Slashdot Mirror
Google Warns Users About "Unsafe Sites"
Dynamoo writes "The BBC is reporting that Google will start to warn users about unsafe websites, in particular those that host spyware or have privacy implications. The technology to do this has been developed in partnership with StopBadware, and appears to be an alternative to the popular McAfee SiteAdvisor application. Perhaps this will help curtail slimeware ridden sites from peddling their wares. But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop."
If you don't want to RTFA, you can follow the link to Google's policy here:
www.goatse.ru
-THE END-
If you thought Google had a lot of lawsuits when altering pageranks of linkfarms, wait until limewire et al start suing Google for "defamation".
A "screensaver" site isn't going to get much traffic on page 1000.
This tagline is copyrighted material. Please send $10 for an affordable replacement.
You mean they will start flagging any site that uses javascript, flash, schlockwave etc, or is this too much to hope for?
In my opinion it's like saying I am a risk because I have arms. Potentially I could strangle someone with them.
their WWW browser and/or OS is unsafe in various ways. We know that IE and Windows is not the safest combination,
but looking at the recent string of security holes in Firefox/Thunderbird shows that this is not particulary
safe either.
Why not fix the software and/or its default configuration so that it is safe to use?
Malware and Phishers I do not mind. Innocent searches returning links to porn I do. If google wishes to police the internet, start with the porn barons first.
Google Desktop isn't unsafe in any way. Google fully discloses the fact that they'll be rooting around in your hard drive and mixing data from there, with data from their servers, for the purposes of providing a local Google search to you on your own machine.
There's nothing wrong with people who are willing to voluntarily give up some measure of their own privacy in exchange for a service provided on that data -- I use Gmail for all of my e-mail, even to the point of forwarding multiple accounts into my gmail inbox, and don't think twice about the fact that somewhere, Google is reading and storing it.
The problem arises when people aren't informed their privacy is being tampered with...malicious web toolbars and cursor packages, Gator, etc. No anti-spyware application I've seen to date has detected Google Desktop (granted, I've only seen 3 machines that actually used GD) but that says something to me.
Google Desktop and crap-ware ridden screensavers have nothing to do with one another. Summary is a google-bashing troll, at best.
Beware of the Leopard.
Or even better still, read the Google cache of the site with all the bad stuff removed. That would be trick!
I'm sure my letter of commendation, along with Google stock options grant, is arriving any moment now.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop."
From the article:
Google confirmed to ZDNet UK that data was temporarily transported outside of businesses when the Search Across Computers feature was used, and that this represented "as much of a security risk as e-mail does."
And also...
Gartner has recommended that businesses use Google Desktop for Enterprise, as this allows systems administrators to centrally turn off the Search Across Computers feature, which it said should be "immediately disabled."
In other words, mostly harmless.
If by "interesting" you mean "boring", then I'd have to agree. Here's a prediction: they won't label their own stuff as spyware.
Dewey, what part of this looks like authorities should be involved?
Like Financial Services companies that used to advise their clients to buy their company's own investments, I can easily see how Google getting involved in this could be a quagmire. As the summary example pointed out, what happens when Google's own software is dangerous? Do they have to face down their own rating service to get it out there? Chances are... they won't. They will assume that all Google software is "Good" software.
Fair enough, since I guess you can assume that Google wouldn't be actually creating malware on purpose. If you just single out those sites with the 1000 porn banners that try and install virii and spyware on your computer, Google won't have a problem. However, I think, the real problem for most users is not sites like that which are obviously dodgy, its the sites that look clean and professional that seem to have a legitimate purpose for their software, and often those proprietors are quick to try and play up their legitimacy. When Google marks them as "bad", you can expect lawsuits.
While I find that this may be a big plus for a search engine that can be percieved as impartial to software makers, as Google becomes a notable software maker itself, it may be an issue. It certainly could leave them vulnerable to the charge of conflict of interest as time goes on.
They've been warning me about www.msn.com for years.
-tgpo
Why not give users feedback about their browser or the browser compatibility of sites? I think it would be nice if Google would tell IE users with Active X on that a site they're about to visit contains Active X and may be a threat to their system.
Better yet, consider standards compliance and accessibility when ranking pages.
If Google wants to use their position to police the Internet, why stop with Spyware. Test whether people have a secure browser and tell them when they don't:
"FYI, your version of IE is 3 years out of date. Please go here to upgrade it, or go here to replace it."
They could fix a lot of the problem right there.
Some people have a way with words, and some people, um, thingy.
The first result in a search for "Serial Box" Serial Box gives an example of the new behaviour. A page headed "Malware Warning" appears and warns you the page you are about to visit may harm your computer.
Because google [claims it] doesn't alter search results. Flagging them doesn't technically alter them (it just displays a bit more information), but moving them to the bottom of the pile, so to speak, is.
But what if your site was somehow rated as "spyware-filled", when, in fact, it wasn't? Would you rather be flagged as dangerous, or would you rather be sent to the bottom? At least the flag can be ignored.
I don't think they want to modify the page ranks just because a sight contains something harmful. It's my belief that they just want to make it a little better for the average internet newbie.
DANGEROUS KEYWORDS
Free screensavers
Bearshare
Screensavers
Winmx
Limewire
Lime wire
Free ringtones
Where is 'advertisment?'
He who knows best knows how little he knows. - Thomas Jefferson
... like AOL.
The average ./er couldnt even stand up, and you claim you can strangle someone with your arms?
Granted, there are privacy concerns to some users but there is a huge difference between Google Desktop and Spyware Applications. .....spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user.....
From wikipedia:
Everything that Google does with Google Desktop is fully disclosed. Additionally, the concerns of Google Desktop are legitimate features that offer an experience to the user that is desired. Spyware concerns offer nothing of any benefit to the person using the infected computer.
How do you handle sites where the bad pages are hidden behind a robots file? The front page may be crawlable, but the page with the malware isn't.
How do they handle redirects? If I have a site that redirects a user to bad content, is the original page flagged as bad? Combined with a page that isn't crawled, how would they know to flag it?
How are they going to handle any obfuscation that takes place? Or handle new malware? This might not be a show-stopper, but I think it is a techinical issue that should be addressed.
How are they going to handle the lag between crawling and new content? My server gets crawled about once a week. So I would have ~6 days to host bad content before switching it back to look legit for my next Google crawl.
What system are they going to have to handle complaints or appeals? If my site is flagged incorrectly, Google is taking a risk of liability by flagging it that way. It seems that if they take due diligence to keep the false positives low, there will be an increase in false negatives.
These are just off the top of my head and I am sure there are a lot more issues that I haven't thought of.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
But what if your site was somehow rated as "spyware-filled", when, in fact, it wasn't? Would you rather be flagged as dangerous, or would you rather be sent to the bottom? At least the flag can be ignored.
If Google reported my site as "spyware-filled" and it wasn't, I'd want Google to fix it. As long as they have a straightforward and reasonably quick process for dealing with false positives, I'd be glad if they moved spyware-filled sites to the bottom of the list, if not off the list altogether (perhaps by a check box, as mentioned in another post).
This tagline is copyrighted material. Please send $10 for an affordable replacement.
Find me one person that said "damn computer, I need that claria product to make it useful"
If so motivated I could find you at least 100 people that I know that would agree with that statement. They are not the smartest people not the kind that know what slashdot is, but they exist. They download whatever looks like it might make using the computer more fun, then they get confused when strange things start happening to their comptuer and they call me to fix it. I do, remove all fothe crap explain to them why they had the problem and get called with the same problem in another month becasue they replaced the programs I removed.
Well.. maybe. Or Maybe not. But Definitely not sort of.
People like you starting to censor things on the web for the rest of thw word..... how about a little self censorship for you and your family.
i'll keep your box closed for now.
There's nothing Intelligent about Intelligent Design.
WindowsUpdate? Would I see a warning screen?
The only true way to surf the web is to not log on at all.
But for those who just can't go cold turkey. Best way to stay safe is use hardware firewall and/or new wired router, software firewall, and VMWare's Browsing Appliance with ubuntu.
\
IMHO Google could very well offer a choice in that matter; vis a vis seeing the site as flagged or relegated to the bottom. Just a check box in one's preferences. Google is under no obligation to anyone other than their stockholders to do squat; they are not a public utility nor a monopoly so they can bloody well use any method to rate sites they want and Devil take the hindmost; no one is obligated to use them.
"Everyone is entitled to their own opinion, but not their own facts."
Sounds like a hit-and-miss to me.
And regarding a "please check me, I promise I'm not spyware" button, that's not something Google would do. If they discover a Google-bomb, they remove it from the database. And once something's done, Google has a history of not undoing it.
I use the firefox plugin made by McAfee from http://siteadvisor.com/ it labels results in Google with a color coded system based on a few ratings. They test on website safety (pop ups, fraudulent practices, browser exploits), safety of downloads and spam on submit information. Google's new feature breaks that and is less informative. I think Google is doing something good but I'm not sure their execution is the best. I would hope it would be a search preference but I guess it's in googles best interest to keep spyads down and their ads up not to mention the faster we can surf the more Google ads we see. I also don't imagine it would be long before Ads show up on the warning pages. I wish there was more info on testing and rating for the system.
Eih. Let the spyware infect your machine. The pages I view causes most spyware to go blind in seconds anyways.
I'm waiting for a site to put a virus on their page that destroys a google server once their site gets on the cache! Haha!
Ginga no Rekshiya Mata Each page.
But they have a reputation to keep if they're going to keep vistors and ad-impressions. Showing integrity is one way to do that.
This is a good idea. Being notified of bunk sites during searches will be great.
[%] Cingular Ringtones
This will add some danger and excitement to the "I'm Feeling Lucky" option. Or will it revert you to the first site that is deemed safe if the first site returned in the search is considered to be malicious?
It's hard to masturbate to personality.
But how would you know it was marked if it's on the bottom? Do you periodically check the 1000th page of a google search you believe your site should show up under to see if it's marked "spyware!"?
Let's assume I have a commercial site. It normally comes up within the first two Google pages for a certain search. Suddenly, it doesn't come up even in the first three or four. Since it's my page, I could presumably craft a specific search to narrow things down. If I clicked on it and Google warned against spyware present on it, I would have a good idea what happened to its placement if such a rank-dropping method were in place.
This tagline is copyrighted material. Please send $10 for an affordable replacement.
Grease Monkey scripts that saves you a mouse click: http://johnbokma.com/firefox/greasemonkey/google-u nsafe-sites.html
Perl Programmer for hire
Well there are other spots too. For example if you want Game Hints, (Many of those have Spyware), checking out some "Funny" stuff that a friend forwards you. or some other sites where the site owners don't ask to many questions about the add and revenu they get from it. Sure CNN and FOX News wont be filled with the crap. But the smaller web sites do. Also when you are searching for information on google sometimes they just bring you to the wrong spot because they found out how to get themselves ranked higher in google so you click on the link and bang you infected.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
You're infringing on my right not to be offended by things I don't like. Fascist.
This is one of those ideas that sounds good in theory, but isn't likely to help much in the long run.
The reason it won't work very well is that all the malware sites have to do is present a non-malware version of their pages to google's spiders. If they don't see the malware, they can't know it is there for everybody else.
So, at first we will see Google correctly identify malware sites, and that will be effective for just long enough that people will come to expect that sites without a malware warning are safe. By then, someone will have come up with an automated systems for giving google a "clean" version of the website and serving malware to everyone else. This automation will spread rapidly and then google will no longer be effective - but now some number of people will have started to rely on google's warnings (or rather lack of warning), thus making them more vulnerable than before.
I think another poster's idea is much better - include malware detection as part of the pagerank score. Don't advertise it, don't spell it out, just do it. Malware sites will sink to the end of the search results (where they belong anyway since they are rarely useful for anything but malware distribution). Eventually the malware distributors will figure it out and start feeding "good" pages to google's spyder - but at least no regular users will ever be lulled into a false sense of security by thinking that the lack of a warning is an indication of safety.
How DARE Google provide information that others might possibly use to censor the content of sites they don't want to visit and which in no way hampers my ability to still continue to effectively use Google as my Trojan/Virus/Mal-ware/Porn/Ad-ware portal.[/sarcasim]
I'm all for the increase of providing users with link ratings. If Google, or anyone else for that matter, has information that can help users judge whether or not to visit a site, as long as it is moderated and ratings can be reversed if innacurate, then why not provide such information? Ratings, in any medium (AGAIN AS LONG AS THEY ARE MODERATED AND CAN BE REVERSED IF INNACURATE), do not constitute censorship but simply put control of participation into the hands of the audience, where it belongs, instead of the artist.
Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
It still amazes me that screen savers are not run in virtual machines. They are a well known malware vector. They only kick in when you are not actively using the machine, so the overhead is largely irrelevent. There are very few reasons for a screen saver to access any resources that are not internal to the screen saver package. If you had to specifically allow access to shares via the OS for things like picture slide shows, the only damage a screen saver could do would be to eat too many cpu cycles. Given the none critical nature of screen savers, this seems like it would be a good security/functionality trade off.
If I would have been warned about goatse many years ago, my life would be much better. I don't know think it is malware, but it is definitely foulware.
The real solution would be to completely remove these sites from the search results and sponsored links. They already remove plenty of sites they think are "spamming" the results, but they won't remove their bread and butter crapware from their sponsored links.
-- these are only opinions and they might not be mine.
Amusingly, It seems that site has been DoS'd by slashdotters.
It's more likely they think they're about to see a 3D holographic movie of web cam whores producing drama while taking off all their clothes masturbating with household items that perverts provided over the internet so they feel they contributed something while they jack off in a "live chat."
Google bans sites which return different results for normal user-agents and for the Google search-bot.
"The human race's favorite method for being in control of the facts is to ignore them." -Celia Green
Don't give the slimeware merchants ideas. It's treasonous! You're letting the terrorists win!
You, sir, have swallowed someone's propaganda hook, line and sinker. Some sites do use porn to trick people into installing spyware, but they are just one of many types of sites that do this. I've gotten to know a number of porn site webmasters over the years and nearly all of them absolutely hate spyware.
I do spyware and antispyware testing all the time as part of my job. I go to sites with ActiveX installers or that exploit browser flaws and let a virtual machine become badly infected and then run various tests.
Not once have I ever had to go to a porn site to do this. Wrestling fan sites, yes. Serial number and warez sites, yes. Screensaver sites, yes. Certain "ad-supported free hosted" sites, yes. Porn, no, not once.
Only on
Google bans sites which return different results for normal user-agents and for the Google search-bot.
Labelling it "malware" will have the same effect as banning anyway, so they will have nothing to lose. Google can only ban a site if they catch it.
Plus, there are clearly exceptions - news sites that let google index content that normally requires a username/password. I used to regularly get into such sites simply by setting my user-agent to that of the google spider. That doesn't work so much anymore since they wised up and now probably check the source IP too.
But it would be trivial for the malware site to do the reverse - google spiders run into authentication requirements to get to the badware pages, but everyone else can get in without authentication.
And therein lies the problem. They're entitled to do this - but all references to free speech etc, they're making a statement that it is the intention of a site to harm. That's a material statement that could well have material damages associated.
Slashdot smells more like a roomful of Europeans using the biday if you ask me.
That's bidet you illiterate moron. And I'm sure you don't quite smell like a "bowkay" of flowers.
One of the best things about the internet is its heterogenity, so why should we accept standards from the w3c? Why not "standards" from Microsoft? Or from Google?
At the end of the day, rulesets become standards due to wide acceptance and use. IE's own quirky way of parsing sites is more a "standard" than anything the w3c ever wrote.
To be fair, plenty of dodgy warez sites have porn advertising, which makes them essentially porn sites (a website with pictures of women showing their bodies to turn you on is a porn site). Porn advertising is a good indicator of sleaze and not caring about who advertises with you. Paranoia is partially justified here.
:)
Me, I like porn too much
No, they're saying that the particular website has been reported to the Stop Badware coalition, and MAY contain spyware. If the site has actually been falsely reported to the coalition, Google still isn't lying per se. I'm not sure if this would protect them or not though.
TrustWatch Search extension. Does something similar. Focused on phishing not malware but also not limited to Google.
Disclaimer: Other verification providers are available
And behold, a command prompt and he who sat upon it, his name was shutdown and -h 3:11 followed with him
Shouldn't Google, as a next step, warn about web sites that are basically non-CSS complient?
On various areas of a site, I may use javascript to make the UI easier to navigate by popping up dialogs etc. As a backup, there are also scriptlets that will display the same in-page dialogs, it just takes a bit longer that way since you have to submit data back-and-forth between the client and server.