Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Wants You to Report Malware

Posted by Zonk on from the there's-a-propaganda-poster-in-this dept.

darthcamaro writes "As part of its ongoing effort to keep a clean index Google is soliciting the help of web browsers to let them know when we find malware in the index. Celebrated Google hacker Johnny Long thinks it's a good idea, though he told the site Internet News that he doesn't think it'll stop real hackers. From the article: 'Most in search of malware for offensive use know the good stuff — it ain't distributed through public Web ... It's distributed through dark Web servers, peer-to-peer networks, IRC channels, torrents and the like. Google's efforts will not affect how skilled hackers get access to malware.'"

10 of 135 comments (clear)

  1. I think it's about malware in use not distribution by Anonymous Coward · · Score: 5, Informative

    Obviously hackers don't look for their tools on Google. But if regular people get to websites through Google's index, Google does not want them to get infected by web-borne malware.

  2. That's not the point, you dolts! by Wog · · Score: 5, Informative

    'Most in search of malware for offensive use know the good stuff -- it ain't distributed through public Web ... It's distributed through dark Web servers, peer-to-peer networks, IRC channels, torrents and the like. Google's efforts will not affect how skilled hackers get access to malware.'

    I imagine the idea is that people who are making (ahem) innocent searches will not be so prone to stumble across a malicious page with the latest unpatched IE/Firefox/Whatever exploit.

  3. The article author and submitter aren't too bright by sirwired · · Score: 4, Informative

    The point of this is not to keep hackers from finding malware, it is to keep Google search users from getting infected through poisoned search results.

    Duh.

    SirWired

  4. Re:Not affect how skilled hackers get malware by wizardforce · · Score: 5, Insightful

    it isn't the noobs that worry me, it's when people like you think that malware only affects the noobs and not the servers they will later attack. storm botnet ring a bell? preventing the noobs from inadvertantly joining spam botnets is in our best interests.

    --
    Sigs are too short to say anything truly profound so read the above post instead.
  5. Re:Not affect how skilled hackers get malware by quanticle · · Score: 4, Interesting

    This isn't about that. Google already has a service that reports and detects sites that try to phish your personal information or try to install malware on your machine. No, this effort is to try to purge the Google index of sites that sell malware creation and deployment toolkits to black-hats. IMHO, the original poster is correct. This wouldn't make it much more difficult for script-kiddies and black-hats to get their hands on malware kits, while making it more difficult for white-hats to find information about these programs.

    --
    We all know what to do, but we don't know how to get re-elected once we have done it
  6. DTTP? by BorgCopyeditor · · Score: 4, Funny

    'Most in search of malware for offensive use know the good stuff -- it ain't distributed through public Web ... It's distributed through dark Web servers

    Well, then, they should just block the ports typically associated with the DarkText Transfer Protocol.

    --
    Shop as usual. And avoid panic buying.
  7. don't stop with just malware by Adult+film+producer · · Score: 4, Insightful

    let users flag all of those websites that only have indexes of other websites, link farms or whatever they're call... and please let me flag those "ask the expert" pages as spam.

  8. Dear Google, by iminplaya · · Score: 4, Insightful

    Sony, the RIAA, the MPAA, the FBI, the CIA, the NSA all produce malware. Please block access to their sites.

    --
    What?
  9. Re:Not affect how skilled hackers get malware by hedwards · · Score: 4, Interesting

    I will say it again, for the last time:. If they filter once, they should be liable for any future result. if they filter 'malware' results, but allow KP results, they should be put out of business. You cant selectively decide what you want to let thru then claim protection on the basis that you cant control illegal content. Why? Your argument makes abolutely no sense whatsoever. Of course they can filter one thing out, they could manually do it without any additional technolgy, by having a temp or intern manually typing in regexes. If they could be held liable for not getting all the kiddie porn off their results, they already would.

    Regardless of your opinion, it is far easier to remove malware than it is to remove kiddie porn. For starters identifying kiddie porn requires in many instances knowing the age of the participants, while it is reasonable to assume that a 3 or 4 year old isn't 18, when you start talking about 14 or 15 year olds, it isn't necessarily an easy determination to make in large quantities. With malware, it is relatively straightforward to determine what if anything its doing. Some adult women are the same proportions as teenage girls.

    The other thing is that there will always be malware, child porn and various other types of bad stuff on the net, the initiative here is to try and limit it. Google isn't going be able to stop linking to enough sites to stop it, but hopefully hit enough of them that people don't casually run into it.
  10. Re:Not affect how skilled hackers get malware by darkpixel2k · · Score: 5, Insightful

    As a public company they can drop any search results they disagree with...

    I could give a shit about the windows malware that's out there. I don't run Windows and a good portion of my client base either doesn't run windows or doesn't have access to the net. But what I really wish google would fucking drop from their index is experts-exchange and tech-republic.

    The last damn thing I want any of my search results to return is "Hey--here's the answer you're looking for. The solution is to...[PAY US FOR A FUCKING SUBSCRIPTION PLEASE]"

    --
    There's no place like ::1 (I've completed my transition to IPv6)