Google Highlights Trouble In Detecting Malware

← Back to Stories (view on slashdot.org)

Google Highlights Trouble In Detecting Malware

Posted by Soulskill on Friday August 19, 2011 @02:04AM from the gotta-check-under-all-the-bits dept.

JohnBert writes "Google issued a new study (PDF) on Wednesday detailing how it is becoming more difficult to identify malicious websites and attacks, with antivirus software proving to be an ineffective defense against new ones. The company's engineers analyzed four years worth of data comprising 8 million websites and 160 million web pages from its Safe Browsing service, which is an API that feeds data into Google's Chrome browser and Firefox and warns users when they hit a website loaded with malware. Google said it displays 3 million warnings of unsafe websites to 400 million users a day."

10 of 84 comments (clear)

Min score:

Reason:

Sort:

Re:And this is why smart users by MetalliQaZ · 2011-08-19 02:16 · Score: 3, Insightful

About the same time I saw any meaningful web development targeting that tool.

--
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
It's stupidly easy to compromise a windows machine by Flipao · 2011-08-19 02:22 · Score: 2

And that's even before you escalate UAC rights, I find software like Sandboxie works far better to protect my computer than any antivirus out there.
Reliance on JS by mfh · 2011-08-19 02:31 · Score: 3, Insightful

Javascript really is the source of the most recent problems because it can allow entry into systems and activation of malware remotely. This is why ActiveX is also bad. Developers rush into this kind of technology thinking of the payoff but not the cost.
Really though, JS is totally unnecessary so I run noscript and I don't visit sites that have a zillion JS calls to different sites. I probably could turn antivirus off and still be okay.

--
The dangers of knowledge trigger emotional distress in human beings.
1. Re:Reliance on JS by mfh · 2011-08-19 03:20 · Score: 2
  
  http://csszengarden.com/
  Look at these templates. Not one of these uses Javascript and they are amazing. They are functional.
  They don't have the same level of backend code pushing that you see with JS topheavy sites, but they also don't have a lot of the annoying "features".
  Google for example has a semi-new feature that when you press scroll down the JS captures your keypress and pushes your focus to the next search result. This is horrible and I don't see a way to disable it. When I press downarrow I want to scroll down a little bit. So here is a UI decision Google made for me.
  Why the hell would we let a website decide how our UI experience is going to work? Shouldn't we be making those decisions ourselves and relying on our own methods for this kind of interaction so that we get what we want?
  The best browser money can buy will have the following features (it doesn't exist yet):
  - Keeps the web simple
  - Converts video media like flash and html5 on the fly to its own standard without any lag or adverse effects
  - Reinterprets every website as content, ads, forms, UI, and organizes these into preset methods developed by the user
  - Conforms to standards set by the user, and fully controlled by the user
  
  --
  The dangers of knowledge trigger emotional distress in human beings.
Re:And this is why smart users by elsurexiste · 2011-08-19 02:33 · Score: 2

browse in Lynx.
When was the last time you saw malware for it?
When was the last time you saw anything other than text in a BIG font? ;)
Yours sincerely,
A Lynx user.

--
I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
A good place to vent by AlienIntelligence · 2011-08-19 02:38 · Score: 3, Insightful

1and1 has been a host for me for some time.
Then I got flagged by Google as having malware and I was like... wtf... I don't even actively use
those sites. So, I FTP'd in and downloaded some files, there was an injection of code in all of
my index.htm(l) and default.htm(l) files.
Now, I've had 1and1, since they came to the US. I had a plan back then that had all the goodies,
ssh access to my shell for my sites, so it was easy to administer.
Well, "because of new policies" my old service I had was changed to another... like the cell
companies moving you around on new plans. My new plan, has no ssh access.
What's worse, 1and1, refused to give me shell access so I could take care of all of those
malware files.
Let me repeat... A HOSTING PROVIDER REFUSED TO GIVE ME ACCESS TO MY OWN SITE
TO CORRECT A MALWARE ISSUE!
Nice huh?
So, like I said, since I don't really use those sites, I just deleted them all via FTP and told
1and1 to go fuck themselves. I put up what I needed that was important (after cleaning) on
an EC2 "free" instance.
-AI

--
For me, it is far better to grasp the Universe as it really is than to persist in delusion
Re:Antivirus "protection" racket by Anonymous Coward · 2011-08-19 02:56 · Score: 2, Insightful

Yet another story hinting at the huge lie that is perpetrated on the world in the form of antivirus "protection". Like I've always said, these tools do more to undermine my PC than malware ever has. A good "secure-by-default" installation and a decent understanding of responsible Internet use is all you need. Instead, most people deal with significantly slower performance, and borderline criminal subscription tactics. Protection from new and future threats has always been and will always be a fantasy.
Not all antivirus is created equal, MSE is very lightweight on resources, and it is free - so no 'criminal subscription tactics". And it do offer additional protection. For me it has several times flagged and cleaned malware, sometimes from quite surprising sources. You can have as safe user practices you want, but that won't completely avoid accidental exposure - malware have been found even on brand new USB memory sticks in unopened shrink wrap.
It is of course not 100% protection, but that isn't really an argument against at least having some additional protection at all (even a condom isn't 100% protection, that doesn't mean it is a useless product).
Re:Is this relevant on all computers? by TheRaven64 · 2011-08-19 03:09 · Score: 3, Funny

What malware should I be worried about on my Samsung Chromebook
ChromeOS.

--
I am TheRaven on Soylent News
Re:Antivirus "protection" racket by ka9dgx · 2011-08-19 03:46 · Score: 2

Instead of secure by default, you have run by default in all 3 major environments... Linux, Windows, OSx
Time is running out for this insane approach to doing things... the various band-aids are now in play are rapidly losing their efficacy, and none address the basic issue: code can no longer be trusted.
Fortunately. a few brave souls have ventured into this area with projects oriented at fixing the situation properly.
In the Linux area, seccomp-nurse is a sandboxing framework based on SECCOMP. It is designed to run applications in a kind of jail (enforced by the kernel). It does not use ptrace() at all.
In the Windows area, Polaris (Principal Of Least Authority for Real Internet Security) is a package for Windows XP that demonstrates that we can do better at dealing with viruses than has been done so far. Polaris allows users to configure most applications so that they launch with only the rights they need to do the job the user wants done. This simple step, enforcing the Principle of Least Authority (POLA), gives so much protection from viruses that there is no need to pop up security dialog boxes or ask users to accept digital certificates. Further, there is little danger in launching email attachments, using macros in documents, or allowing scripting while browsing the web. Polaris demonstrates that we can build systems that are more secure, more functional, and easier to use.
Re:It's stupidly easy to compromise a windows mach by oakgrove · 2011-08-19 04:02 · Score: 2

I just hacked in and checked your browser history. Good God, man! Don't you know just thinking about that shit is illegal in all but like 3 countries??

--
The soylentnews experiment has been a dismal failure.