Slashdot Mirror

← Back to Stories (view on slashdot.org)

One in 25 Search Results Risky

Posted by CmdrTaco on from the i-only-needed-one-anyway dept.

Ant writes "According to Ars Technica, security researcher Ben Edelman revisited his May 2006 report on the relative risk of search engine results. In the original report, Edelman found that 5 percent of the results provided by search engines were marked as either "red" or "yellow" by SiteAdvisor, indicating that they presented some risk to the user. Now, Edelman says that his new study has shown that only 4.4 percent of such sites are risky, representing a drop of 12 percent since May... ... The study found that not only can regular links found by search engines be dangerous, the sponsored links that appear in prominent positions in the results pages can also be harmful. In fact, in the May study, sponsored links were more than twice as likely to be linked to malware than non-sponsored links (8.5 vs. 3.1 percent)."

11 of 69 comments (clear)

  1. In related news... by porkThreeWays · · Score: 4, Funny

    1 in 25 search queries is for bukkake. It's no wonder =P

    --
    If an officer ever threatens to taze you, say you have a pacemaker.
  2. Seen that here too. by goldspider · · Score: 5, Funny

    Back when the Goatse and Tubgirl landmines were all the rage. And it was FAR more than 1/25!! I'm still using eyebleach!

    --
    "Ask not what your country can do for you." --John F. Kennedy
  3. Actual study link by Lord+Grey · · Score: 4, Informative

    The actual study appears to be here.

    --
    // Beyond Here Lie Dragons
  4. Re:Typo by RISTMO · · Score: 3, Insightful

    4.4% is 88% of 5%, hence a 12% drop.

  5. google is the culprit.. by Anonymous Coward · · Score: 4, Insightful

    ok, why doesnt google just notify the user of these yellow, red, (ie. government type terrorism alert colors) on top of each search result returned from a query. Based on these studies they (google) should be able to use the same algorithms the researches used to achive the same conclusion about unsafe sites.

    Or does google happen like all of these link farms, more advertisements and clicking = more profit for google? or id googles search algorithm to , shall i say, stupid? to distinguish the good guys (sites) from the bad...

    1. Re:google is the culprit.. by just_another_sean · · Score: 3, Interesting

      I don't really want to argue one way or the other whether it is google's responsibility to do what you suggest but think of it from a logistics standpoint. Essentially your asking them to get into the AntiSpyware/AntiVirus game. They would need to setup a database of malware signatures, keep it up to date and then deal with the flack from users when they happen to miss something. Not to mention the whole "We're suing you for calling us spyware!" from the companies that deal in borderline, questionable software. I'm sure they would come out of the woodwork to sue someone with pockets like google's.

      If anyone has the resources to do something like this on a massive scale it's Google; but I can understand why they don't. To me this is akin to the argument that ISPs should cut off users with obviously infected boxes. Hell, ISPs could block sites using the same method you want Google to employ. Sure it would be helpful to the public at large but dealing with the customer service issues and false positives would be a real headache! Try explaining to Aunt Tillie why she can't get to knitting.com anymore because there is a trojan on her box spamming thousands of people everyday.

      --
      Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
    2. Re:google is the culprit.. by Aladrin · · Score: 3, Insightful

      It'd become an arms race. Malware sites would simply rework their site until Google no longer listed them as malware, then do it again when Google figures out their new tactic.

      Nobody would be helped (especially not the 99% of users that would click anyhow) and Google would spend a lot of money for nothing.

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  6. Re:Troll by vertinox · · Score: 4, Insightful

    How did you decide that only IE is vulnerable to the "risky" results that one might find by following these links?

    Because IE 7 runs only on Windows.

    Hence, it can be assumed that if you can run IE 7 then perhaps there are security problems involved.

    If you run OS X or Linux, you can be assured that chances are those links are fairly safe as far as browser hacks and probability that someone decided to make a hack that affects both Firefox and Linux or Mac combination.

    And yes I'm being a bit facetiously, but the grandparent isn't much as a troll but speaking a bit over zealously. Chances IE7 will have more problems than Firefox on any system because of its integration into the OS. Vista handles this a bit better than earlier operating systems, but it still has issues.

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  7. Re:shutting down malware, virus, spam sites . . . by Vreejack · · Score: 4, Informative

    Slap on the wrist? There should be so much justice.

    My solution is to use a custom hosts file. http://www.mvps.org/winhelp2002/hosts.htm publishes a nice one. Whenever I click on a lick in a web search list and I immediately get a "link not found" then I can pretty sure I didn't really want to go there in the first place. A lot of advertisements show up as "404's" as well.

    --
    "Will future ages believe that such stupid bigotry ever existed!" -- Ivanhoe
  8. elementary science education for all? by l2718 · · Score: 4, Insightful

    Sorry, but I am detecting crap. The process of measuring something in real life has inheret errors built into it. I doubt Dr. Edelman can measure the fraction of dangerous search results so accurately so that decimal digits have any meaning. Given that his methodology is to perform particular searches, for example, it's not obvious that his search pattern exactly represents that of a typical user, that his definition of a dangerous site is accurate, or how big are the fluctuations in search result placement in the search engines. Actually, I doubt you can even define the parameter he's measuring accurately enough for the difference between 4.4% and 5% to make sense. Very telling is that at not point does the study bother to address the error bars of the methodology. This indicates that no-one has any idea what the results actually mean, and that we should treat them with grave suspicion.

    Specifically, the implicit claim in the article that the difference between 4.4% and 5% is statistically significant is bougs. The real byline is "fraction of dangerous websites remains unchanged". The two numbers are clearly equal within any reasonable error of measurement. Note that Dr. Edelman's study does not actually make this comparison.

    1. Re:elementary science education for all? by l2718 · · Score: 3, Insightful
      For another example why error bars matter, think back to the Florida Elections Debacle of 2000. Essentially, the errors inherent in the elections process were much greater than the effect that the balloting was supposed to measure, rendering the entire results meaningless. Of course, someone had to be declared a winner so as a matter of legal fiction, Mr. Bush was (rightfully, I suspect) declared to have carried the state. However, it is meaningless to talk about who really won the election -- the difference between the number of votes garnered by the two main candidates was much finer than our ability to measure who got more votes. The main sources of error are:

      Disagreement about how to read ballots in principle [with chads? without chads?]

      Errors in the human interpretation of actual ballots according to whatever definition we settle on. If the real goal is to measure the voter intent as it putatively existed in the minds of the voters, we also have to consider:

      Errors by the human casting the ballot.