Slashdot Mirror
One in 25 Search Results Risky
Ant writes "According to Ars Technica, security researcher Ben Edelman revisited his May 2006 report on the relative risk of search engine results. In the original report, Edelman found that 5 percent of the results provided by search engines were marked as either "red" or "yellow" by SiteAdvisor, indicating that they presented some risk to the user. Now, Edelman says that his new study has shown that only 4.4 percent of such sites are risky, representing a drop of 12 percent since May... ... The study found that not only can regular links found by search engines be dangerous, the sponsored links that appear in prominent positions in the results pages can also be harmful. In fact, in the May study, sponsored links were more than twice as likely to be linked to malware than non-sponsored links (8.5 vs. 3.1 percent)."
4.4% is 88% of 5%, hence a 12% drop.
ok, why doesnt google just notify the user of these yellow, red, (ie. government type terrorism alert colors) on top of each search result returned from a query. Based on these studies they (google) should be able to use the same algorithms the researches used to achive the same conclusion about unsafe sites.
Or does google happen like all of these link farms, more advertisements and clicking = more profit for google? or id googles search algorithm to , shall i say, stupid? to distinguish the good guys (sites) from the bad...
When a company is allowed to continue doing business after being caught several times with its hand in the malware cookie jar and gets nothing more than a slap on the wrist, there becomes no incentive to cease malware/spyware behavior. This is an enforcement issue and enforcement is not good enough. I'll bet if you label malware as a form of terrorism . . . . Well, on second thought don't do that, too many innocents would get caught up in the dragnet.
How did you decide that only IE is vulnerable to the "risky" results that one might find by following these links?
Because IE 7 runs only on Windows.
Hence, it can be assumed that if you can run IE 7 then perhaps there are security problems involved.
If you run OS X or Linux, you can be assured that chances are those links are fairly safe as far as browser hacks and probability that someone decided to make a hack that affects both Firefox and Linux or Mac combination.
And yes I'm being a bit facetiously, but the grandparent isn't much as a troll but speaking a bit over zealously. Chances IE7 will have more problems than Firefox on any system because of its integration into the OS. Vista handles this a bit better than earlier operating systems, but it still has issues.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
That's not really true. It's just a matter of how many people are available running the OS and how much time it is worth to the malware artist. After all, it doesn't matter what OS you are running; there are always foolish people who are willing to click anything and hand out the root password when it is asked for. It's true that informed, security conscious folks won't give the password. It's also true that most people running Linux these days are informed and security conscious, however that has really been more of a legacy coming from the fact that you had to be pretty informed and a decent techie to even know that Linux existed and to know why you wanted it and spend time installing it. (Note I didn't say "it is hard to install" because we all know it isn't anymore even if many people still think that it is). Anyway, as OSX and Linux get more users and they tend to be less technical folks these types of problems can hit them too. Non-techies are really easy to social-engineer sometimes.
Well, if this search engine places this site in this special spot, it must mean that this site is trustworthy.
They payed to be in that spot ?
Well, if they're able to pay for that spot, they must be trustworthy.
What do you mean where did they get the money to pay for that spot ?
How should I know ?
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
What English language do you speak? Whatever it is, it doesn't correspond with the language I speak (I'm a native English speaker), nor the language of ANYONE I have ever met in my ENTIRE LIFE (conservatively 50% of the people I talk to regularly are native English speakers). Are you confusing "a drop of 12 percent" with "a drop of 12 percentage points" perhaps?
Sorry, but I am detecting crap. The process of measuring something in real life has inheret errors built into it. I doubt Dr. Edelman can measure the fraction of dangerous search results so accurately so that decimal digits have any meaning. Given that his methodology is to perform particular searches, for example, it's not obvious that his search pattern exactly represents that of a typical user, that his definition of a dangerous site is accurate, or how big are the fluctuations in search result placement in the search engines. Actually, I doubt you can even define the parameter he's measuring accurately enough for the difference between 4.4% and 5% to make sense. Very telling is that at not point does the study bother to address the error bars of the methodology. This indicates that no-one has any idea what the results actually mean, and that we should treat them with grave suspicion.
Specifically, the implicit claim in the article that the difference between 4.4% and 5% is statistically significant is bougs. The real byline is "fraction of dangerous websites remains unchanged". The two numbers are clearly equal within any reasonable error of measurement. Note that Dr. Edelman's study does not actually make this comparison.