Slashdot Mirror
Google Warns Users About "Unsafe Sites"
Dynamoo writes "The BBC is reporting that Google will start to warn users about unsafe websites, in particular those that host spyware or have privacy implications. The technology to do this has been developed in partnership with StopBadware, and appears to be an alternative to the popular McAfee SiteAdvisor application. Perhaps this will help curtail slimeware ridden sites from peddling their wares. But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop."
If you don't want to RTFA, you can follow the link to Google's policy here:
www.goatse.ru
-THE END-
If you thought Google had a lot of lawsuits when altering pageranks of linkfarms, wait until limewire et al start suing Google for "defamation".
A "screensaver" site isn't going to get much traffic on page 1000.
This tagline is copyrighted material. Please send $10 for an affordable replacement.
In my opinion it's like saying I am a risk because I have arms. Potentially I could strangle someone with them.
their WWW browser and/or OS is unsafe in various ways. We know that IE and Windows is not the safest combination,
but looking at the recent string of security holes in Firefox/Thunderbird shows that this is not particulary
safe either.
Why not fix the software and/or its default configuration so that it is safe to use?
Google Desktop isn't unsafe in any way. Google fully discloses the fact that they'll be rooting around in your hard drive and mixing data from there, with data from their servers, for the purposes of providing a local Google search to you on your own machine.
There's nothing wrong with people who are willing to voluntarily give up some measure of their own privacy in exchange for a service provided on that data -- I use Gmail for all of my e-mail, even to the point of forwarding multiple accounts into my gmail inbox, and don't think twice about the fact that somewhere, Google is reading and storing it.
The problem arises when people aren't informed their privacy is being tampered with...malicious web toolbars and cursor packages, Gator, etc. No anti-spyware application I've seen to date has detected Google Desktop (granted, I've only seen 3 machines that actually used GD) but that says something to me.
Google Desktop and crap-ware ridden screensavers have nothing to do with one another. Summary is a google-bashing troll, at best.
Beware of the Leopard.
Or even better still, read the Google cache of the site with all the bad stuff removed. That would be trick!
I'm sure my letter of commendation, along with Google stock options grant, is arriving any moment now.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop."
From the article:
Google confirmed to ZDNet UK that data was temporarily transported outside of businesses when the Search Across Computers feature was used, and that this represented "as much of a security risk as e-mail does."
And also...
Gartner has recommended that businesses use Google Desktop for Enterprise, as this allows systems administrators to centrally turn off the Search Across Computers feature, which it said should be "immediately disabled."
In other words, mostly harmless.
Like Financial Services companies that used to advise their clients to buy their company's own investments, I can easily see how Google getting involved in this could be a quagmire. As the summary example pointed out, what happens when Google's own software is dangerous? Do they have to face down their own rating service to get it out there? Chances are... they won't. They will assume that all Google software is "Good" software.
Fair enough, since I guess you can assume that Google wouldn't be actually creating malware on purpose. If you just single out those sites with the 1000 porn banners that try and install virii and spyware on your computer, Google won't have a problem. However, I think, the real problem for most users is not sites like that which are obviously dodgy, its the sites that look clean and professional that seem to have a legitimate purpose for their software, and often those proprietors are quick to try and play up their legitimacy. When Google marks them as "bad", you can expect lawsuits.
While I find that this may be a big plus for a search engine that can be percieved as impartial to software makers, as Google becomes a notable software maker itself, it may be an issue. It certainly could leave them vulnerable to the charge of conflict of interest as time goes on.
Why not give users feedback about their browser or the browser compatibility of sites? I think it would be nice if Google would tell IE users with Active X on that a site they're about to visit contains Active X and may be a threat to their system.
Better yet, consider standards compliance and accessibility when ranking pages.
If Google wants to use their position to police the Internet, why stop with Spyware. Test whether people have a secure browser and tell them when they don't:
"FYI, your version of IE is 3 years out of date. Please go here to upgrade it, or go here to replace it."
They could fix a lot of the problem right there.
Some people have a way with words, and some people, um, thingy.
The first result in a search for "Serial Box" Serial Box gives an example of the new behaviour. A page headed "Malware Warning" appears and warns you the page you are about to visit may harm your computer.
Because google [claims it] doesn't alter search results. Flagging them doesn't technically alter them (it just displays a bit more information), but moving them to the bottom of the pile, so to speak, is.
But what if your site was somehow rated as "spyware-filled", when, in fact, it wasn't? Would you rather be flagged as dangerous, or would you rather be sent to the bottom? At least the flag can be ignored.
... like AOL.
The original post never implied that searches for porn should turn up anything else but porn. It just said that if you search for kitty cat that you shouldn't get a bunch of beastiality websites. Now if you searched for "kitty cat porn" then fine.
Google wouldn't profit by blocking 99% of the internet, including itself.
What is it with the anti-javascript/flash attitude here? Properly managed use of Javascript is fine. Yes, it has more holes than swiss cheese, but it is so easy to disable and manage with firefox and the like; why claim that ANY site using Javascript is a "potential security risk"? The same goes for PHP, Flash, and every other web technology that has potential security holes; surely, nine outta ten times, the benefits outweigh the risks. Yes, AJAX is overhyped, but Javascript is in its name for a good reason.
They'll flag sites that deploy malware, spyware, and other junk. They'll flag sites that use unrestricted javascript and dangeous security workarounds. Not everything. Blanket labelling would only cause annoyance.
How do you handle sites where the bad pages are hidden behind a robots file? The front page may be crawlable, but the page with the malware isn't.
How do they handle redirects? If I have a site that redirects a user to bad content, is the original page flagged as bad? Combined with a page that isn't crawled, how would they know to flag it?
How are they going to handle any obfuscation that takes place? Or handle new malware? This might not be a show-stopper, but I think it is a techinical issue that should be addressed.
How are they going to handle the lag between crawling and new content? My server gets crawled about once a week. So I would have ~6 days to host bad content before switching it back to look legit for my next Google crawl.
What system are they going to have to handle complaints or appeals? If my site is flagged incorrectly, Google is taking a risk of liability by flagging it that way. It seems that if they take due diligence to keep the false positives low, there will be an increase in false negatives.
These are just off the top of my head and I am sure there are a lot more issues that I haven't thought of.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
People like you starting to censor things on the web for the rest of thw word..... how about a little self censorship for you and your family.
i'll keep your box closed for now.
There's nothing Intelligent about Intelligent Design.
But they have a reputation to keep if they're going to keep vistors and ad-impressions. Showing integrity is one way to do that.
Grease Monkey scripts that saves you a mouse click: http://johnbokma.com/firefox/greasemonkey/google-u nsafe-sites.html
Perl Programmer for hire
Well there are other spots too. For example if you want Game Hints, (Many of those have Spyware), checking out some "Funny" stuff that a friend forwards you. or some other sites where the site owners don't ask to many questions about the add and revenu they get from it. Sure CNN and FOX News wont be filled with the crap. But the smaller web sites do. Also when you are searching for information on google sometimes they just bring you to the wrong spot because they found out how to get themselves ranked higher in google so you click on the link and bang you infected.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
This is one of those ideas that sounds good in theory, but isn't likely to help much in the long run.
The reason it won't work very well is that all the malware sites have to do is present a non-malware version of their pages to google's spiders. If they don't see the malware, they can't know it is there for everybody else.
So, at first we will see Google correctly identify malware sites, and that will be effective for just long enough that people will come to expect that sites without a malware warning are safe. By then, someone will have come up with an automated systems for giving google a "clean" version of the website and serving malware to everyone else. This automation will spread rapidly and then google will no longer be effective - but now some number of people will have started to rely on google's warnings (or rather lack of warning), thus making them more vulnerable than before.
I think another poster's idea is much better - include malware detection as part of the pagerank score. Don't advertise it, don't spell it out, just do it. Malware sites will sink to the end of the search results (where they belong anyway since they are rarely useful for anything but malware distribution). Eventually the malware distributors will figure it out and start feeding "good" pages to google's spyder - but at least no regular users will ever be lulled into a false sense of security by thinking that the lack of a warning is an indication of safety.
Or not. http://www.google.com/search?q=pandoras+box
If I would have been warned about goatse many years ago, my life would be much better. I don't know think it is malware, but it is definitely foulware.
You, sir, have swallowed someone's propaganda hook, line and sinker. Some sites do use porn to trick people into installing spyware, but they are just one of many types of sites that do this. I've gotten to know a number of porn site webmasters over the years and nearly all of them absolutely hate spyware.
I do spyware and antispyware testing all the time as part of my job. I go to sites with ActiveX installers or that exploit browser flaws and let a virtual machine become badly infected and then run various tests.
Not once have I ever had to go to a porn site to do this. Wrestling fan sites, yes. Serial number and warez sites, yes. Screensaver sites, yes. Certain "ad-supported free hosted" sites, yes. Porn, no, not once.
Only on