left, right and center.
I nearly died! I quickly checked the page html and a single line of javascript was inserted, I checked the update time and it was on the same day as I logged into that PC at the hotel. I then found that they had updated one other page. Someone had added some spyware to the hotelâs pc which somehow detected that I had logged into a website and then FTPed updates to a couple of pages (this was in my ftp log). I didnât even use an FTP connection, just a webpage admin tool.
Google then had my site listed with the above warning, which of course meant my traffic went into free-fall. I then followed the procedure to clear my site.
So I went into lock-down mode and changed all my passwords to practically everything. My partner also changed all the passwords on everything she visited as well.
So yes, I lost quite a bit of traffic for about a month or so but I prefer that than having my visitors get infected via simply visiting my site.
So two things, never EVER trust any PC other than your own, and Google, for me, is still a friendly giant.
If you ask me, if Google did NOT show these evil sites then people would just think the Internet is one big, safe place. It is not. By doing so, Google makes everyone aware of the fact that there are certain dangers on the Internet. Others are just hiding these facts just to give people a more happy fealing.
I am aware of those risks. And considering how dangerous the Internet can be, I hope others are just as aware of the risks as me. Or maybe even more aware. Google has my support. The other search engines are just masking reality.
âA certain country has tried to be the worldâs policeman. Gets lots of complaints. Is accused of being a bigger threat than the evil it tries to remove. I predict the same fate for Google.â
Based on what??
I couldnât even begin to list everything wrong with what you just said. Honestly, I want some of whatever youâre on, just not as much as youâre taking.
A little naive Jeff. âDrive by downloadsâ happen the moment to fire up IE, and have been for years. FF is a little better.
No one should be allowed to put 1 thing on my PC without my express consent (cookie, GIF, etc.), now look whoâs being naive.
I guess itâs the type of garbage, not if there is garbage, that a site writes to my hard-driveâŚ
âwhat value does keeping a site like that in your search index have for users?â
You answer you own question in the next sentence. Many of the sites are legitimate but may have held off on applying a certain patch to their web server just a little too long. Itâs a tough call- how do you distinguish a site that is merely unlucky or only a little bit negligent from one that is intentionally malicious? Where do you draw the line? Obviously removing the latter type of site from the search index is the best policy, but what about the former?
One one hand, by keeping non-purposefully malicious sites listed users may still be able to view Googleâs cached and sanitized version as well as the other normal information included in the listing. This way they may perhaps still provide some utility for googleâs users and the siteâs owners.
One the other hand, what about possibly permanent damage to a siteâs reputation resulting from being labeled as âpotentially harmfulâ? Is there a scenario where that could constitute libel or slander? And thatâs aside from the people who may go on to the site anyway and then become infected.
What would happen if google warned people using it
that their IP had been used to send out spam.
Seems simple to implement as itâs easy to receive
spam and check the source IP.
Would this get more people to fix their home
computers security?
How about site advisor which is now part of macfee.
I use McAfeeâs free SiteAdvisor, but you canât be too careful, so I think itâs great that Google is getting involved. I am curious why Microsoft is so far behind providing help to its customers. Once again, Microsoft missed the boat.
Kevin,
Donât blame the hotel. If you typed your passwords on a wireless connection in plaintext (ie, non-SSL connection) they could have easily been sniffed off the air.
âwhat value does keeping a site like that in your search index have for users?â
If the user starts off in Google and does a search for the site, and gets a result back that tells them not to go to the site, the user may avoid the site. But if Google simply does not return any results, the user may try another avenue of getting to the site, thinking that Google is missing that site in its lists. The user then arrives at the site and gets infected.
Iâd much rather the site come back in the results and then have Google tell me not to go there. Otherwise, I will find another way to get there and Iâll never be warned.
I agree with mpbk. Nobody likes it when an authority (person/company/thing/group etc) starts taking decisions out of your hands instead of warning, guiding and educating you. I definitely want to know when a site or link is likely to be harmful but if I really want to click that link, then that should be my right. And if I get a rig full of crap-ware then thatâs my problem. Users, at some point, need to take responsibility for their actions. Making the internet (and Google) uber-safe for the lowest common denominator only serves to bring the whole thing down, not move it forward.
So if I go to a site, click through several pages and then come across a link and click on it, does google warn me itâs malicous? Nope, because googleâs my search engine and not my browser. So to me, itâs a CYA tatic on Googleâs part. If they have a site listed or advertised that infects someoneâs pc in this legtigous society, someone will eventually sue Google. But where it really needs to be is the responsibility of the browser. Itâs downloading the page and is capable of doing the same payload evaluation. The only problem is that the browsers that have holes in them the size of the Grand Canyon are the reason why Google is warning people of malicous sites. Perhaps they should warn people they are using flawed browsers while they are at it.