Google Warns Users About "Unsafe Sites"

Dynamoo writes "The BBC is reporting that Google will start to warn users about unsafe websites, in particular those that host spyware or have privacy implications. The technology to do this has been developed in partnership with StopBadware, and appears to be an alternative to the popular McAfee SiteAdvisor application. Perhaps this will help curtail slimeware ridden sites from peddling their wares. But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop."

Here's the Link

[ThisIsForReal]

If you don't want to RTFA, you can follow the link to Google's policy here:

www.goatse.ru

Re:Here's the Link

[Suspended_Reality]

The grandparent wasn't trolling. It was satire. Note the non-link to a non-existent, yet parodied sub-pop culture reference for an article about harmful websites. I for one thought it was funny.

This will invite more unjust lawsuits

[etymxris]

If you thought Google had a lot of lawsuits when altering pageranks of linkfarms, wait until limewire et al start suing Google for "defamation".

Google Desktop

[corychristison]

But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop.

I still don't really see how potential problems are real problems unless they have already been exploited and proven.

In my opinion it's like saying I am a risk because I have arms. Potentially I could strangle someone with them. :-P

Re:Google Desktop

[VJ42]

In my opinion it's like saying I am a risk because I have arms. Potentially I could strangle someone with them. :-P

Yeah, as a Brit I always wondered why the US constitution had to explicitly give the right to wear T-shirts; over here we take that as a given. ;-)

Re:Google Desktop

[Gryle]

The Department of Homeland Security has noted your concerns. Steps will be taken to ensure proper and supervised use of arms to prevents arms from being used by potential terrorists.

Sincerely,
The Goverment.

Google Dekstop isn't unsafe

[man_ls]

Google Desktop isn't unsafe in any way. Google fully discloses the fact that they'll be rooting around in your hard drive and mixing data from there, with data from their servers, for the purposes of providing a local Google search to you on your own machine.

There's nothing wrong with people who are willing to voluntarily give up some measure of their own privacy in exchange for a service provided on that data -- I use Gmail for all of my e-mail, even to the point of forwarding multiple accounts into my gmail inbox, and don't think twice about the fact that somewhere, Google is reading and storing it.

The problem arises when people aren't informed their privacy is being tampered with...malicious web toolbars and cursor packages, Gator, etc. No anti-spyware application I've seen to date has detected Google Desktop (granted, I've only seen 3 machines that actually used GD) but that says something to me.

Re:Google Dekstop isn't unsafe

[Tweekster]

Google Desktop is a product in and of itself. No one WANTS claria. No one seeks out claria to install. People actively go get Google Desktop because they want Google Desktop for the features it provides. Find me one person that said "damn computer, I need that claria product to make it useful"

It piggy backs on other thigs that are useful..that is a significant difference

About Time

[Nom+du+Keyboard]

It's about time. I've been saying this to them, and about them, for a very long time. I can't think of a better value-added service that any search engine can provide in these days of dodgy web-sites. Would be nice if, like their Adult Content filter for images, you could simply set your Google to not even ask you if you wanted to continue, but block out these sites entirely (remember other people use your computer too).

Or even better still, read the Google cache of the site with all the bad stuff removed. That would be trick!

I'm sure my letter of commendation, along with Google stock options grant, is arriving any moment now.

Re:Many web sites are "unsafe" because

[ScentCone]

Why not fix the software and/or its default configuration so that it is safe to use?

That doesn't address sites that deliberately link people to executables that they delibrately download and run because they think they're about to see a 3D holographic movie of unicorns actually producing rainbows in the shape of guardian angel puppies protecting endangered species that are making jokes about the president.

The point is that if Google finds sites polluted by such malware - not just some plugin-abusing bit of blinking nonsense - then they're going to give you the heads up on the link. I think it's great - but it will just make the bad guys get involved in another hide-the-malware arms race.

Re:Why not just stick them at the end of the searc

[bkgood]

Because google [claims it] doesn't alter search results. Flagging them doesn't technically alter them (it just displays a bit more information), but moving them to the bottom of the pile, so to speak, is.

But what if your site was somehow rated as "spyware-filled", when, in fact, it wasn't? Would you rather be flagged as dangerous, or would you rather be sent to the bottom? At least the flag can be ignored.

Re:Conflict of interest?

[noidentity]

If you don't trust Google, then you won't trust their software or malware detection. If you do trust Google, then you will trust both. I don't get the problem.

Re:flag javascript, flash, schlockwave

[Andrew+Kismet]

What is it with the anti-javascript/flash attitude here? Properly managed use of Javascript is fine. Yes, it has more holes than swiss cheese, but it is so easy to disable and manage with firefox and the like; why claim that ANY site using Javascript is a "potential security risk"? The same goes for PHP, Flash, and every other web technology that has potential security holes; surely, nine outta ten times, the benefits outweigh the risks. Yes, AJAX is overhyped, but Javascript is in its name for a good reason.

They'll flag sites that deploy malware, spyware, and other junk. They'll flag sites that use unrestricted javascript and dangeous security workarounds. Not everything. Blanket labelling would only cause annoyance.

Questions that need answers

[Bender0x7D1]

How do you handle sites where the bad pages are hidden behind a robots file? The front page may be crawlable, but the page with the malware isn't.

How do they handle redirects? If I have a site that redirects a user to bad content, is the original page flagged as bad? Combined with a page that isn't crawled, how would they know to flag it?

How are they going to handle any obfuscation that takes place? Or handle new malware? This might not be a show-stopper, but I think it is a techinical issue that should be addressed.

How are they going to handle the lag between crawling and new content? My server gets crawled about once a week. So I would have ~6 days to host bad content before switching it back to look legit for my next Google crawl.

What system are they going to have to handle complaints or appeals? If my site is flagged incorrectly, Google is taking a risk of liability by flagging it that way. It seems that if they take due diligence to keep the false positives low, there will be an increase in false negatives.

These are just off the top of my head and I am sure there are a lot more issues that I haven't thought of.

Re:While they're at it ...

[generic-man]

Which* standards does Google support?

I mean, MSN Search does a better job of meeting the W3C's "standards" than Google does.

* When I clicked that link I got a validation check for google.co.jp, but google.com has the same "Optimized so it downloads better on my 2400 baud modem" approach to its source.