Inside Google's Anti-Malware Operation

Trailrunner7 writes "A Google malware researcher gave a rare peek inside the company's massive anti-malware and anti-phishing efforts at the SecTor conference here, and the data the company has gathered shows that the attackers who make it their business to infect sites and exploit users are adapting their tactics very quickly and creatively to combat the efforts of Google and others. While Google is still a relative newcomer to the public security scene, the company has deployed a number of services and technologies recently that are designed to identify phishing sites, as well as sites serving malware, and prevent users from finding them. The tools include the Google SafeBrowsing API and a handful of services that are available to help site owners and network administrators find and eliminate malware and the attendant bugs from their sites. Fabrice Jaubert, of Google's anti-malware team, said the company has had good luck identifying and weeding out malicious sites of late. Still, as much as 1.5 percent of all search result pages on Google include links to at least one malware-distribution site, he said."

"Can I turn it off?"

[Grismar]

This suggests that Google will actively filter out sites that spread malware or are phishing? I'm sure Google will do a fine job at it and odds are I would leave such a feature on, but shouldn't there be an option to turn it off? I would feel way better about a search engine if I knew I could turn all its censoring features off. It's the same with SafeSearch, I have it turned to moderate, but I like the fact that I can opt to turn it off.

It's a group effort.

[happy_place]

I've got a buddy from Bluecoat. They regularly search for these sites, and he says their company regularly reports malware sites to Google. He said there was a time when their software blocked Google because it wouldn't clean up its act. Things have changed.

Re:I like it

[LordSnooty]

It's much more preferable to the AV industry's blackmail tactics... give us your money every year and we'll try and squash these progs... but we might not... if we don't there's bugger all you can do about it.

Much better is stopping the bad sites appearing in the first place. And all for free! Stuff like this is why Google can hold on to the "don't be evil" line for now.

Virtual Fail Guy

[twitter]

From the article:

To find malware-distribution sites, Google uses a huge number of virtual machines running completely unpatched versions of Windows and Internet Explorer that they point at potentially malicious URLs. The company then ties this in with the data that it gathers from its automated crawlers that are tasked with looking for malicious code on legitimate Web sites.

It would be nice if people would call this stuff Windows malware if it does not do anything to normal computers. Please Call out Windows, people.

Re:Shame

[weicco]

Should Linux developers feel shame also when someone gets his/her machine compromised by running ten years old unpatched stuff? Should door lock makers feel shame if I get my house robbed because I didn't fix broken outdoor lock?

Re:Fighting malware doesn't have to complicated

[JonySuede]

Malware is about third of the problem,
There is not one OS that protect against the type your sudo password to see the dancing bunnies. Not one that protect you against phising and scamming.

Re:Fighting malware doesn't have to complicated

[ByOhTek]

Hahaha. I'm glad you aren't in charge of any IT security.

At least, I seriously hope you aren't.

Because if you think that's going to give you a huge security boost, you've got another thing coming.

You get better security with an informed user than switching from any current OS to any other current OS.