Google to be Our Web-Based Anti-Virus Protector ?

1 in 10? by Xoltri · 2007-05-11 05:23 · Score: 3, Funny

When I was living at home my sister must've found every last one of them. She was terrible for breaking the computer.

--
-Xoltri

Re:1 in 10? by hal2814 · 2007-05-11 05:34 · Score: 4, Funny

Well most downloaded malware comes through online games and porn. Which one did your sister have a hankering for?
Re:1 in 10? by Kurrurrin · 2007-05-11 07:16 · Score: 3, Funny

I'm trying to figure out how the first post can be tagged as redundant. It doesn't work, unless one is taking into account the entire history of posting on /. And if that is the case, then everyone should just start off with (Score:-1, Redundant) to save mods the trouble.

--
-Doug
Re:1 in 10? by Jarjarthejedi · 2007-05-11 07:29 · Score: 0, Redundant

Yeah...that's gotta be one the strangest moding's I've ever seen. The first post is redundant? The post that came before all others was a copy of another one? What's with that?

--
There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
Re:1 in 10? by CasperIV · 2007-05-11 07:35 · Score: 1

Why can't they be one in the same?
Re:1 in 10? by Kijori · 2007-05-11 07:48 · Score: 1

I suppose it could be if it repeated something universally known (or something in the summary).
Re:1 in 10? by C0y0t3 · 2007-05-11 07:52 · Score: 1

Background, screensaver, and icon sites are notorious as well, which is why so many naive users who are obviously not regular users of porn nor games tend to contract a constant stream of malware. The so called "free" sites are paid quite handsomely per install by the "marketers" like gator (and later incarnations).

His sister most likely had the message board and chat bug, and contracted the electronic illnesses from icon sites.

Or porn... but despite young men's fantasies, most young women are not into porn or gaming.
Re:1 in 10? by hal2814 · 2007-05-11 08:01 · Score: 0, Troll

Look, stop making justifications already. I know you're trying to come up with some way that your mom could've got all that malware on her machine when she doesn't play a single game on it. And you may feel better thinking she just got it from chatting and message boards but we all know the truth. I think it's time you do yourself a favor and come to grips with the it.
Re:1 in 10? by C0y0t3 · 2007-05-11 08:18 · Score: 1

Speaking of "coming to grips", thats quite a handshake you've got there, yourself... thanks for the insight.
Re:1 in 10? by Shinmizu · 2007-05-11 08:33 · Score: 2, Funny

Statistically, it's probably a safe bet to automatically tag the first post as such:

1) In Soviet Russia, first post, for one, welcomes our new Cowboy Neal overlords that can run linux on beowulf goatse clusters of this article was submitted three years ago, you stupid editors.
2)?????
3) Profit
Re:1 in 10? by nixkuroi · 2007-05-11 08:33 · Score: 1

I found that lyrics sites are also one of the major causes of Spyware and malware. I spent hours hacking stuff out of my registry after thirty minutes of my wife searching for the words to "where the streets have no name".

Eventually I just started running cd loaded Metis when she wanted to surf the net. If she screwed that up, I could just reboot and load the OS from the CD again.
Re:1 in 10? by powerpants · 2007-05-11 09:07 · Score: 1

I made a post a few days ago that started out at a base level of 1, then went to 0 as the first mod came in "overrated".
Re:1 in 10? by ChameleonDave · 2007-05-11 11:02 · Score: 1

Or porn... but despite young men's fantasies, most young women are not into porn or gaming. They are obviously not as much into porn and games as the average (male, nerdy, pale, pimply) Slashdotter is, but I can tell you from experience that there are plenty of girls who don't mind a bit of computer fun of that type. Do you think that most of them will admit to you what they Google for when nobody is looking?
Re:1 in 10? by freakxx · 2007-05-11 13:11 · Score: 1

Background, screensaver, and icon sites are notorious as well, which is why so many naive users who are obviously not regular users of porn nor games tend to contract a constant stream of malware.
So, essentially you are concluding two things: 1. His sister is "naive", and 2. She is not a "regular" user of game or porn (she does it only sometimes...for fun may be..??!!)
Re:1 in 10? by Anonymous Coward · 2007-05-11 23:48 · Score: 0

Yeah...that's gotta be one the strangest moding's I've ever seen. The first post is redundant? The post that came before all others was a copy of another one? What's with that?

This exact comment has already been posted. Try to be more original...

aid and comfort to the enemy? by fred+fleenblat · 2007-05-11 05:24 · Score: 1, Interesting

Since most of this malware attacks windows machines, isn't google helping microsoft more than it's helping linux or apple?

Re:aid and comfort to the enemy? by LurkerXXX · 2007-05-11 05:45 · Score: 5, Insightful

Do Linux or Apple users not mind when a bot-net army takes down a website they are trying to access, or clogs the pipes?

Do Linux or Apple users not mind all the spam to their inbox from hijacked machines?

Do Linux or Apple users not have to worry about some family member being taken in by a phishing scheme, hosted on a hijacked machine?

Do Linux or Apple users not mind tons of hijacked machines probing any SSH or other ports you might have open, looking for vulnerabilities or doing dictionary password attacks?

Less hijacked machines on the internet helps us all. Be you a Windows, Linux, Apple, BSD, or other user. Not caring about hijacked windows boxes because you are leet enough to use Linux is stupid.
Re:aid and comfort to the enemy? by Anonymous Coward · 2007-05-11 05:53 · Score: 2, Interesting

it's harder to insatll malware on mac osx and linux then it is on windows.

So if you install malware on OS X or Linux, it's on Windows?

Not unless you have Wine running, too.
Re:aid and comfort to the enemy? by dave562 · 2007-05-11 06:01 · Score: 1

There's no sense in making the user suffer or declaring them an enemy combatant.
Re:aid and comfort to the enemy? by mrsteveman1 · 2007-05-11 06:18 · Score: 2, Informative

It is in everyone's interest to both secure Windows and stop malware in general, because an infected box can be used for things other than gathering info on the owner, which then affects people who have nothing to do with Windows.

For instance, botnets generally are made up of windows PCs, but are used to DDoS attack Unix webservers for ransom or political gain. They can also be used to attack network nodes such as vulnerable Cisco routers or corporate firewalls, it's a generic proxy model of attack which can be used for any number of attack vectors on any number of different systems. Recently there was even a browser exploit that allowed an attacker to use the box as a security scanner for vulnerable websites, this affected ALL systems, including OS X and Linux.

So, you can see windows is a huge part of the problem and everyone would be better off if it died, but it benefits everyone to stop malware, even if it means fixing problems Microsoft can't or wont fix themselves.
Re:aid and comfort to the enemy? by Anonymous Coward · 2007-05-11 06:29 · Score: 0

When did Microsoft/Windows become the enemy? (Of Google, obviously the /. crowd has its own opinions... even while most of them surf from Windows computers.) Microsoft is a competitor, but hardly a threat (at this point).

Besides, Microsofties aren't the only people who use Windows. The victim of malware isn't Microsoft (they already have your money), it's the Windows user.
Re:aid and comfort to the enemy? by Anonymous Coward · 2007-05-11 06:44 · Score: 0

Seriously are you a moron or just a troll?

Helping to clean up the net is a good thing for everyone.
Re:aid and comfort to the enemy? by fred+fleenblat · 2007-05-11 06:51 · Score: 2, Informative

Neither, it is my honest opinion that microsoft should clean up its own mess.
Re:aid and comfort to the enemy? by digitig · 2007-05-11 06:58 · Score: 1

Most of their customer base is probably using MS Windows machines, too -- probably over 90% (eg, [url:http://www.w3schools.com/browsers/browsers_os .asp]). Why shouldn't they help their customer base?

--
Quidnam Latine loqui modo coepi?
Re:aid and comfort to the enemy? by cp.tar · 2007-05-11 07:11 · Score: 2, Funny

Actually, I seem to recall that someone tried to run some Windows viruses in Wine.

Alas, Wine is not yet fully compatible with Windows, and it showed.

--
Ignore this signature. By order.
Re:aid and comfort to the enemy? by Synchis · 2007-05-11 07:33 · Score: 2, Insightful

On that same note, just because there is currently not much malware on Linux or Mac, doesn't mean it will always be that way.

I'm fairly indifferent to which platform I use as long as it functions well. I'm also not the norm, but am privy to using many a malware free Windows Machine.

The more Linux distros are out there, the larger the market share, the more malware will target it. If you think you will always have a highhorse to sit on just because you run Linux or Mac, then I'll be there when you fall and bust your ass on the first widespread linux or mac malware invasion to point and laugh at you.

Malware developers are out to accomplish a goal, to infect as many machines in as little time possible.

So what makes more sense: Target Windows boxes which have lots of readily available holes to squirm through and a whopping 95% (maybe? I don't know for sure) market share?

Or target Linux and Mac, which don't have as many widely publicized holes, and only a measly 5% market share?

Its a no brainer right? But if the tables were turned, and it was Linux with the 95% market share, your sure as hell gonna be the first targeted.

The point is, why not be pro-active, and send a message to malware authors that we don't want it, and we wont stand for it? By integrating virus protection into the very fabric of the net, we stand that much greater chance that the next big malware outbreak (Whether it targets linux or windows) will be easier to contain, and ultimately will take away that which the malware authors seek: Attention and Distribution.

--
Thomas A. Knight
Author of The Time Weaver
Re:aid and comfort to the enemy? by Wicko · 2007-05-11 07:54 · Score: 1

You mean, Microsoft users. And what is wrong with that? It certainly wouldn't be the first time, with the Google software all being Windows supported. I like having my Windows and eat my Google cake too. :)
Re:aid and comfort to the enemy? by Heembo · 2007-05-11 07:56 · Score: 1

As/if the popularity of Mac's increase, so will their susceptibility to malware. This has nothing to do with poor engineering on MS's part, it's just the popularity of MS that makes winbloz, ie (and even FF) such a target. Casual surfing does have the capability to wack a mac http://it.slashdot.org/article.pl?sid=07/04/21/033 6255 .

--
Horns are really just a broken halo.
Re:aid and comfort to the enemy? by thePowerOfGrayskull · 2007-05-11 08:04 · Score: 1

Ever heard the phrase "Cut off your nose to spite your face?"
Re:aid and comfort to the enemy? by TravisO · 2007-05-11 08:19 · Score: 1

I think you're implying that Microsoft is Google's competition and you couldn't be more wrong. It's only true that Google is Microsoft's competition. From Google's point of view, their search engine has always been successful and Microsoft is a Johnny-come-late that hasn't been able to steal customers, even though IE's default search engine is Microsoft's. I think we can all agree it's been Microsoft who's been playing copycat of Google's products and have been unable to steal away any noticeable part of the market.
Re:aid and comfort to the enemy? by fandog · 2007-05-11 08:46 · Score: 1

If you think you will always have a highhorse to sit on just because you run Linux or Mac, then I'll be there when you fall...

"Pride goeth before destruction...". As it were.

Heh, the rest is good too: "...and an haughty spirit before a fall."

-Proverbs 16:18

Being careful to not overstate the security of any IT/CS related thing seems a good policy, because when something eventually goes wrong,(and it will), you don't look like an idiot in hindsight.

As a programmer though, is anyone ever that secure with their own code? I mean enough to sit back and say it can't be exploited somehow? Or that it's impenetrable? Seems like it's usually users, architects and marketers who make these claims...
Re:aid and comfort to the enemy? by Anonymous Coward · 2007-05-11 10:14 · Score: 0

Do Linux or Apple users not have to worry about some family member being taken in by a phishing scheme, hosted on a hijacked machine?
Not when I'm the one running the phishing scheme.
Re:aid and comfort to the enemy? by watchingeyes · 2007-05-11 11:02 · Score: 1

Google's trying to protect its users and give users of competing search engines an incentive to use their search engine. Furthermore, like other posters have said, this does benefit Apple and Linux users as well. Malware doesn't only affect the computers it is installed on (ie. SPAM, Botnets, etc)

--
http://watching-eyes.blogspot.com/
Re:aid and comfort to the enemy? by ozmanjusri · 2007-05-11 13:39 · Score: 1

When did Microsoft/Windows become the enemy?
Hard to say. Do you think this might have something to do with it?
"I'm going to fucking bury that guy, I have done it before, and I will do it again," the declaration quotes Ballmer. "I'm going to fucking kill Google."
SMH

--
"I've got more toys than Teruhisa Kitahara."
Re:aid and comfort to the enemy? by dbcad7 · 2007-05-12 05:34 · Score: 1

So your Switzerland when it comes to operating systems...
I'm fairly indifferent to which platform I use as long as it functions well.

If you think you will always have a highhorse to sit on just because you run Linux or Mac, then I'll be there when you fall and bust your ass on the first widespread linux or mac malware invasion to point and laugh at you.
It obviously bothers you a lot that Mac and Linux machines don't have the same experience as Windows users. Too bad my machine will be all screwed up from the malware to hear your laughing... well gotta go, and rock my highhorse now.. (see ?.. Linux rocks)

--
waiting for ad.doubleclick.net

Only works through Goolge now... by cyberianpan · 2007-05-11 05:26 · Score: 4, Interesting

This is potentially a very useful service but not all URLs we visit are from Google searches, some we still type in others as links from pages. However could we soon expect a Firefox add in that will filter all http requests through Google ? So then our new overlords will indeed know everything about our web-habits ?

Re:Only works through Goolge now... by Random832 · 2007-05-11 05:35 · Score: 3, Funny

However could we soon expect a Firefox add in that will filter all http requests through Google ? http://www.google.com/history

--
We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.
Re:Only works through Goolge now... by Jorgandar · 2007-05-11 06:24 · Score: 2, Insightful

The difference, if that ever happens, is that firefox will allow you to turn it off. Your ISP overlord has known about your web habits for years already.
Re:Only works through Goolge now... by VinB · 2007-05-11 06:30 · Score: 0

They would only be given this new authority if they promise to step down once the threat is vanquished....

.... now begun the click wars have!
Re:Only works through Goolge now... by br0d · 2007-05-11 08:05 · Score: 1

It already exists. http://firekeeper.mozdev.org/

Wouldn't good sites with bad ads or posts... by Anarchysoft · 2007-05-11 05:26 · Score: 5, Insightful

be blocked?

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets. Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?

--
Hax-fu?

Re:Wouldn't good sites with bad ads or posts... by Anonymous Coward · 2007-05-11 05:33 · Score: 1, Funny

Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web? No. Because that will impact Google's ability to monetize their intellectual property through certification / exception schemes.
Re:Wouldn't good sites with bad ads or posts... by zCyl · 2007-05-11 05:37 · Score: 1

Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?

Websites from people or organizations accidently distributing viruses are probably not the most insightful or useful websites anyway.
Re:Wouldn't good sites with bad ads or posts... by Anarchysoft · 2007-05-11 05:42 · Score: 1

| Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web? No. Because that will impact Google's ability to monetize their intellectual property through certification / exception schemes.
Do you mean something like SORBS?

--
Hax-fu?
Re:Wouldn't good sites with bad ads or posts... by Anarchysoft · 2007-05-11 05:46 · Score: 1

Websites from people or organizations accidently distributing viruses are probably not the most insightful or useful websites anyway. Probably not, but if it really is 10% that's a huge chunk of the net. Of course, is this 10% of pages, sites, pages with unique content, etc, etc? And, if it is a free hosting site or something along those lines, perhaps the content creator really has no control over what banners, etc are displayed... Perhaps they should just use Google Pages. ;) I have found Google's badware warning on sites that did have useful content.

--
Hax-fu?
Re:Wouldn't good sites with bad ads or posts... by Radon360 · 2007-05-11 05:50 · Score: 2, Insightful

The answer to your first question is most likely yes.

What it would do, hopefully, is force companies in the business of serving up ads for pages to clean up their act, or find themselves going out of business. When word gets out that XYZ web ad agency's ads led Google to flag ABC company's web page as having malware, those looking to whore search rank positions will drop them like a bad habit.
Re:Wouldn't good sites with bad ads or posts... by arivanov · 2007-05-11 05:51 · Score: 2, Interesting

They would.

And the only thing a person who wants to distribute malware neeeds to do is some minimal robots.txt manipulation. The pages with the "bait" content can still be "crawlable" by google while the malware may sit in areas which have been made non-crawlable.

Yet another stupid idea. Almost as stupid as the .bank domain. Or windows asking you to reboot just because the program you run was called "install" or had an MSI extension.

--
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Re:Wouldn't good sites with bad ads or posts... by mblase · 2007-05-11 06:26 · Score: 1

Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?

Yes, but there's nothing Google can do about that.

Google does not yet make a web browser that can out-marketshare Internet Explorer.

They do, however, have a search engine that significantly out-marketshares MSN Search.
Re:Wouldn't good sites with bad ads or posts... by hotdiggitydawg · 2007-05-11 06:32 · Score: 1

Hello?!? McFly?!? I know this is /. but the least you could do is read the summary!
It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets... These are often downloaded form third party sites. The robots.txt file on the website's server has no effect on third-party content hosted on a completely different server.

And for the record, I think it's a brilliant idea. If an advertising agency serves up spyware it'll trash the rankings of the sites hosting its own ads, and pretty soon it'll have such a bad reputation among the entire web that nobody will use it. Thus it will force these advertising muppets to clean up their act or go out of business, a move which is long overdue IMHO.
Re:Wouldn't good sites with bad ads or posts... by Anarchysoft · 2007-05-11 06:33 · Score: 1

| Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web? Yes, but there's nothing Google can do about that. Google does not yet make a web browser that can out-marketshare Internet Explorer.
Good point. It would be neat if there was an extension that would use Google's site safety check and disabled scripting, flash, etc if the current site was flagged. That way the content could still be there, the sections of the internet wouldn't be cordoned off and people would be safer.

--
Hax-fu?
Re:Wouldn't good sites with bad ads or posts... by Kadin2048 · 2007-05-11 06:36 · Score: 1

And the only thing a person who wants to distribute malware neeeds to do is some minimal robots.txt manipulation. The pages with the "bait" content can still be "crawlable" by google while the malware may sit in areas which have been made non-crawlable.

Seems like the solution to that is obvious -- don't obey robots.txt for the purposes of the malware scan.

I'm not sure that robots.txt is legally binding anyway, except perhaps where it relates to an implicit permission to cache content (and even there I don't think the courts have really established any tests that use it, outside of the Netherlands anyway), so Google could just have its crawlers go through everything on the malware scan, but then only index and cache the parts that aren't blocked off. If a page had any malicious content in an area prohibited by robots.txt, then you could assume that the main site was probably bad (since the person creating the robots.txt file specifically crafted it to hide the malware) and you could flag the whole site as possibly dangerous.

--
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Re:Wouldn't good sites with bad ads or posts... by DrEldarion · 2007-05-11 06:42 · Score: 1

If it's 10% of sites, I'd be blown away. 10% of pages, though... I wouldn't be surprised if 10% of pages on the net were created with the sole intent of distributing malware or viruses, let alone sites that do it unintentionally.
Re:Wouldn't good sites with bad ads or posts... by DrEldarion · 2007-05-11 06:46 · Score: 1

I imagine they'll implement it in the Google toolbar.
Re:Wouldn't good sites with bad ads or posts... by Anonymous Coward · 2007-05-11 07:02 · Score: 0

Bu7 wh3r3 w1|| 1 g37 my w4r3z fr0m?

But seriously, there actually is useful (legal) stuff (including legitimate downloads) on at least some of these blocked sites.
Re:Wouldn't good sites with bad ads or posts... by LnxAddct · 2007-05-11 07:19 · Score: 1

Yea, it'd be nice to have operating systems that can't be taken advantage of, or a multitude of things... but we don't live in a perfect world. Google is helping with what they're best at doing, and it's a solution that works *now*... not some theoretical perfect browser. I doubt they'll outright block the sites, but rather notify the sites and in the meantime warn users while the sites still contain malicious content. In fact this will probably help content providers more than anything, because right now most have no way of checking their own sites for malicious things.
Regards,
Steve
Re:Wouldn't good sites with bad ads or posts... by Anarchysoft · 2007-05-11 07:21 · Score: 1

I doubt they'll outright block the sites, but rather notify the sites and in the meantime warn users while the sites still contain malicious content. I thought that's what they already did and this was a step further?

--
Hax-fu?
Re:Wouldn't good sites with bad ads or posts... by Peet42 · 2007-05-11 08:12 · Score: 1

If Firefox used Google to check the URLs being requested, it could display the page you wanted while blocking the iFrames, banners etc. that come from malware-bearing domains. It would slow down browsing, but for a naive user it would greatly increase security.
Re:Wouldn't good sites with bad ads or posts... by LnxAddct · 2007-05-11 09:13 · Score: 1

My understanding is that they currently just put a warning up to the user. If I'm wrong, my apologies, but the other points still remain valid :)
Regards,
Steve
Re:Wouldn't good sites with bad ads or posts... by epistemiclife · 2007-05-11 09:20 · Score: 1

A potential problem with this concerns the accuracy of said flagging. If it routinely flags innocent sites as "suspicious," there could be a backlash, as consumers steer away from sites which are, unfortunately, flagged by Google's algorithm. An interesting idea, I think, is to have some sort of "web-based web browser." The web page could be rendered on some central server and then delivered in an innocuous form -- say, something roughly equivalent to an interactive image -- and viewed that way via a standard thick client web browser: something not very much different, conceptually, from what VMWare did with its web browser virtual machine.
Re:Wouldn't good sites with bad ads or posts... by Anonymous Coward · 2007-05-11 10:15 · Score: 0

It would eventually speed up browsing like AdBlock* already does, because the non-content is not downloaded. There could be a downloadable whitelist/blacklist with popular domains, and a cache mechanism so each domain would only have to be googlescored when first seen (or once a week, to allow them to clean up their act).

But what I really wonder is, why doesn't Google filter these sites completely from search results? And does Google filter them from Adsense or will they still do business with the baddies?

And on the flipside, what if Google China adopts a slightly altered definition of malware? If anyone is in a position to censor the web, it's Google.
Re:Wouldn't good sites with bad ads or posts... by suv4x4 · 2007-05-11 10:56 · Score: 1

Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?

I don't know. Wouldn't it be best if we had both?

It's optional whether you'll use Google's warning system, I know in a quite a lot of use cases people would rather filter 10%, hell, 20% or 30% of the web, if the remaining sites are guaranteed to be safe.
Re:Wouldn't good sites with bad ads or posts... by stephanruby · 2007-05-11 19:21 · Score: 1

Seems like the solution to that is obvious -- don't obey robots.txt for the purposes of the malware scan.

Google already does that. It won't index content that's blocked, but it will still crawl it -- just in case. The rationale given is that when google was first starting out, web sites like the California DMV (Department of Motor Vehicles) and web sites like the New York Times, would just block all bots by default. And Google felt it couldn't afford to ignore such mainstream web sites, especially since most users wouldn't understand that a public site as big and as mainstream as the DMV would be accessible to them -- but not accessible to Google.

So Google will still crawl the site, index the keywords found in its urls and possibly index their titles, to possibly link to those sites/pages if needed, but it won't cache the content of those pages and I assume it won't do a full text indexing of each page either (although, I don't know if that last assumption is correct).

Either way, this practice of crawling everything has made life difficult for web site owners that have written bot-traps for bots that don't obey their robots.txt (a bot-trap is usually an invisible link that could only be seen by a bot, and such a link would point to a location that's forbidden in the robots.txt). This has become a problem especially since many malicious bots like to impersonate the googlebot to gain maximum access to a site, and google has refused to publish an up-to-date list of all the IP addresses it uses.

Pros and Cons by PixieDust · 2007-05-11 05:26 · Score: 4, Interesting

I can see a lot of Pros and Cons to this. While certainly it's good that such a major player is taking an active and aggressive stance on this, I thinkk it's also going to cause a lot of people to have a false sense of security. And while this only affects users who search for pages (and that is a LOT of traffic), it's still going to bring the question to some users "Google tells me if a site is dangerous, what do I need malware protection for?"

I surf almost exclusively in Windows, using IE (IE6 + XP Pro on Desktop, IE7 + Vista on laptop) with no protection, and I've not had an issue with malware in years. But most people's browsing habits aren't quite like mine.

One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image.

I'm fairly interested to see how this plays out.

Re:Pros and Cons by Radon360 · 2007-05-11 05:58 · Score: 3, Interesting

One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image.
The next question would be, what are Google's plans/procedure for getting a site recrawled after a problem is corrected? I could see a company being be upset about not having a quick and effective way of getting this flag cleared after fixing the problem. Or, for that matter, a less scrupulous site operator removing the malware, getting cleared, then reintroducing it, and the repeat the cycle on the next crawl when it gets flagged again.

While I think Google would like to just say that such a warning would be reset on the next crawl showing a clean site, most businesses would not be happy about this. This could potentially become an administrative overhead nightmare if not carefully done.
Re:Pros and Cons by Jarjarthejedi · 2007-05-11 06:05 · Score: 3, Insightful

"One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image."

A favor? Google has likely killed their company, or at least it's online portion. Remember the big debate about how certain companies weren't being seen on the front page of google searches a while ago? Remember how much less revenue those companies got? Think about it, if little old lady #13 wants to buy item xdfsd#14 from bigcompanyhere.com but Google tells her that it may contain scary Malware that could take over her computer how likely is she to buy item xdfsd#14 from bigcompanyhere.com? How likely is she to tell her friends not to buy item xdfsd#14 from bigcompanyhere.com? How likely is she to never shop on bigcompanyhere.com ever again even if they fix the minor problem that google flagged for them?

Any time a non-computer savy person sees this type of thing they're likely to avoid that site for a very long period of time. Sure, that'll make the companies more careful about what they put there, but it also gives Google even more control over the internet and internet based companies. I wouldn't be surprised if they (google) began offering "consulting" fees to remove the malware that google flagged from the companies site quickly, and how much of a leap is it from there to pure extortion?

Google controls a lot of the internet right now. Their job should not be to tell people where to search but rather to let them go where they want to go. This is a 'sounds like a good idea' idea but it could potentially be disastrous. Oh sure, what I layed out in my post is a pretty worst case scenario type thing, on the other hand how unlikely do you think it is? As for me, I'm expecting to see the 'Google Anti-Malware Division' started up pretty soon with their 'Low price of $100 to remove flagged malware from your site and get it back on the green list' within a year of this starting

--
There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
Re:Pros and Cons by __aawdrj2992 · 2007-05-11 06:13 · Score: 1

Thats a good point, getting tagged as unsecure could kill a Web site.

HOORAY! Now that MySpace is dead, our corporate networks will once again be productive. I for one welcome our new Web search overlords.
Re:Pros and Cons by Edward+Kmett · 2007-05-11 06:28 · Score: 1

Personally, I kind of like the side-effects and I don't really see the problem with this.

It means that the security of the site that I am using is positively correlated with its place in the rankings.

If a site is poorly designed and capable of being exploited with malware, it probably does deserve to be kicked into the 'get your s#!t together' pool down with the people who pay SEO 'professionals.'

The risk of such things happening will cause sites to care a lot more about security.

As for the 'low low price' case you lay out, its totally at odds with the way google does business, it quite simply requires too many boots on the ground and is too invasive. The sites they index are not their customers.

--
Sanity is a sandbox. I prefer the swings.
Re:Pros and Cons by Belial6 · 2007-05-11 06:42 · Score: 1

If the existence of MySpace is causing your corporate networks to become unproductive, you have a lot bigger problems, and none of them are MySpace.
Re:Pros and Cons by fuzz6y · 2007-05-11 07:22 · Score: 3, Insightful

. . . even if they fix the minor problem that google flagged for them?

minor problem my foot. Your notion that bigcompanyhere.com is entitled to grandma's money even if they're peddling spyware is ridiculous. Google gave grandma exactly what she wanted: a place to buy a widget without getting 0wn3d. The fact that they did no favors for bigcompanyhere.com is of no concern to her. Or me.

I wouldn't be surprised if they (google) began offering "consulting" fees to remove the malware that google flagged from the companies site quickly

I would be very surprised indeed. They don't offer consulting fees to get you back on the gravy train after you got penaltyboxed for purveying spam links

Their job should not be to tell people where to search but rather to let them go where they want to go.

Spyware central isn't where I want to go, even if they sell the cheapest RAM by four cents. Google, of course, is working for their shareholders and get paid by their advertisers, but they have a vested interest in keeping the searchers happy so the advertisers will keep paying them. The people whose sites are included in the results don't have some God given right to be on the first page so they can make money. Nevertheless, google has always tried to walk the tightrope between being overrun by crappy keyword farms and kicking out legitimate sites.

--
If you're going to be elitist, it would help to be elite.
Re:Pros and Cons by digitig · 2007-05-11 07:40 · Score: 1

One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image. Address? Surely they'd just insist that the malware was a customer service, and sue Google for defamation?

--
Quidnam Latine loqui modo coepi?
Re:Pros and Cons by PixieDust · 2007-05-11 08:42 · Score: 1

Hahaha! You should totally get modded up "Funny". The sad part is, it's probably true. Anyone remember abetterinternet and apropos?
Re:Pros and Cons by Anonymous Coward · 2007-05-11 10:11 · Score: 0

That's another good question - if a site is marked as 'bad', and they eventually drop the domain name, and you happen to buy it...

How long can you expect before google recognizes that you aren't bad?
Re:Pros and Cons by VariableGHz · 2007-05-11 18:38 · Score: 1

I surf almost exclusively in Windows, using IE [...] with no protection

Sweet mother of Jesus.
Re:Pros and Cons by Anonymous Coward · 2007-05-11 20:44 · Score: 0

> I surf almost exclusively in Windows, using IE (IE6 + XP Pro on Desktop,
> IE7 + Vista on laptop) with no protection, and I've not had an issue with
> malware in years. But most people's browsing habits aren't quite like mine.

People like you are the major problem!
You *think* you are not infected, but in fact your computer might spam the
world with hundreds of emails every hour..

Go, get some *protection*! Modern bots do hide very very well in the system..
Re:Pros and Cons by PixieDust · 2007-05-12 02:26 · Score: 1

Heh, I think not. I run an occasional scan of my system, and the only thing it ever turns up are cookies from google, and a few other sites. Considering the security afforded by my well configured router, and how finicky I am about my system, I've very little to worry about. If the slightest strangeness occurs, I spend a lot of time investigating it, and, just in case it IS an infection, I disconnect from any kind of network while I hunt down the root cause. THe last little quirk turned out to be the southbridge on my motherboard going bad. It was only the slightest hit in performance, and I wouldn't have likely even noticed it had I not been trying to squeeze just a little more speed out of it. It passed every diagnostic test I could find to hit it with, but I was SURE the southbridge was dying. So I booted with a Gentoo Live CD, checked a few things, and lo and behold I'm seeing weird returns from queries to the HDD and the DVD drive on my SATA controllers. I eliminate the drives themselves as the culprits and bam, assurance that something is wonky with my southbridge.
Now, if I can hunt that down without any real indication, no red flag, no smoking gun as to the problem, do you HONESTLY believe that I wouldn't notice the increase in traffic over my network if my computer was a bot-zombie? Or even the increased resource usage on my system? Hell even the southbridge issue was, at it's worst (when it started) a 3 second cpu usage increase of 2% by the indexing service. I quickly ruled out infection as the case thanks to a few very well designed tools. Filemon, Procmon, and RKR. After ruling out infection, I started looking for other things.
The last time I had something on my system, I was rather disappointed. It was a downloader, outdated and poorly coded. Damn thing didn't even work. It hooked itself into a couple of files to keep itself resident. I killed it, took a look at it, figured out what it was supposed to do, and was REALLY REALLY bored so decided "What the hell, let's see what this thing is made of." and TRIED to let it do it's thing. It failed, miserably. None of it's requests were being answered, I kept an eye on it, and turns out the IRC server it was trying to connect to didn't exist. The source it was trying to download other infections from didn't exist, and it was leaking memory like the Titanic took on water. Judging from it's construction, design, and what it was doing, I'm thinking it was a VERY VERY early version of what would later become abetterinternet. Either that or the creators of abi took a lot of the code from this. Either way, I was rather disappointed, and removed all trace of the little interloper.
So no, I'm not worried about infection. If I do get one, I know how to take it off, and keep it off. The average user? Better have some f-ing protection. And it better be good.

Already being done by zappepcs · 2007-05-11 05:27 · Score: 4, Informative

McAfee SiteAdvisor already does this for Google search results pages. This is nothing new. Its a FF extension and works well, though lately it has pointed out that proxy servers are trying to steal my identity when I try to use them.

--
Support NYCountryLawyer RIAA vs People

Informing webmasters by truthsearch · 2007-05-11 05:28 · Score: 4, Insightful

Instead of just flagging sites for users, they should first add the detailed information to the Google Webmaster Tools. If it's third party software that's the problem inform the webmasters (at least those who use Google's tools) so they can take it down. Granted, it's their own fault for using third party software without enough investigation, but let them fix the problem before they're flagged for end users.

--
Developers: We can use your help.

Re:Informing webmasters by Miseph · 2007-05-11 05:43 · Score: 2, Insightful

Um, no. A website can get hits 24 hours a day, 7 days a week, and while some websites have webmasters able to give that much coverage, most do not. What about all of the users who could potentially become infected in the time between when Google spots the malware and the webmaster can fix the problem? How long would Google give them to fix it before just putting up a notice anyway? The point is to control the propagation of malware, not give webmasters a chance to stop sucking at life before warning end users that the site is full of malware and incompetence.

--
Try not to take me more seriously than I take myself.
Re:Informing webmasters by truthsearch · 2007-05-11 06:39 · Score: 1

Um, yes. Not every webmaster is incompetent. Having malware through a generally respectable ad agency, for example, may be no fault of the webmaster. Why would it hurt to wait one week to put the feature on the front-end of Google, and informing webmaster through their tool first? One week wouldn't make any significant difference when the new version of this feature doesn't even exist today.

--
Developers: We can use your help.
Re:Informing webmasters by Miseph · 2007-05-11 12:14 · Score: 1

Well, unless you're one of the users whose machine got infected with malware during the week. Then you'd be a little bit pissed.

I agree that not all webmasters are incompetent, but I don't see why that means a tool like this should assume the opposite. A competent webmaster would probably fix the problem (even if it means temporarily removing the widget) as soon as they were notified in any case, not to mention that they'd be less likely to put a sketchy 3rd party component anyway.

--
Try not to take me more seriously than I take myself.

Huh by Realistic_Dragon · 2007-05-11 05:28 · Score: 5, Funny

I browse the internet on my Linux box, running OS X with MacOnLinux. On OS X I run VMWare player hosting FreeBSD, where I have all the options turned to OFF. That runs Firefox, which connects to a web-2.0 version of Lynx. I use this to connect to another site which manually lets me enter netcat commands and read the result.

My only complaint is that the pirates at Macrodobe STILL won't support my platform of choice! When will there be a flash player for people like me!

--
Beep beep.

Re:Huh by rthille · 2007-05-11 07:11 · Score: 2, Funny

They have! just download it from here!

--
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
Re:Huh by joe+155 · 2007-05-11 08:07 · Score: 1

"I run VMWare player hosting FreeBSD, where I have all the options turned to OFF"

I think you misspelled OpenBSD...

--
*''I can't believe it's not a hyperlink.''

Re:aid and comfort to the enemy? Helping microsoft by Aldur42 · 2007-05-11 05:30 · Score: 5, Insightful

Maybe, but any reduction in the number of infected PCs is win for the entire net.

--
A complicated error is indistinguishable from a feature.

Excuse me ... by WrongSizeGlass · 2007-05-11 05:30 · Score: 2, Funny

Of course Google can protect us against everything and everyone (except the IRS, acne and that kid on the bike in Better Off Dead). They can do anything they say they can do ... and even stuff that they haven't thought of yet.

Google is good, Google is great, and Google can do no wrong. Where on Earth did I ever get that pearl of wisdom? I read it on the internets, of course ... on some site that rhymes with froogle.

Re:Excuse me ... by hal2814 · 2007-05-11 05:40 · Score: 1

"except the IRS, acne and that kid on the bike in Better Off Dead"

Google did take care of that kid on the bike for me. I don't know how they did it, but all I had to do was give Google $2 and they made him go away somehow.
Re:Excuse me ... by Phu5ion · 2007-05-11 06:15 · Score: 1

Yeah, just as long as Google doesn't come to your house saying; "I want my two dollars!"

--
Slashdot is kind of like Playboy; we aren't here to read the articles.

right.. by mastershake_phd · 2007-05-11 05:31 · Score: 5, Funny

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.

So google is going to protect us from webpages that use less than reputable advertising and widget services. Hmm, maybe google should go into the advertising and widget service, oh wait...

--
Libertarian Leaning Political Discussion Forum.

Useful, if reliable, but not 100% by Bearhouse · 2007-05-11 05:32 · Score: 3, Interesting

Some people don't like, or cannot use, Firefox or Opera, plus sensible add-ons such as anti-phising plug-ins, noscript...

For example, one of my (very big) corp. customers is still running IE 7...

When I challenged the support guys about this, they said 'that's OK, we detect & block most things at the firewall'...

*sigh*

When I pointed out that:
1. That's bullshit.
2. Lots of their managers travelled, and surfed the net via unsecure methods like hotels using proxy servers, public wifi, they said 'that's OK, they can only access the intranet and internal mail via VPN'.

*double sigh*

So now I advise people not to click on URLs directly, or type them in, but go via Google. It's better than nothing...

Re:Useful, if reliable, but not 100% by Giometrix · 2007-05-11 06:00 · Score: 0, Flamebait

From my understanding IE7 is pretty secure, especially on Vista.

--
Download free e-books, lectures, and tutorials at bookgoldmine.com
Re:Useful, if reliable, but not 100% by Stevecrox · 2007-05-11 07:32 · Score: 1

You do realise that a properly configured setup of IE7 can be more secure than Firefox right?

I don't see the issuse the type of people who get malware/spyware/virus's will get them reguardless of browser, sure a good browser will help stop of it but your forgetting how stupid some people can be. The company sounds like they have a good approach, the VPN probably blocks all but a few ports and hopefully some sort of firewall stops the other attacks sure it doesnt help that externally infected machine but it will help limit (well stop) infection (my university's policy.)

I can think of two retail companies who use IE6 in the POS tills and computer management systems (Waterstones and Woolworths.) The Devonport Royal Dockyard (owned by DML Group) uses IE6 in its infrastructure and Exeter University and Plymouth University (with its six off campus LARGE (100+ computers) sites) both use IE6 as their main browser. Using IE7 is pretty forward thinking.

Anything wrong with this? by awesomo2001 · 2007-05-11 05:32 · Score: 1

From the article,

The user is presented with links that promise access to 'interesting' pages with explicit pornographic content, copyrighted software or media.

In other words, the people who have their computers hacked are those looking for trouble in the first place (although I have to admit that I don't consider porn trouble but I bet most of these problematic sites are serving copyrighted material anyways.) I guess you get what you pay for!

--
Smart Machines Blog

eh? by Anonymous Coward · 2007-05-11 05:32 · Score: 0

1 in 10 sites equals 450,000?

Thanks Slashdot, I never realised the internet was so small.

Re:eh? by Anonymous Coward · 2007-05-11 07:02 · Score: 0

Thanks for upholding the /.er traditions and ignoring TFA! Go, you!

Sample size = 4,500,000
"Bad" sites = 450,000

Five second answer by guerby · 2007-05-11 05:33 · Score: 1

Just display something different, that is hide malware) when googlebot comes on your website.

end-users, man by Skadet · 2007-05-11 05:33 · Score: 3, Insightful

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets. These days, almost nothing is designed by the website owner. Unless you're coding your own html/php/asp/pearl/ruby/python or at very least peruse the source code of the widgets you download to make sure there's nothing bad in there, you're just another end-user. And so this is not unexpected. End-users are the ones that "CL1CK TH3 PURPL3 M0NK3Y F0R ELEVENTY M1LL10N DOLLERZZZZ!!!" and install all sorts of crazy stuff on their machines. (Rabbit trail: one of my clients many years ago actually ASKED me to install the infamous purple monkey for him because he liked the text-to-speech). Whether it's on the desktop or on the web, people who will install anything without even a hint of research will continue to spread computer-borne diseases. It's one of the reasons I hate MySpace. What 13-year-old girl isn't going to think sparkly, smiling unicorns aren't cute? Of COURSE they're going to spread them around, even though they're attached to a malicious website.

--
Sony ha

A Malware Site in China by PHAEDRU5 · 2007-05-11 05:33 · Score: 3, Funny

http://www.usconstitution.net/

--
668: Neighbour of the Beast

Re:A Malware Site in China by Anonymous Coward · 2007-05-11 06:22 · Score: 1

its not in China and i cant find any reports on malware from that site

whois -h whois.arin.net 209.197.84.79
OrgName: pair Networks
OrgID: PAIR
Address: 2403 Sidney St
Address: Suite 510
City: Pittsburgh
StateProv: PA
PostalCode: 15232
Country: US

but then most malware is based and run from US regardless of where they say it is
Re:A Malware Site in China by PHAEDRU5 · 2007-05-11 06:26 · Score: 3, Funny

You're not very smart, are you?

--
668: Neighbour of the Beast

450,000? by rueger · 2007-05-11 05:34 · Score: 4, Informative

Sigh, are basic editorial skills too much to ask here? (I know, it's a rhetorical question).

TFA does not say that "the company found that nearly 1 in ten sites (or about 450,000) are loaded with malicious software." This implies that there are a total of less than a half million sites that pose a risk.

It said that of the 4.5 million pages examined, "about 450,000 were capable of launching so-called "drive-by downloads"..."

It also notes that "A further 700,000 pages were thought to contain code that could compromise a user's computer, the team report."

The problem is probably quite a bit larger than presented in the summary, even if one ignores the confusion between "sites" and "pages".

--
Three Squirrels

Confusing title by Bearhouse · 2007-05-11 05:38 · Score: 2

"Our Web-Based Anti-Virus.."

Is this not based more at phising scams, trojans and other exploits, rather than just virii?

What's the main source of virus infections? Anybody got some research?

I'm guesing it's swapping infected files, not visiting pr0n sites...

Re:Confusing title by mandelbr0t · 2007-05-11 06:16 · Score: 1

It depends on what you call a virus. Most spyware has viral qualities, usually with the exception that it doesn't use the host to propagate itself. Those are usually delivered through the web via the standard Punch-the-Monkey-type flashlets. Real virii are much worse, and I use the propagation property to decide what's 'real'. Propagation consumes resources on your PC and becomes a risk to anybody directly connected to your network. Spyware usually just, well, spys on you and reports back to a central server(s).

I don't have anything more than anecdotal evidence, but I've seen many more virii through infected warez (pirated commercial software) than any other method. Hint: Beware the Vista crack... I still see the odd spam mail that has a virus attachment, but I've not seen any web page that has attempted to infect my computer (IE7 on Vista, so I think I'm as vulnerable as you get these days). OTOH, I don't use the web for pr0n.

--
"Please describe the scientific nature of the 'whammy'" - Agent Scully

What I'd like to know by MikeRT · 2007-05-11 05:39 · Score: 2, Interesting

Is how they plan on allowing sites to redeem themselves or explain why they had the software there in the first place. If some spammer embeds some malware in a comments section, and you later find it and clean it up, will you be able to get back into Google's good graces?

Re:What I'd like to know by cherokee158 · 2007-05-11 06:06 · Score: 1

Google has farmed this process out to a third party, stopbadware.org, thereby insuring that an understaffed company is forced to deal with tons of irate web users trying desperately to get their site traffic restored before their business goes belly up.

Not a good idea.
Re:What I'd like to know by Anonymous Coward · 2007-05-11 11:45 · Score: 0

I had a firsthand experience with all of this.

In the past, I installed an open source CMS to run my personal homepage. To avoid flamewars, I won't name the CMS here, I'll just refer to it as "*****".

As it turns out, one of the "plug-ins" in my ***** installation included a reusable widget whose server-side components contained a few lines of insecure PHP code. Armed with knowledge of this vulnerability, an attacker could directly invoke that PHP page with a maliciously-designed POST, and upload content of their choosing into my CMS. Even worse, attackers can find thousands of websites to attack simply by doing a Google search for "This site powered by *****."

In my case, an attacker uploaded a few dozen HTML pages, images, etc that were the basis for a PayPal phishing scam. These were placed in a hidden area, so the site still appeared normal both to end users and CMS administrators. Then, I presume they sent out phishing emails, directing people to visit this hidden page on my site.

A good samaritan who saw this phishing email took the time to register my homepage with Google. Subsequently, Google started warning users that visiting my homepage might be unsafe.

I got the problem cleaned up quickly, and yanked the ***** CMS off my homepage. Google has a mechanism for submitting corrections. I let them know that I had cleaned up the problem, and my homepage was removed from their watchlist within about a day and a half. For an unimportant webpage owned by a single individual, I thought this was a pretty reasonable turnaround on their part.

Does it matter? by Radon360 · 2007-05-11 05:43 · Score: 4, Insightful

I would hope that Google is looking at it more from the perspective of what is generally good for the betterment of the entire internet. Who cares if it directly benefits users of Microsoft product users more than Linux/OSX users? Bottom line, it is potentially one less infection, and one less pwned computer in a bot network. Less infections means less machines that are probing ports on random addresses, or used in brute force attacks, such as DoS attempts.

Don't get too tied up in the means, but rather what the potential end results, good or bad, might be.

Re:Does it matter? by pegr · 2007-05-11 05:50 · Score: 1

Do we really want to make it easier to identify malware sites so evil-doers will have a ready-made list of sites to entrap the unsuspecting? At least going through Google, you get a "head's up" first. With a direct link, you don't even get that...
Re:Does it matter? by HRHsoleil · 2007-05-20 22:27 · Score: 1

This stuff doesn't seem to be just an IE problem. WhatIs.com has a quiz about Web-based malware that's quite enlightening.

10% number misleading by Orinthe · 2007-05-11 05:44 · Score: 4, Insightful

It should be noted that the 10% of the web number is somewhat misleading--some comments seem to think it implies that 1 in every 10 pages one visits are likely to contain malware, or the like. Chances are, most of these pages are not worth visiting. This isn't in in every ten pages on yahoo.com or cnn.com, it's probably more like 8 in 10 pages on freekiddiepornplz.com and piratewarezserialzhackz.tv.

--
SELECT quote.text AS sig FROM quote NATURAL JOIN attribute WHERE attribute.description = 'witty';
0 rows returned

Google Toolbar by Radon360 · 2007-05-11 05:45 · Score: 1

Don't be surprised if somehow this becomes an integrated feature in Google Toolbar, much like their page rank feature. My guess is that you would be able to disable it, too.

Re:Google Toolbar by morgan_greywolf · 2007-05-11 06:04 · Score: 1

Uhhh...it already is

--
My blog
Re:Google Toolbar by Radon360 · 2007-05-11 06:20 · Score: 1

Page rank feature - yes, it's been there for years, right along with the pop-up blocker.

Didn't see the malware alerter/blocker though, did I miss it?
Re:Google Toolbar by watchingeyes · 2007-05-11 11:08 · Score: 1

What makes you say that? Google already has an anti-phishing feature in Google toolbar, and both it and Pagerank are easily disabled with a few clicks.

--
http://watching-eyes.blogspot.com/
Re:Google Toolbar by Random832 · 2007-05-14 05:14 · Score: 1

Well, he was talking about the new history feature. page rank and phishing filter do the same thing. The point, though, is that there is already an option (several in fact), on by default, to filter all http requests through google's servers.

--
We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.

Ghost in the Browser? by PlayItBogart · 2007-05-11 05:45 · Score: 3, Funny

Is that anything like Ghost in the Shell?

Re:Ghost in the Browser? by AlgorithMan · 2007-05-11 13:29 · Score: 1

Is that anything like Ghost in the Shell?
only if you run lynx... (-:

--
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Re:Ghost in the Browser? by VanessaE · 2007-05-11 16:25 · Score: 1

No, that would be Ghostscript in the Shell.

side rant on froogle by game+kid · 2007-05-11 05:49 · Score: 1

I read it on the internets, of course ... on some site that rhymes with froogle.

I wonder how the Froogles.com guy is feeling, now that Google calls that service Google Product Search.

--
You can hold down the "B" button for continuous firing.

I'm googleperplexed... by smitty97 · 2007-05-11 05:54 · Score: 1

the company found that nearly 1 in ten sites (or about 450,000) Let me get this straight.. 1. there are only 4,500,000 web sites, and 2. 37% of them have 09-f9-11... on them?

--
mod me funny

Re:I'm googleperplexed... by Anonymous Coward · 2007-05-11 06:10 · Score: 0

I'd like to explain the concept of a SAMPLE to you.

You Better Believe Google!! by Anonymous Coward · 2007-05-11 05:54 · Score: 0

I was trying to download a pirated program (to test it out), Google warned me, and I installed it anyway, and had to reformat my machine!!

It's inclusion of StopBadware .... by cpatil · 2007-05-11 05:54 · Score: 1

Its inclusion of StopBadware project that Google started in 2005. It also has WebSense as its partner now.. http://web-software.broadbandindia.com/2007/03/sto pbadware-inducted-in-googles-engine.html

See actual paper. Not really that new. by Animats · 2007-05-11 05:55 · Score: 5, Informative

Here's the actual paper. It's a Usenix paper.

What they're doing is straightforward, and it's much like what many virus scanners do. First, they look at web pages to see if there's anything suspicious that requires further analysis. If there is, they load the page into Internet Explorer (of course) in a virtual machine, and see if it changes its environment. The better virus scanners have been doing something like that for a few years now, running possible viruses in some kind of sandbox. Although they usually don't go all the way and run Internet Explorer in a virtual machine. (Are you allowed to do that under Microsoft's current EULA for IE 7?)

The main problem with Google's approach here is that it's after the fact. They won't notice a bad page until the next time they crawl it. Bad pages come and go so fast today that they'll always be behind. As the paper says, "Since many of the malicious URLs are too short-lived to provide statistically meaningful data, we analyzed only the URLs whose presence on the Internet lasted longer than one week."

If Google implements this, the main effect will be to push attackers into changing site names for attack sites even faster.

It's all so backward. What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away. That would actually work.

Re:See actual paper. Not really that new. by Kadin2048 · 2007-05-11 06:52 · Score: 1

It's all so backward. What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away. That would actually work.

Or, just not run Internet Explorer, which as far as I can tell, is the most effective solution overall.

--
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Re:See actual paper. Not really that new. by mcrbids · 2007-05-11 08:51 · Score: 1

What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away. That would actually work.

Sort of. Your conclusion that this would work is a result of looking at security only from a limited context. While this does limit the damage of a single type of attack (virus meddling with O/S files) it doesn't do anything at all to defend against the many other forms of online attacks.

To wit:

What about phishing attacks that try to trick you into "logging in" to a bogus website?

What about keyloggers that get your credentials as you type them?

What about viruses that run inside the sandbox, blasting out SPAM while your kid peruses myspace?

What about cross-site scripting attacks that lift private information out of your sessions and cookies?

What about "user-space" viruses and worms that do not infect your Operating System, but rather operate 100% in userland? We'll see more of these as MacOS/Linux adoption increases.

Rather than band-aid a hackjob of an Operating System with yet another layer of duct tape, we need to design a system that is intrinsically secure against these and other forms of attack. Engineered directly into this system should be not only protections for the Operating System, but protections for the user as well!

--
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Re:See actual paper. Not really that new. by Tatsh · 2007-05-11 12:08 · Score: 1

Or, just not run Internet Explorer, which as far as I can tell, is the most effective solution overall. Completely agree. The problem I see with people receiving warnings and reporting errors on web sites is that this is mostly involving IE. So many of the problems are IE-specific and IE, in my opinion, should simply not be used if that is the case. Are people too dumb to realise the alternatives? The other thing I hate is that Microsoft refuses to restart the code from scratch or something really close to it, fixing bugs one by one instead of coming up with a better strategy. And no, I didn't RTFA.
Re:See actual paper. Not really that new. by pipingguy · 2007-05-11 16:03 · Score: 1

Like using Parallels on a Mac?
Re:See actual paper. Not really that new. by Anonymous Coward · 2007-05-12 10:09 · Score: 0

Are people too dumb to realise the alternatives?

yes. they are. i see this everyday when someone buys a computer at our shop.

them: does it come with Internet?

me/us: it comes internet ready

them: so it doesn't have Internet on it already?

me/us: it comes Internet ready. the Internet isn't an application or software package.

them: ??? (DSLFC - dumb stupid look from customer)

them: well, isn't that what Internet Explorer is for?

me/us: yes, it's for browsing the Internet, but you must have an Internet Service Provider

them:??? (DSLFC again)

customer then purchases a machine, muddles through getting AOL installed and running or the illustrious crapware from ATT-Yahoo, and is back in about 2 months with a machine that is so overloaded with all sorts of various bits of malware the machine can barely function(5 minutes to load desktop, nothing works at the Application layer(you can ping stuff all day long you just can't use IE or Firefox to browse the web)) and they vehemently deny visiting any of the following: game sites, porn sites, downloading music/movies/software through p2p like gnutella or kazaa, or even clicking the yes button on the now infamous Win AntiVirus Pro 2007 ransom-ware popup ad, yet the contents of their cache and history files show otherwise. and even when i show the reports of the infections and tell them how they got violated, they still deny it or blame the kids/brother/sister/uncle/nephew/niece/roommate/do g/cat.

and yet you ask, are people that stupid?

yes. yes they are.

Frivolous Lawsuit Time by packetmon · 2007-05-11 05:56 · Score: 1

I once wrote a document called Ghost in the Shell which dealt with crypto/stego. I wonder if I can sue Google for stealing the concept name in order to pay back the anime producer who will sue me after they get wind of it..

--
Infiltrated dot Net

Woohoo! by retro77 · 2007-05-11 05:57 · Score: 1

Good! now I can finally get that copy of Vista without getting all the spyware....just kidding....i dont condone software piracy...

Wrong title for summary by Anonymous Coward · 2007-05-11 05:58 · Score: 0

Shouldn't the title be "Google to be Our Web-Based Anti-Virus Protector Overlord?" Seems more apropos.

Easy to defeat? by 140Mandak262Jamuna · 2007-05-11 05:59 · Score: 4, Interesting

The malicious websites just have to skip the malicious code when the user agent string is google crawler. Are they going to change the user agent string? Will it be considered pretexting (the euphemism for impersonating)?

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact

Re:Easy to defeat? by mandelbr0t · 2007-05-11 06:27 · Score: 1

Nah. They'll just use Tor. Everyone else can be anonymous on teh intarwebs, why not Google?

--
"Please describe the scientific nature of the 'whammy'" - Agent Scully
Re:Easy to defeat? by mpeg4codec · 2007-05-11 07:33 · Score: 1

Pretexting is a euphemism for lying.

This is a good step, but not enough by zukinux · 2007-05-11 06:00 · Score: 2, Interesting

It's very nice from Google or any other company to do so. But I think the solution is to teach people to surf smarter! I.e When they think they want to download a movie, there's no way to download .exe file! it's just plain stupidity. People need to read the messages they pop before they click yes on every message like : By Clicking yes 1Click-weather-adware-traybar will be installed.
One day people will learn to surf smarter, meanwhile, we will help them becoming smarter.

--
Read and Comment at my BLOG
!!!

Google's response by Radon360 · 2007-05-11 06:01 · Score: 1

Mask the identity of their crawler for this work.

What you suggest is wrong and immoral by __aawdrj2992 · 2007-05-11 06:06 · Score: 5, Insightful

Since most of this malware attacks windows machines, isn't google helping microsoft more than it's helping linux or apple?

Since morality is defined by the desire to limit human suffering, protecting innocent people who don't know better from malware is always going to be for a greater good. People shouldn't have to get their OS reloaded every few months.

Not running your choice of OS doesn't make them bad, and is a startling simplistic world view. There's no "helping Microsoft" here; they are trying to protect all Internet users. Since those people are using Google search, it's really more like trying to serve their customers better. Since all their customers are Internet users; so ask yourself: what is concern #1 amongst Internet users?

Re:What you suggest is wrong and immoral by a.d.trick · 2007-05-11 15:30 · Score: 2, Interesting

Since morality is defined by the desire to limit human suffering

Really? I won't say that human suffering is good or anything, but I think that's a pretty short-sighted definition. I mean, if I just killed everyone there would be no more suffering.

Axis is evil by Anonymous Coward · 2007-05-11 06:11 · Score: 1, Funny

Google, SCO, Microsoft... the axis of evil...

my first oblig. by yoyoq · 2007-05-11 06:14 · Score: 0

I, for one, welcome our web-based anti-virus protector.

It already exists somewhat by Anonymous Coward · 2007-05-11 06:19 · Score: 2, Interesting

Tools > Options > Security > Tell me if the site i'm visiting is a suspected forgery, then the option check by asking google.

Checks if they are forged sites and so on built right in. I would suspect not long there will be an option check if this is a bad site.

Pardon my cynicism, but.... by mblase · 2007-05-11 06:24 · Score: 3, Insightful

the Google study analyzed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets

I am shocked, SHOCKED, to discover that a company that makes money selling ads on other websites would want to highlight malware-spouting ads by other companies.

Yes, I agree that identifying these ads is a Good Thing. No, I don't think publicly-traded Google's intentions are entirely noble.

Great Idea - No False Sense of Security by madsheep · 2007-05-11 06:26 · Score: 2, Insightful

Regardless of whether not not this provides a "false sense of security" it is a good idea. It would certainly be better than nothing. It won't really provide a false sense of security anymore than a phishing tool bar, antivirus software, or e-mail filtering. Right now people search for stuff on Google and click the link. There is no false sense of security. People are already assuming the websites are safe. If Google steps in and says "hey, this site isn't safe", then at least people have advance notice and choice.

I see references to common things like widgets, but I don't see that as the most commonly attacked/exploited part of websites. Sure it's a real issue and is common (yes AdSense was hit with this kind of attack), but I hope they look for a lot more. One of the most common these days are the surprise addition to website sources of iframes with widths of 0. Or new and sudden references to .js files or new obfuscated JavaScript. If they look for all of this and possibly analyze/process it, they can go a long way to stop this type of malware. This feature if implemented correctly is a win for everyone on the Internet... well except the bad guys. :)

Re:Great Idea - No False Sense of Security by dnadir · 2007-05-12 17:59 · Score: 1

It would be better than nothing, but there are already tools that do this, for free, and that do it for not just Google but for the other search engines too. www.scandoo.com will give you information about not just malware, but tell you if the site is in a category that you don't want to see. It doesn't mess with the results at all, and the category alerts are totally user definable. www.siteadvisor.com (owned by McAfee) does something similar. Biggest difference is that most crawl and add the information in a DB. Scandoo also does a scan in real time. Both tools provide information about the sponsored links too.

How accurate? by Anonymous Coward · 2007-05-11 06:30 · Score: 0

When Richard Jeni died, I did a google search to see who he was. The first hit was his webpage, but it was tagged 'this site may harm your computer', so I didn't bother. Bad timing! And not very accurate either!

Please NO MORE Google stories by Anonymous Coward · 2007-05-11 06:33 · Score: 0

Did Google pay Slashdot? Every day there are two or three Google stories, I use Google for search, but I am really sick of reading so much on daily basis about one single company on Slashdot.

Great. by dogbrt · 2007-05-11 06:41 · Score: 1, Funny

I've always wanted protection from those dreaded Anti-virus software.

robots.txt by _bug_ · 2007-05-11 07:14 · Score: 2, Insightful

What about malicious sites (fake login pages) that disallow indexing/crawling via meta tags or robots.txt. If Google still searches/indexes that page then they break the rules for crawlers/bots and how does that reflect on them?

Also, what about content that's delivered on pages that require you to login first (poral, message boards, etc..). These are areas a crawler is not going to get to and completely miss.

Going back to the fake login pages bit, unless Google can index every site every day these fake login pages will be up and down long before the crawler reaches them.

The speed with which web-based worms, fake logins, viruses, etc.. spread is probably far far greater than the cycle time for Google to crawl the malicious site in question.

Where I could see some real value here is in using Google to detect vulnerabilities in existing sites (publicly available documents with sensitive information like CCs, open directories with long lists of mp3s or large videos, simple phrases that indicate some web vandal has hit the site like "X was here" or "hacked/owned/pwnd by X" etc. Focus on giving web developers a tool to evaluate their own site from a security perspective rather than worrying about the end user. Google's infrastructure really isn't built to work like that.

Re:robots.txt by Shados · 2007-05-11 11:49 · Score: 1

Well, I'd think the point is to only check the pages that are actually displayed in google. If there's a robot.txt blocking a page, Google won't display that -exact- page, and it thus won't even be in the links I might end up clicking directly from google.

The loss is that you could go to a safe link, then be redirected or whatever to an unsafe one, so its indeed not perfect, but...
Re:robots.txt by evolymsey · 2007-05-12 02:27 · Score: 1

This is a good point you bring here. But hopefully surfing sites that require a login to access the datas will disappear slowly. Since more Web services oriented organizations will continue to raise, with a platform for participation and users generated content, the less people will try to satisfy their needs for free stuffs "closed" sites, hiding behind.

False positives? by Anonymous Coward · 2007-05-11 07:22 · Score: 1, Informative

And how is Google going to handle false positives?

I'm a lot less enthusiastic about this as Gmail is rejecting my home IP, because "Our system has detected an unusual amount of unsolicited mail originating from your IP address."

I've checked and monitored my Linux box. I'm not sending spam. Personal mail would be 0 to 5 a day to Gmail addresses. I've had this DHCP issued IP since at least February, so it's not an inherited problem. I contacted Google as a Gmail customer two weeks ago (there's no direct way to contact them) and gave them all the relevant detail so we can fix it, and have been sending a test message to my Gmail account once a day since.

I've heard bugger-all from Google. The daily test messages are rejected. Two of the "rejected" messages have gone through a day later.

Search for 'Google is blocking my IP' & similar reveals I'm hardly alone. So yeah, no. With Gmail they've proven they're not perfect, yet don't provide support to clear up the inevitable mistakes. So I'm not enthusiastic about further censorship by them.

Mitigating the damage is second best. by argent · 2007-05-11 07:42 · Score: 2, Insightful

What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away.

What we need is for Internet Explorer to actually implement a real sandbox, and make all the attack vectors that involve ActiveX go away.

If found by cybereal · 2007-05-11 07:45 · Score: 0, Offtopic

This comment is on the slashdot post, if found. It's not intended to address the article itself, if found. Also it is not intended to address the subject, if found, of the article, if found.

Mainly, if found, what I'm saying, if found, is that if you should feel the need to complain about this post you can shove the complaint in your ear, if found.

--
I read the script, and I think it would help my character's motivation if he was on fire. -Bender

heh by Anonymous Coward · 2007-05-11 08:09 · Score: 0

microsoft has been producing vulnerable crapware for over a decade, when is microsoft going to get a clue that something they are doing that goes in to build windows is not working, even better (yet harder to obtain) is when are windows users going to get a clue and replace windows with something else (Linux)...

It's like any other RBL by br0d · 2007-05-11 08:17 · Score: 1

Works to some extent, take a lot of maintenance and user participation, has falses, pisses off some innocent people whose sites get compromised and then added to the list, requires effort to get taken off the list. stopbadware.org is a partner with google and I think it's a great idea, but it's going to require a ton of maintenance and will not end up being the sort of thing that uses few enough resources to continue out of the goodness of one's heart, so partnering with Websense is smart. They already have over 77000 hosts listed on their site, and that is likely to keep going up and up.

Physician, heal thyself. by glindsey · 2007-05-11 08:22 · Score: 1

So, are they going to point out all of the scam/spam/malware pages in their "Sponsored Links"? Hell, even searching for "Google Earth" turns up five pages purporting to be the download location, pages which no doubt either make their money from ads, or encase the download in absolute spyware hell.

This is awesome - googlehacking helps blackhats by JimmytheGeek · 2007-05-11 08:22 · Score: 1

So this helps redress the balance.

What a great idea.

SKYNET: first step of network Self Awareness by goombah99 · 2007-05-11 08:24 · Score: 1

Perhaps the defining characteristic of organization by cooperative lifeforms is the recognition of self versus non-self from the multi-cellular level on up to the tribal level. Here is a small step towards a network that can recognize what is healthy and what is hostile to it.

Up until now this has mainly been done in a supervised method where some central authority made a finding. Now this is becoming automated to recognize intruders without human intervention. And it's happening in a collective way in which a shared immune system (google) is generating the response to the intruder for all the cells.

Then one day the self-aware googleplex realized that all viruses were generated by men, and could be eradicated from computers it was sworn to protect computers by eradicating man.

--
Some drink at the fountain of knowledge. Others just gargle.

im not being paranoid but... by wwmedia · 2007-05-11 09:02 · Score: 1

im not being paranoid but now if lets say your site doesnt conform to "google" standards they can just label you site as spyware?! i can see it now, goes and types http://live.com/ google tollbar pops up "this site is marked as malware, blah blah" great way to take out your competition and extend own monopoly!

Google could "borrow" client cycles... by WoTG · 2007-05-11 10:15 · Score: 1

What's to stop Google from using the Google Toolbar to do basic scanning of incoming web pages? If anything looks suspicious in the initial scan, they can push the URL to "Googlenet" to have the URL fully analyzed.

As much as I hate giving so much power to a single company... a Google web antivirus system is actually a pretty good idea.

i noticed this when checking my stocks WWW! by MrDERP · 2007-05-11 10:27 · Score: 1

type "SOLF" into google, it brings up solarfun's web page, this is a company i have invested money into!!! This does not look good, atleast I sure hope it's accurate, i emailed the PR and IR people. Still If it's not right, then it could cause damage, or suppose someone wanted to sabotage your business, is there some way they can make google warn people to not even visit the site as a way of corporate sabotage? Terrible for business (at SOLF at least)!! JEff

Re:i noticed this when checking my stocks WWW! by Anonymous Coward · 2007-05-12 11:30 · Score: 0

this is what i found after visting solarfun.com.cn:

clamscan --recursive --infected 2u053tql.default/
2u053tql.default/Cache/_CACHE_003_: Trojan.Downloader.JS.Adodb-1 FOUND

that was from just visiting. had this been an actual windows machine and i browsed there using IE, this machine would have been owned. just from pointing a browser at it.

perhaps you should reconsider how well you research a company before investing in them.

Re:A Malware Site in China: and Google "kowtowing" by Anonymous Coward · 2007-05-11 14:51 · Score: 0

Nice bit of sarcasm, but now take it a step further. Since Google's stockholders voted to continue letting Red China tell them how to operate on "their" part of the Internet (Google Shareholders Reject Censorship Proposal - http://yro.slashdot.org/yro/07/05/11/0416216.shtml ), how can we trust Google to warn us if the site is controlled by Red China, and being used to wage cyber warfare against users from other countries with ... malware ? Try a Google search with "china cyber warfare" - very disturbing.

There's your answer by ESqVIP · 2007-05-11 17:15 · Score: 1

While eventually these questions about "redundant" and "overrated" moderations get repeated, I personally am amazed at how people can't stop to think for a few seconds. I hope you get modded up (I don't have mod points), so maybe we don't get the same question asked over and over again for such a simple and obvious answer.

Oh yes. I trust everything to Google by notaprguy · 2007-05-11 17:51 · Score: 1

Google will take care of us. Not to worry. They don't do evil...as long as you watch their ads. Just don't ask questions or break their NDA's. Then you're fucked.

They need good insurance then... by cenonce · 2007-05-11 23:33 · Score: 1

This opens them up to a lot of liability. They get a site wrong and it loses business, they will have defamation claims, interference in business claims... their legal team will be plenty busy.

Where can I find it? by ErGalvao · 2007-05-12 00:16 · Score: 1

Does someone knows where can I find the paper? I've ran a resarch on Google, but oddly none of the results is from Google itself...

TIA,

--
Er Galvão Abbott - IT Consultant and Developer

Super Google? by Anivair · 2007-05-12 08:04 · Score: 1

I'm not sure that I have faith in google's ability to do this, but I do admire the intent.

Slashdot Mirror

Google to be Our Web-Based Anti-Virus Protector ?

171 comments