Google Targets Fake "Download" and "Play" Buttons

AmiMoJo writes: Google says it will go to war against the fake 'download' and 'play' buttons that attempt to deceive users on file-sharing and other popular sites. According to a new announcement from the company titled 'No More Deceptive Download Buttons', Google says it will expand its eight-year-old Safe Browsing initiative to target some of the problems highlighted above. 'You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we're expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads,' the company says.

Good

[OverlordQ]

Some sites get ridiculous with that.

Re:Good

SOME!?
More like nearly ALL!

I've seen download sites for FOSS software have a lot of this crap. It gets confusing for me as an IT professional sometimes to figure out the legit download links, I can't imagine how normal computer users manage to navigate the hazardous waters long enough to actually get a legit non virus laden download. Then you have even legit downloads from massive companies filled with toolbars (like adobe reader and flash).
Like shark infested water. Hopefully this move will do some good

Re:Good

[omnichad]

IMGBurn. Not FOSS, but freeware. There's even ads on their site with the IMGBurn icon and a download button but they are for PC Mechanic.

Re:Good

[ShaunC]

I agree. There are tons of fake download links on otherwise reputable sites, there are gray area sites like TPB where you have to be careful what you click, and there are tons of fake download sites where none of the links are legitimate at all. Try Googling for "[random device] driver" and you get many dozens of bullshit SEO'd sites where all the links point to some EXE full of who-knows-what. I hope they're going to combat all three categories.

As an aside, I wonder if SourceForge will get penalized...

Re:Good

Not just sites

+------+
| Play |
+------+

I heard it happens in the comments of sites, too!

+----------+
| Download |
+----------+

Re: Good

Sourceforge user?

Re:Good

Why isn't an IT professional using an Adblocker or at least HOSTS file?

Re:Good

[omnichad]

To be aware of what the average user sees?

Re:Good

[goombah99]

Adblockers don't stop this rubbish. yet

Re:Good

[yuhong]

SourceForge will likely be fixed, there was another Slashdot story on this.

Re:Good

I won't even use their software anymore. Last time I installed it I think I had to go through like pages of unchecking "I accept" on the malware it's set to install by default. Apparently I missed one because it installed some crap I had to roll back with system restore to get rid of.

Re:Good

[penguinoid]

Now I wonder whether Sourceforge's new or previous owners were aware of this before the official announcement.

Re:Good

[l0n3s0m3phr34k]

Too true. Many sites have giant "DOWNLOAD" buttons that are just malware, then a small text link of the actual software.

Re:Good

[omnichad]

I still use it myself, but I'm done recommending it to anyone. There's no alternative I like and it's relatively full-featured.

Re:Good

[l0n3s0m3phr34k]

BizX, LLC is Sourceforge's new owners. Perhaps you missed TFA. Whipslash has been quite engaged already with the community, unlike our old DICE overlords.

Re:Good

[Flea+of+Pain]

Try installing it through Ninite. It's a fresh computer set up person's dream. Check the software you want, download the installer, and BOOM all installed, no crapware, no having to click "I accept" repeatedly.

Brilliant little tool.

Re:Good

Sometimes they do. I recall reading people complain about the large misleading DOWNLOAD buttons on SourceForge, and I was left wondering what the hell they were talking about. Turns out Adblock had a default filter to eliminate those things.

Re:Good

[penguinoid]

Hence, "before the official announcement". It wouldn't surprise me if Dice had heard of this policy weeks ago, perhaps as a friendly warning, and decided to sell before they got hammered.

Re:Good

[LinuxIsGarbage]

True. The only safe ways of installing it are:
-Portable install
-Ninite
-Disable internet access / set dummy proxy during install. It will skip past all the "offers" tabs.

Re:Good

[PRMan]

Sad that The Pirate Bay is only a Medium bad site and other "legit" sites are much worse.

Re:Good

[Dutch+Gun]

That's surprising. I just went there as a test with a browser that had no adblocker or script blocking installed, and sure enough, the site popped open a page telling me some critical software was out of date, trying to trick me into upgrading.

Honestly, I think Google's a little scared by the advent of adblockers, which also tend to both implicitly and explictly double as malware blockers. I see this as a move by them to make web browsing safer without having to resort to installing ad blockers. They can't exactly drop support for ad-blockers plugins, as they'd just hand their market share back to Firefox, but they can try to make them a bit less compelling to use.

Re:Good

[Big+Hairy+Ian]

Can we get them to target fake Next and Previous buttons too

Re:Good

[pslytely+psycho]

Thanks. I'll keep this in mind next time I do a build.

It would sure beat the zillion declines/skips/noIdontwantyourfuckingcrapware buttons I clicked. And they get so fucking deceptive that it's sometimes difficult to tell which button opts out rather than really says Hahahagotyafucker!
On the other hand, I make plenty of weed money off my friends who always use Express Install (Recommended)!
So the evil twin inside me tells me not to recommend it to my friends....and I think the good guy is passed out...what a lightweight...

How would this work?

[ArmoredDragon]

I get it if those ads are part of Google's network, but they rarely are. How would Google target them (in Chrome or whatever) when they're basically just images, unless they do some kind of image parsing for literally every image that loads, in which case, bye CPU cycles.

Re:How would this work?

pretty easy first pass is a text string search for CNET

Re:How would this work?

[wisnoskij]

Did you miss the memo? Google Owns the Internet. They can do anything.

Re:How would this work?

[Guybrush_T]

They may add an ad-blocker to Chrome ... to block and ad that is not coming from Google.

Re:How would this work?

[omnichad]

When you visit a web site flagged by Safe Browsing (in Chrome), there's a full screen warning before allowing you to go to the site. They could probably replace the ad image with a similar warning that you have to click through in order to load the ad.

But it looks like they're just flagging the whole page (see the article linked in the headline - hey, whipslash, we don't want this), letting the site owner take the damage to their reputation for allowing the ads.

Re:How would this work?

[Gojira+Shipi-Taro]

As well they should. Any site owner that tolerates these deceptive tactics, which are generally also mal-ware vectors, deserves to have their reputations shredded.

Re:How would this work?

tackle it server side, they have a web crawler that touches every image publicly available and most scripting files, it seriously wouldn't be hard to correlate images that have been flagged as saying download in them with redirection scripts and or links that don't originate from the server hosting the website.

really if a website is unable to host all the resources that it needs, it shouldn't be on the web. cross linking killed the hyperlink.

Re:How would this work?

[Threni]

Use Firefox for Android, and block ads, javascript, trackers, auto-delete cookies etc etc. Chrome just isn't functional enough for sensible use.

Re:How would this work?

[spork+invasion]

I believe there will be two ways users are warned. One occurs upon attempting to visit a website with deceptive ads in Chrome, in which an interstitial is displayed warning the user that the site may engage in deceptive practices. The other is when clicking links to such websites when they show up in Google searches. This already occurs to some degree when alerts like "this site may be hacked" or "this site may harm your computer" are shown alongside search results.

Re:How would this work?

It'd be easy clientside for end users to do spotting the server addresses and adding them to hosts files blocked.

Re:How would this work?

[omnichad]

All you have to do is sign up for Google Adsense to end up on Google's blacklist. That's going to backfire real quick. They still have fake download buttons on Adsense.

Re: How would this work?

[ZeroWaiteState]

If they get complaints the can blacklist the abuser in the SBL, which causes warnings to show up in the browser when a site containing it is displayed.

Re:How would this work?

[omnichad]

it seriously wouldn't be hard to correlate images that have been flagged as saying download in them with redirection scripts and or links that don't originate from the server hosting the website.

Oh great. For the next 3 years, every reCAPTCHA response will be "Download"

Re:How would this work?

[omnichad]

P.S. It would honestly be a welcome change compared to house number photos from street view.

Re:How would this work?

[GTRacer]

Tell me about it. Sourceforge had a couple as I recall but Download.com? Yikes!

Re:How would this work?

[l0n3s0m3phr34k]

Google should geoip these malware providers and send one of their drones over to slowly rend the living flesh off everyone involved with this crap.

Re:How would this work?

think you will find MOST of them are actually part of googles advertising network.

Re:How would this work?

[St.Creed]

... Ghostery. Solves the same problem, but in Chrome. And I like Chrome more than I do Firefox.

Re:How would this work?

[LinuxIsGarbage]

I always try to answer the house number photos incorrectly if possible. For example if it's a 6, but could pass for an 8, I'll answer 8.

I assume their algorithm shows the same image to a number of people and take the consensus.

Re: How would this work?

[omnichad]

It does work by consensus, but if consensus is already reached, you might fail the CAPTCHA.

Re: How would this work?

[phorm]

Seeing as though Google already has filters to match up similar images, and plays with facial recognition etc, a few buttons shouldn't be that hard.

Sure, the scummers can obfuscate their buttons, but the whole point is to make them look convincing enough like a legit download button that people mistakenly click it so there's only so much variation they can do.

Re:How would this work?

Last I checked Bing and Yahoo! were still around.

Don't like Chrome, use Edge, Firefox or Safari.

Free market biach.

Great article

How am I supposed to RTFA?

Re:Great article

[sims+2]

Right next to the title https://torrentfreak.com/googl...

Hopefully they will go back to putting links in the summary shortly.

Re: Great article

It's not there in the still-crappy mobile view.

Re: Great article

[sims+2]

yeah the mobile version is pretty much worthless.

Re:Great article

[AmiMoJo]

Submitter here. It used to be that if you put the link in the link box on the submission page the editors would insert it into the summary for you. Sometimes I'm too busy/lazy to do it, and what are editors for?

Maybe the new people didn't realise, but it's better to put the link in the summary. Please edit it in next time.

Re:Great article

[sims+2]

Actually they started this a couple months before it changed hands.

Still yet they should always put a link somewhere in the summary.

Re:Great article

[l0n3s0m3phr34k]

Totally...it is a confusing change. For over a decade there has always been a link IN the write-up, but now there is a link next to the headline. Additionally, the link is still green, and the background bar is also green, just darker. And small text too, so it's not very noticeable.

Re:Great article

[anthonys_junk]

They fixed it. I think that's a good sign.

Re:Great article

[l0n3s0m3phr34k]

That was pretty quick! Yes, it's good that our new overlords (lol) are taking active participation and fixing stuff!

Re-purpose

[SuperKendall]

How would Google target them

You know that 20% of free project time Google employees get? Yeah, now it's looking for download button images.

It's not even like they lose anything as they only tell the Google workers that were surfing porn anyway to save off URL's as they browse.

Yey

Step 1: Stop accepting them into adsense? >_>

Safe browsing is worthless

It doesn't catch near the amount of crap it should. I can see this project will be just as worthless.

Re:Safe browsing is worthless

[Etherwalk]

It doesn't catch near the amount of crap it should. I can see this project will be just as worthless.

If you prevent 5% of fraud, it's not worthless, it's just not as good as it could be.

Imagine your attitude were what everyone had used toward spam filtering fifteen years ago. We wouldn't have good spam filtering until some kid without the preconception that it was impossible sat down and hacked it out.

Oh no

This was annoying, however still simple to ignore.
Now sites will come with even more aggressive ways to shovel adware and malware into our faces.

A question

[Hognoxious]

Why does everything need a specific .exe installer? Couldn't they devise some kind of standard mechanism? Or at least, why don't they provide a linux version of the .exe?

Re:A question

[omnichad]

You're right. We need cross-platform compatibility for malware. Who's with me?

Re:A question

Microsoft could have worked on an alternative executable format that is safe and sandboxed, but instead they chose to spend their engineering resources on UI changes, so we're stuck with the decade old .exe installers. People are used to them and will run them, and malware authors benefit from that.

Re:A question

[omnichad]

Microsoft could have worked on an alternative executable format that is safe and sandboxed

You mean MSI / Windows Installer Service? That's about as good as you can hope for, but it does nothing for a user who is convinced they are downloading a program - and digital signatures aren't even shown to the user to match against the name of the software being installed. It only shows if there's not one or it's invalid.

If the user thinks they're going to install software, they're going to give it admin permission to install necessary registry and file permissions. How do you sandbox that away without blocking a legitimate installer?

Re:A question

Installers should be as simple as unzipping a folder, and the app in that folder would be sandboxed in the sense that it can only access files in that folder, and files outside of the folder only by explicit user action through an OS-generated file picker dialog. This app format is safe and has sufficient permissions for most apps, even an office suite.

Re: A question

If the installer is written properly, MSI allows for "per-user" installs, which go into a folder under the user's profile and the user's registry hive. No elevated permissions required.

Re:A question

[omnichad]

An office suite often needs to associate file extensions. Lots of apps use shared libraries, which only needs to exist once on a system (VB6 runtime, .NET, etc). Non-registry settings files shouldn't be in program folders (so that they can be discovered for backup and/or separated from executable files - user files should not be under the Program Files folder).

Sandboxing a Photo manager app to only its own directory means you couldn't even use the default Photos folder to manage a photo library. Reading file lists or generating thumbnails requires file access. And an OS-generated file picker just to update metadata on a photo?

There are several reasons to add registry entries, besides file associations. A CD burning program needs to be able to register UpperFilters or LowerFilters on an optical drive or add a non-hardware driver (since while Windows has userspace drivers, they haven't really been adopted widely as far as I can tell).

Even Linux package managers put default configuration files under /home/ instead of with the binaries.

Re:A question

Sure, there are lots of use cases to consider and solve in a safe manner, but it looks all doable given enough engineering.

Re:A question

If you think it is so easy to solve then solve it. You will make millions as so far no OS has managed to solve this problem.

Re:A question

[St.Creed]

Yep. It's been long overdue too. And they've been able to solve it for mobile phones and touchpads, where you are giving permission in advance. With Windows 10 moving towards one codebase for mobile and PC it should become easier to roll out.

Re: A question

This. It's the best way to make sure that the version of.a document in your editing app does not match the version in your viewing app. You can keep multiple versions of the file, one for each app!

Verifying redirect addresses.

[blueshift_1]

The biggest thing is to always look at the redirect address and see if it makes any sense. Usually the advertisements give themselves away. Though this doesn't really help the most naive of users. Who wants waste time when they could be downloading sw33t haxz.

Re:Verifying redirect addresses.

Of course redirets themselves are security threats. Googles overuse of redirects are like banks overuse of interstitial. They seem to important for profitability, but they create a pervasive culture of insecurity

Mind your own business

Google should probably start warning about their search engine, which presents search result hyperlinks, that by default point to a Google webserver, that redirects you to the target.

Re:Mind your own business

[sims+2]

I've noticed that. It doesn't do it all the time but when it does it's a serious PITA.

Re:Mind your own business

[KGIII]

There are a variety of GreaseMonkey scripts to take care of that. You'll want one to disable Google's redirection.

Download.com

[Not-a-Neg]

They can start with Cnet's Download.com, nothing but ad banners with identical looking green "download" buttons.

Re:Download.com

[Frosty+Piss]

Cnet's Download.com didn't start off that way. "Back in the day" it could be a great "go-to" for software downloads. But they have or are cutting their own throats, it's hard to imagine anyone downloading anything from these clowns today. Let alone actually read any of the "articles" they publish, I mean seriously, who reads that shit?

Re:Download.com

No kidding I can't count the time of my life lost looking for the legit download button on those sites.

Re:Download.com

[omnichad]

I stupidly kept using their site for years after they started doing that. I didn't really quit using it until they started posting "Visit Site" buttons instead of download links. I can't unwaste my time after doing a quick search only to be redirected to a slower download method. And the whole point of visiting download.com was to avoid the hassles of the original site.

Re:Download.com

[castionsosa]

A while back, it was an excellent source for software... the closest thing Windows ever got to a repository. However when they started bundling foistware [1] with other people's downloads, they changed to yet another site that is not worth visiting.

[1]: Software that adds browser add-ons and toolbars, then adds a loopback VPN and a trusted root CA into Firefox's keystore is not exactly trustworthy.

Re:Download.com

[fred911]

" the closest thing Windows ever got to a repository"

Except how you can't trust a site that requires an installer app. The most trusted rep for windows used to be http://www.tucows.com/download...

Re:Download.com

[Toad-san]

And the damned proprietary executable they require you to download and install, just to then download the program or file you actually want.

I don't go to download.com, a pox on them and all their houses.

Re:Download.com

It used to not require anything. Just a Web browser.

These days, what is a trusted repo for Windows? MS's store is great for Metro/Windows Runtime apps, but for most applications, it requires downloading it (usually in a VM for safety reasons), checking the Authenticode signature to see the date and who actually signed the file, running the executable against VirusTotal (assuming it is small enough to upload), then checking the hash on a search engine to be safe.

Windows needs a trusted repo, but my fear is that if one does get made by MS, subsequent Windows versions might block downloading executables from anything else but there.

Your news is out of date

(Download) [Download Full version News] {Download Complete News} !Download News Now! (Play Full News episode) [Play News part 1]

Hopefully that include fake FBI warnings

[shaitand]

These things are annoying.

Re:Hopefully that include fake FBI warnings

[Coren22]

Such as the ones at the beginning of DVD/Blurays?

Re:Hopefully that include fake FBI warnings

[shaitand]

I was referring to the annoying ones that try to block being closed and ask for money to pay a fine but if google can save me the trouble of having to remove the DVD/Bluray ones myself that would be nice too.

Gee thanks

1998 called and wanted to let you know that this is a really good idea. Also, Ad Block 4 life.

Microsoft Windows strikes again ..

[tetraverse]

"Google says it will go to war against the fake 'download' and 'play' buttons that attempt to deceive users on file-sharing and other popular sites."

can they expand this to GWX malware?

[swschrad]

"You have attempted to use Google on a known spyware system. Your machine will now reboot."

put it into ad services, too.

thanks.

Re:can they expand this to GWX malware?

[omnichad]

Microsoft already reboots my computer enough without my permission. I don't want Google doing it too.

Re:can they expand this to GWX malware?

I've heard the conspiracy theory that Windows 10 is actually third-party malware. The authors went as far as hacking microsoft.com with fake information that paints Windows 10 as the next legitimate Windows version, and blackmailing the highest levels of Microsoft management to keep the disinformation in place.

Not Complete Yet

Obviously not done yet. Browsing as AC shows an ad at the bottom: "You have (1) message!" with a "Click to Open" button.

Classic google

[hyperar]

Why don't you start with your own mobile advertising platform?

Nope

[DogDude]

Nope, never going to see ads from ANY ad network. If a web site wants to show me ads, they can do it from their own domain.

Re:Nope

[freeze128]

This is probably the reason why Google is doing this. They realize that more and more people are using ad blockers because of fake download buttons and malware serving ads. As an ad provider themselves, Google is doing this to help their bottom line. It will also help the bottom line of other advertisers, and also help to bring a little bit of trust back to the advertisers.

Re:Nope

[Myen]

But they're not blocking those advertisers from their advertising network; they blocking it from the browser end. Yes, that means Chrome can block a web site for not manually filtering ads being provided by Google.

Excellent.

[fuzzyfuzzyfungus]

This should be quite a bloodbath; but the satisfying kind of bloodbath, where the guilty are cut down in swaths.

Re:Excellent.

Someone's been watching Game of Thrones a bit much, maybe?

They need to concentrate on

[mandark1967]

blocking the fake "submitted by timothy" links on Slashdot

Oh wait...there'd just be a blank page left. NM.

Re:They need to concentrate on

[sims+2]

Actually since I started complaining about it today http://it.slashdot.org/comment... There has been two posts by Yaelk.

Still it would be a very short page.

Force sites to do it themselves

[goombah99]

Sites want to get indexed by google. If a site hosts ads that have bullshit Deceptive practices google can downrank them. Google doesn't have to be 100% effective. Even a crude system for spotting these is going to turn up hits if a site isn't blocking these kinds of adertisers. And so on. If a site doesn't do it's own ads but instead hosts ads from and advertising aggregator and they do this bullshit then the site will drop them to stay in google's good graces.

And so all google has to do is scan adds that show up in content providers and then punish them. so it's top down.

They can also try to go bottoms up, and seek out companies that do these kinds of ads but that's going to be impossible to block unless they are actually hosting the page. However that's not completely nuts. companies like Opera and Amazon who offer compression and caching of web pages in their browsers do have the capacity to edit the webpage to remove content from ad agencies they deem to be scum.

  Does google do that for android mobile? (I have no idea). But apple is talking about ad blocking. And thrid parties like ad block plus have the capability to erase ads from nasty advertisers.

Once these technologies start denting revenue and page views those ads will dry up by themselves.

Analyze the image once, block it 10 million times

[raymorris]

That same green "play button" image is displayed millions of times per day, linking to the same URL. They only need to check it once to discover that it's bogus. Then Chrome can block it for all Chrome users who see that image linked to that URL.

That does involve communicating something about the block list between Chrome and Google's blacklist server. Hopefully they get that part right. The right way will probably involve communicating a strong hash of the two URLs rather than the URLs themselves.

Download Now

[goombah99]

|\
|--\
|----\ Click to start
|----/ DOWNLOAD
|--/
|/

Re:Download Now

[thegarbz]

Your link is broken.

Oh They Noticed?

[American+AC+in+Paris]

I feel like Google deserves a big ol' Apple-style "Finally" dropped in this headline, tho

Google needs to look at itself!!

[GSMacLean]

I run a site that offers downloads of files. I have advertising on that site. A large number of those ads, obviously context-sensitive, display fake "Download" buttons on them.

Guess who is my ad provider? Google AdSense.

Google, heal thyself.

Re:Google needs to look at itself!!

Well, have you complained about them? Unless something's changed, Google actually responds pretty well to feedback from adsense partners about abusive ads.

Re:Google needs to look at itself!!

[WoTG]

It's a bottomless pit. I've personally banned hundreds of advertisers with crap "download" banner ads - I suspect they're automatically created AdWords accounts, or some variant of dirt cheap labour.

I want the ad revenue, but not at the expense of my visitors getting mislead - that's bad for the sales side of my website.

Come to think of it, it's been about a month since I did a purge in my AdSense account... I'd probably be shocked and appalled at the new batch of crap ads...

OCR that shit

[dargaud]

Something that should have been done years ago:

• Grab a 1st version of the page with the usual google user-agent
• Grab the same page with an innocuous and most common user-agent
• Render that 2nd page in common browser engines (MSIE, Firefox...), including images
• Screen-grab it
• OCR the result (including the images in case there's text on them)
• Compare the OCRed text with the original
• If there's too much difference, lower the pagerank

This would solve problems of white-on-white text, text in images, pages different for robots than for us mortals, shit JS, etc...

Now you can also block any site you want

or specific sites in specific regions, by just claiming there's a fake download-button on there. People will believe it, because when the browser says so then it appears authoritative. It's particularly convenient for Google who has the biggest browser share with Chrome.

this is priceless..

half the fucking internet delisted from google.... because THEIR OWN FUCKING ADS are a primary source of this fake download bullshit... not only on sites using their ad networks, but also GOOGLES OWN RESULT PAGES have ads with misleading bogus malware infested download pages.

google... clean up your own fucking house before you try to clean up the rest of the internet.

Re: this is priceless..

[phorm]

It doesn't matter the page, it's the Ad Network that needs cleaning

But Google sends me false warnings themselves.

[Mal-2]

Every time I try to use YouTube or Google Drive through the latest and greatest Pale Moon, I am greeted with a page (or a ribbon in the case of Drive) telling me my browser is no longer supported and that I need to use the latest version. Umm, this is the latest version. When I choose to go through anyhow, everything works just fine.

They could afford to start a bit closer to home.

How many years for google to notice scammers?

[shanen]

New subject question about how long, the answer is "The google don't care, just like the honey badger." Or you could reword it in terms of the google's new motto: "All your attention are belong to us."

However, the post by OverlordQ that I'm responding to said:

Some sites get ridiculous with that.

No, it is NOT the websites or even the app, though there are things an app developer can do that can make it easier or harder for scammers to use that sort of misleading ad. The REAL problem is that the google don't care about scams or the victims thereof. The only concern of the google is MONEY. These days that is driving them to ever nastier exploitations of our private information, but it does NOT have to be that way.

For example of a possible constructive solution:

Add a "Business model" or "Financials" tab in Google Play. Let the developer explain how the money works, most often by selecting one of the more common options. Then the google would add a secure comment about the evidence.

No, this would not eliminate all scams, but it would let us make better choices AGAINST scammy the business models. Again, details available upon polite request.

Oh yeah and by the way, I've been trying to call the google's attention to these sorts of scams for some years, but it's just one of a LONG list of google-supported scams. With great power the google accepts NO responsibility.

Too bad it's probably browser-only

[dingleberrie]

Can they get Microsoft to stop trying to trick me into downloading Windows 10?

So far, I've run the programs to strip those notifications and updates from my system, but Microsoft keeps getting trickier.

Hope they also include...

[ioev]

banners showing next/previous navigation buttons. Been caught by these too.