Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Adds Data About Malware To Transparency Report

Posted by Soulskill on from the for-connoisseurs-of-worldly-fare dept.

Nerval's Lobster writes "Google is adding data about malware to its Transparency Report. For the past seven years, the search-engine giant has offered a Safe Browsing program that warns Web-surfers about unsafe Websites (i.e., those loaded with malware or phishing scams). The new section of the Transparency Report will show how many people see those Safe Browsing warnings on a weekly basis, along with other malware-related tidbits, including Webmaster response times to threats and Website reinfection rates. The data includes malware distribution by autonomous systems, which are one (or more) networks controlled by a single entity such as a university or ISP. 'This data is part of our effort to support a safer and more secure web,' read Google's explanatory note in the Report. 'By sharing information from our scans, we hope to encourage cooperation among those who battle malware.' Google takes all that autonomous system data and breaks it down by country. For example, of the 31 million Websites in the United States scanned by Google, roughly 2 percent host malware. In other words, this data just reinforces what pretty much everybody knows: it's not a safe Internet out there."

20 comments

  1. NSA Malware by Anonymous Coward · · Score: 0

    Did they add the NSA and their illegal surveillance to this Malware list?

    Surely the NSA is the biggest piece of Malware out there right now, I hope google added them to this list.

    1. Re:NSA Malware by AliasMarlowe · · Score: 2

      Surely the NSA is the biggest piece of Malware out there right now, I hope google added them to this list.

      One of the biggest distributors of malware, certainly, but they outsource this function to numerous others (possibly including Microsoft, Apple, Oracle, etc.). The NSA is probably also one of the biggest purchasers of malware.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  2. Will they include ... by DavidClarkeHR · · Score: 2

    Being warned against malware is great - on the other hand, I don't tend to use the internet (or my computer) in a way that would make me susceptible to most infections.

    Now, being warned about potential government spying on the other hand ... that would be useful.

    --
    - Nec Impar Pluribus, or so I'm told.
    1. Re:Will they include ... by auric_dude · · Score: 1

      Sounds like a man in the middle attack where Google alters and amends the data returning from the site you wish to visit, but, they are at least polite enough to inform you of their intervention.

    2. Re:Will they include ... by tukang · · Score: 1

      I don't tend to use the internet (or my computer) in a way that would make me susceptible to most infections

      Vast majority of malware attacks spawned from legit sites

    3. Re:Will they include ... by Anonymous Coward · · Score: 0

      Not concerned ... using VMs for most of my browsing that get wiped after each use, and different VMs (and OSes) for different purposes. So, yeah, I guess if I was doing anything sensitive on my trashy VM, I'd be concerned. But when I only do my banking on a VM in a strange OS and disabling scripts ...

    4. Re:Will they include ... by Anonymous Coward · · Score: 0

      Being warned against malware is great - on the other hand, I don't tend to use the internet (or my computer) in a way that would make me susceptible to most infections. Now, being warned about potential government spying on the other hand ... that would be useful.

      The part nobody mentions is the tracking. Google cannot tell you if a given site is known to harbor malware without your browser first telling Google what site you are trying to visit. Now they can track sites that don't participate in their Google Analytics and ad networks. That's .. just spiffy.

    5. Re:Will they include ... by Anonymous Coward · · Score: 0

      Service I use to check sites I visit knows what sites I visit, oh my!

      IIRC, they only check it once per site per cache expiry time and promise not to store anything except anonimized info - if you don't trust the privacy levels they promise for this tool, then just turn it off and use Opera's or MS's or WOT's site checking. I think at least WOT had plugins for all major browsers.

    6. Re:Will they include ... by Anonymous Coward · · Score: 0

      You're an idiot. Take a look at how this is actually accomplished, and you'll see that your browser downloads a file containing the infected sites, which then get cross-referenced to the sites you're visiting LOCALLY. ... but don't let that stop you from posting your Microsoft-funded FUD, douchebag.

  3. Robots.txt by stewsters · · Score: 1

    User-agent: * Disallow: /virus.exe

  4. Eastern Europe, Russia and China are double US... by Anonymous Coward · · Score: 0

    With the whole debacle over Snowden and US snooping... its a relatively safer Internet for US citizens than it is in the countries that are calling US an Internet spying tyrant.

  5. went fro a frosty posty by Anonymous Coward · · Score: 0

    but my AC post timer won't allow it.

  6. What about false positives? by Anonymous Coward · · Score: 0

    So far the various warnings have usually done their utmost to block me from my favourite webcomics, usually because some advertising mishap or other. What was their biggest business again?

    This sort of "service" all too easily turns into false competition and position abuse. Especially since google does everything and a bit to keep you from contacting them. Sometimes having to talk to a small shell script is just no replacement for getting a human.

    1. Re:What about false positives? by Anonymous Coward · · Score: 0

      Sometimes having to talk to a small shell script is just no replacement for getting a human.

      In America the shell script is smarter and a whole hell of a lot less obese.

  7. when do the ISPs get DROP'ed by Anonymous Coward · · Score: 0

    All well and good listing the hosts but if the police wont get involved then perhaps upstream is where efforts should be put, when a network hosts 94% of malware how bad does it have to get before they are DROP'd ?

  8. Sure by Anonymous Coward · · Score: 0

    They never say what malware it was, either.

  9. Re:Eastern Europe, Russia and China are double US. by pr0fessor · · Score: 1

    I'm not so sure that is accurate the number of sites scanned in the US is around 14 Billion but none of the other countries had more than 1 million scanned. I'm not sure how that skews the results since I have no idea how many sites are in each country. India had 25k sites scanned but has a population of around 1.2 Billion compared to the US 313 million.

  10. Re:Eastern Europe, Russia and China are double US. by Anonymous Coward · · Score: 0

    I'm not so sure that is accurate the number of sites scanned in the US is around 14 Billion but none of the other countries had more than 1 million scanned. I'm not sure how that skews the results since I have no idea how many sites are in each country. India had 25k sites scanned but has a population of around 1.2 Billion compared to the US 313 million.

    They're much too busy making glue to adhere dots to their foreheads, sweet-talking cows, answering tech support calls with thick accents claiming to have names like "Bob," and churning out low quality software for american megacorps, to be bothered setting up too many sites.

    You should really learn to be more culturally sensitive.

  11. What do we know, we know by Stan92057 · · Score: 1

    What do we know, we know what sites are bad. We know what IP addresses are bad, we know what software is bad. Well woopdefuckingdo all that knowledge and none has the balls enough to actually DO something to stop them. The stinking NSA knows who the bad guys are but cant do anything because they are breaking the law by spying on people so they cant do anything. I keep getting and reporting child porn spam messages. I even called the FBI ya know what they said?? Just delete it thats it just delete it and hung up on me. I wrote a email to my senator and was emailed back i must fill out a privacy release form in order to get help from him. Evey-ones making excuses or passing the buck its very sad.

    --
    Jack of all trades,master of none
  12. Waste of time by Anonymous Coward · · Score: 0

    Being warned that there IS malware on a site is great. However Google's re-check time on this is ... basically useless.

    A few weeks ago, one of our sites had this malware warning popup. But there was no malware on the site, in fact it was on the ad network, and the malware script wound up losing us thousands of dollars, even though the malware was cleaned up in less than 20 minutes. The warnings didn't go away for nearly 36 hours.

    What is the use of the warning if the owners of the site are just going to say it's a false positive? What was the goddamn point of flagging all our sites as containing malware when the warning was only valid for about 20 minutes (less than 1% of the time the warning was visible)

    When the webmaster clicks "review" that review should be done in 30 minutes, not 36 hours. And more to the point it should be blocking just the site containing the malware.