Google Admits That Google.com Is Partially Dangerous (eweek.com)

← Back to Stories (view on slashdot.org)

Google Admits That Google.com Is Partially Dangerous (eweek.com)

Posted by BeauHD on Tuesday April 19, 2016 @03:32PM from the irony-at-its-best dept.

darthcamaro writes: For over a decade, Google's Safe Browsing technology has helped to alert users to dangerous sites, where malware and phishing exploits can be found. Apparently, one of those unsafe sites is none other than Google.com itself.

According to eWeek, "Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of Google.com (and the sites linked in its index), 'Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).'"

39 of 100 comments (clear)

Min score:

Reason:

Sort:

Re: No shit... by Anonymous Coward · 2016-04-19 15:48 · Score: 1

Yeah probably better of on reddit.com/r/mildlyinteresting
Flash included under very long if statement by gQuigs · 2016-04-19 15:50 · Score: 1

Anyone know why they might call Flash on Google.com? (View the source and search)
1. Re:Flash included under very long if statement by FatdogHaiku · 2016-04-19 16:12 · Score: 1
  
  Anyone know why they might call Flash on Google.com? (View the source and search)
  Because Flash bakes the best cookies?
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Be afraid, and look at our ads by Cyphase · 2016-04-19 15:54 · Score: 2

"Coming up on News at 11: Google has released a report saying that Google.com.. could be dangerous? What does this mean? What do you need to do to stay safe? Tune in and watch through the entire hour and all the commercials, so we can give you the 90-second over-hyped package at the very end."

--
by Cyphase ( 907627 )
The real shocker by EEPROMS · 2016-04-19 16:17 · Score: 5, Insightful

is that a US billion dollar corporation is being honest for a change and applying the same rules to themselves as others.
1. Re:The real shocker by KGIII · 2016-04-19 21:49 · Score: 1
  
  How about this very subject until they just recently changed it? I should think that would be an adequate example of one such instance, yes?
  
  --
  "So long and thanks for all the fish."
2. Re:The real shocker by AvitarX · 2016-04-20 01:23 · Score: 1
  
  They cheated with their placement at some point in the past.
  I think it was favoring their own ads or some such.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
3. Re:The real shocker by shawn2772 · 2016-04-20 02:17 · Score: 1
  
  They cheated with their placement at some point in the past.
  I think it was favoring their own ads or some such.
  No, the argument was that they shouldn't be advertising their own services on Google search at all, or else should artificially boost competitors' ads. Google's response was that their self-promotion ads on Google search were selected for a particular search results based on exactly the same relevance and quality ranking algorithms used for everything else. In other words, that they applied precisely the same rules to their ads as everyone else's.
  So, unless your argument is that they were lying, this is another example of Google applying their rules consistently, including to themselves.
4. Re:The real shocker by shawn2772 · 2016-04-20 02:18 · Score: 1
  
  How about this very subject until they just recently changed it? I should think that would be an adequate example of one such instance, yes?
  Are you saying Google once claimed that all of their search results were perfectly safe to click on? I don't think I understand what you mean. Could you elaborate?
Viruses just get easier and easier to get by GoodNewsJimDotCom · 2016-04-19 16:18 · Score: 2

I once got a virus from an immitation poker site link. I didn't download an executable. All I did was click a link to what I thought was a popular poker site on one of the top hits. If I recall correctly, firefox crashed and then I had to reinstall windows. Since then, I browse the web on windows as little as possible.

--
God spoke to me
1. Re:Viruses just get easier and easier to get by vlad30 · 2016-04-19 17:14 · Score: 2
  
  Since then, I browse the web on windows as little as possible.
  This has been my philosophy always, additionally block ads and disabled flash and javascript only opening them up when needed. Here we can blame poor coders and site owners if they didn't abuse ads and vetted them so that there site had acceptable ads we would not have ad blockers.
  Just a comparison many years ago TV and newspapers didn't accept ads that were annoying or unacceptable. now they do additionally they increased the ad rate on tv from 12 to 18 mins per hour and newspapers often have articles that are essentially ads for companies same goes for many "news stories" on tv. video rentals and sales increased because of it and now people have moved to streaming and downloading
  
  --
  Your'e all thinking it, I just said it for you
2. Re:Viruses just get easier and easier to get by Anonymous Coward · 2016-04-19 19:08 · Score: 2, Interesting
  
  Is there a solution?
  It seems like browsing the web 'safely' these days involves:
  - Constantly making sure my browser is up to date.
  - Installing a JavaScript blocker and making sure it's always up to date.
  - Installing flash and advertisement blockers and making sure they're always up to date.
  - Running my browser from within a virtual machine that is restored to a previous 'safe' snapshot.
  - Isolating my VM traffic through a separate anonymizing VPN service.
  I'm sure this isn't exhaustive and there are other things one should be doing (please tell us!).
  I have been told that it is now possible to break out of many Virtual Machines and that even if you use a live, non writable DVD to boot from you may still be able to get infected with some kind of a UEFI root kit. So even if I am doing all of the above and making browsing a pretty unpleasant experience anyway, I'm still vulnerable to infection.
  How is any normal person expected to browse the web securely. :/
3. Re:Viruses just get easier and easier to get by KGIII · 2016-04-19 22:03 · Score: 3, Informative
  
  Just install uMatrix and be done with it. It will take a little while to figure out how to use it and you build up your whitelist as you go. Just keep your settings files backed up and reasonably current and you can use them across multiple computers and multiple browsers. Block everything you don't need. I may refresh a screen a dozen or so times before I get the settings for that site right but it's always the least permissions and I only have to do it for that site once. It's amazing how many sites I don't even bother with doing it for them at all.
  I may not have full functionality but I'm only going to visit that news site once - I don't need to have their dynamic content of their latest weather updates loaded in the upper left, a dozen trackers in the bottom, an optimizely script to make sure I get the correct display on a mobile, or anything like that. If I want a script to run then I enable it and refresh. I generally don't want it to run. If I do then I want it and only it to run. I also want it to be selective between sites. (Things a hosts file can't do.)
  So, I use uMatrix and get along just fine. It took a little while to figure out how it works. I then figured out that I should save the results. (It's just a single click.) I then realized that exporting them was possible and a good idea - I use multiple computers. I then realized that I could load even fewer things. I then realized it had a way to set the defaults if I wanted to enable them - so I let CSS and straight images (no scripts) display.
  I've yet to have to enable a third party cookie, for example, on *any* site for *any* functionality. If a site wants to load too many things then I just don't bother - I've a limit to what I'll allow for code to run on my computer. It's mine. I control it. I say no.
  It's really just an easier way to practice safe hex. It's what you should be doing anyhow. I don't have to go through all of the things you're doing. I don't need to use a VM. I don't have to worry about infections if code doesn't run. I let first party stuff load by default. That's it. I often won't allow any third party content at all. That's how you get nasties... I don't want nasties. There is no content so meaningful that I am going to enable people who aren't me to run random things on my computer. There's no site worth it.
  I'm building out a site right now - actually in another tab. There is third party content. Every bit of it is optional and the site retains full functionality without it. There's no need to enable any active scripting, of any type, to make full use of the site. You can even use it just fine in Lynx.
  By the way, if you're using Windows there's a really neat browser you can try. It's called OffByOne. It doesn't do much except browse pages. There's no scripting allowed. None. There's no way to make it work, last time I used it.
  
  --
  "So long and thanks for all the fish."
Re:No shit... by Anonymous Coward · 2016-04-19 17:04 · Score: 1

The headlines should say: "Google admits that idiots are idiots. Downloading malware gets your computer infected with malware."
Seriously, though. When did "we" ever think Google was fully sanitizing its results?
Re: No shit... by Hylandr · 2016-04-19 17:16 · Score: 1

Slashdot is rapidly becoming indistinguishable from 4chan.

--
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
Re:No shit... by Austerity+Empowers · 2016-04-19 17:54 · Score: 2

I can also get access to illegal activities. Google.com is part of a criminal conspiracy!
Re:No shit... by Anonymous Coward · 2016-04-19 18:07 · Score: 1

It's not the millennials that are to blame, it's the fucking parents that raised them. I hate myself every day for being a millennial, but I've done my best to minimize my millennialism's negative impact on the people around me. I've tried to reverse engineer what it's like to be a normal person.
Everyone send this to Dianne Feinstein by kheldan · 2016-04-19 18:33 · Score: 4, Funny

So she can author a Senate bill to outlaw Google.

--
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
1. Re:Everyone send this to Dianne Feinstein by KGIII · 2016-04-19 22:10 · Score: 2
  
  Now, now... This is a matter of great importance and involves national security. We need to ensure the safety of the citizens. Surely then, this must be a bipartisan bill?
  On an actually serious note, can you imagine if they tried to write a law that made *all* types of malware illegal? You'd end up with something that said something along the lines of; "Causing any unwanted or unexpected behavior." Half the people would be cheering for this. The other half would be trying to figure out how to get their least favorite OS vendors arrested.
  
  --
  "So long and thanks for all the fish."
Google to blame for Microsoft Windows malware? by khz6955 · 2016-04-19 18:41 · Score: 1

"Attackers on this site might try to trick you to download software or steal your information"

Come on slashdot, what was the name of the desktop operating System required to promulgate this dangerous Google malware. Wouldn't it be simpler for google not not warn people about this Windows Malware?
Re:No shit... by Anonymous Coward · 2016-04-19 18:50 · Score: 4, Insightful

Much as *I* hate myself for being a gen-x waste of space and watching my contemporaries raising monumentally self-absorbed children who end up on tumblr and reddit complaining about trivial bullshit, I still believe that you have to grow up at some point and take personal responsibility.
My mother was the first in her family to get to go to university. My grandfather got shot at by German occupiers as a profession and his dad died in a ditch in France doing the same. Every generation has different issues to deal with and every generation should stop pretending that their own particular cross to bear is so much worse than every other.
But good on you for trying to be a decent human being. At the end of the day, that's all we can really expect from people.
This is news? by LordWabbit2 · 2016-04-19 19:58 · Score: 4, Insightful

Google may have indexed bad sites and not realized it. News at 11.

--
There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
1. Re:This is news? by Luthair · 2016-04-20 00:30 · Score: 1
  
  eweek is a dead giveaway for trash.
2. Re:This is news? by shawn2772 · 2016-04-20 02:19 · Score: 1
  
  Google may have indexed bad sites and not realized it. News at 11.
  Where do you get the idea they didn't realize it?
3. Re:This is news? by Dutch+Gun · 2016-04-20 05:29 · Score: 1
  
  Because when they do realize it, they block the site and warn the user?
  Google has every incentive to make the web as safe an experience as possible for its users. Without those users coming to use their services by the hundreds of millions, they don't generate all that ad revenue. There's no profit in intentionally allowing a user to become infected by a bad site.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
4. Re:This is news? by shawn2772 · 2016-04-20 06:55 · Score: 1
  
  Because when they do realize it, they block the site and warn the user?
  Google has every incentive to make the web as safe an experience as possible for its users. Without those users coming to use their services by the hundreds of millions, they don't generate all that ad revenue. There's no profit in intentionally allowing a user to become infected by a bad site.
  I suppose I wasn't clear. I meant that Google always knew that it indexed malicious sites, and knows that it always will index malicious sites. Google tries to identify and block them, but that will always be best-effort, never a guarantee. Maybe that's what the OP was saying, too, but the way he said it made it sound like Google believed the index was clean at some point.
5. Re:This is news? by Dutch+Gun · 2016-04-20 09:11 · Score: 1
  
  Ah, yeah, I misunderstood, and see what you're getting at now.
  Of course, I would sort of had figured it was somewhat self-evident, since Google attempts to index the entire web, and I'd imagine most people at Google thought the same thing. Naturally some of those will be malicious by nature. Another poster elsewhere made the analogy that some of the phone numbers in the phone book would undoubtedly put you in touch with some very bad / dangerous people, and it seemed a reasonable comparison, at least as analogies go.
  As a side note, I thought it was sort of weird how someone with a Google+ tag would accuse Google of deliberately sending users to malicious sites... but then again, this is slashdot.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
6. Re:This is news? by shawn2772 · 2016-04-20 09:29 · Score: 1
  
  My fault for being terse.
  
  I thought it was sort of weird how someone with a Google+ tag would accuse Google of deliberately sending users to malicious sites
  Heh, and a Google employee as well (aside: I started using the G+ login to slashdot a while ago when slashdot was temporarily broken and for some reason wouldn't accept my old login. Clicking the "log in with G+" button was super easy, so I did it. I have a much longer posting history, and much lower UID, as "swillden").
Re:No shit... by KGIII · 2016-04-19 21:27 · Score: 4, Interesting

By we, you mean us on Slashdot, right? Well, I'd like to say that "we" never did any such thing because "we" are not retarded. However... There are a few people who do post here who may very well have thought that at some point in the past or think that today.
That is not a slight against you personally. I haven't a clue who you are, you're just "some AC" who may or may not be retarded. I'll give you, personally, the benefit of doubt but that's increasingly difficult with ACs and even some fairly frequent poster.
If you look at my UID number then you'll see that I've been here for a minute. I used to give ACs the benefit of doubt and I usually try to do so still but it has reached the point where I'll oftentimes just delete the reply notification if it is from an AC. I don't know if ACs have collectively gotten worse or if I've just become less patient. There are also some really stupid people who have accounts. I can mentally filter them out more easily as I notice names when I read the threads.
So, as much as I'd like to say that we're not stupid enough to think that sort of thing here on Slashdot, we're not that bright. When I joined Slashdot, I actually joined and kept my mouth shut for a long time - this was way back with my first account that I've long since forgotten the name of. I registered but didn't say much for a very long time because I was too busy enjoying reading the smart people's posts.
I'd like to say that we were better then but that's not actually true. I was just dumber then. See, I've gone back and read a lot of those old threads and we've always had stupid people.
I don't really know where I'm going (and I didn't when I started) with this post but I'm basically trying to say that I'd be a liar if I said I didn't think someone here was stupid enough to believe it. Sure, they're not going to acknowledge it now that they've seen this but there's surely at least one person (perhaps they're just unfamiliar with it and not stupid) who believes that Google actually makes a true good-faith effort to clean their links of malware, copyrighted material, and other undesirable information. Someone here believes that Google has people, or software - but probably believes it's people who double check the software results, that actually check for malware.
How many times have you come across Google-cloaking, or whatever they're calling it now? When you see a search engine result, click the page, and the page doesn't actually say anything even remotely like what the search engine result says? Yeah, Google also claims they remove them from their search engine - or claimed that they were going to do so. I seem to recall they said they *still* do so, don't quote me on it. But, see Forbes... If you check a Forbes link at Google, you'll see they cache something different than they display to the Google web crawler/bot. Hell, one of the popular help forums, before the advent of StackExchange, used to get prominent rankings but displayed different content to Google than it displayed to the users. Yet, they stayed high in the ranking for years.
No, no... I don't trust Google to do anything more than they absolutely have to. No, I don't trust Google to have my interest at heart. I don't trust Google to protect me. I don't trust their "don't be evil" slogan and I seem to recall they've actually gone so far as to remove that.
But someone, even someone here, certainly believes that they do all those things and more. It could be stupidity or they could just not yet know better because nobody has told them and they've not come across it. If there's something so stupid that nobody could possibly believe it, in your opinion, there's almost certainly at least one person on Slashdot who not only believes it but will argue about it. No stupidity is too great or too small for a Slashdotter to not believe it.
It's at this time that I'll be humble and point out that I am actually a Slashdotter too. Chances are good that there's something stupid that I'm completely certain about.

--
"So long and thanks for all the fish."
Re:Do No Evil by phishybongwaters · 2016-04-19 22:41 · Score: 2

Well see, you have to at least be realistic about the position google is in. Yes, some asshat at some point decided that "do no evil" would be a smart motto. But look at this situation right here, a hypothetical. Google decides to censor content from search results to remove malware and such. Google immediately becomes "evil" because they are censoring.... something and that's a violation of my whatever. Or, Google doesn't censor the results, and immediately becomes evil because "google gave me a virus!". Google can be as transparent as possible when it comes to your data "It's not yours" but still, they are the big evil monster. No, no they clearly are not, a big ugly monster would run around screaming to anyone within earshot "I'm protecting your rights, I won't cave" while caving, 100% and giving your data up. Google is as evil as people that are stupid enough to not understand the terms they agreed to.
This blows away openbid dangerous ads by Anonymous Coward · 2016-04-19 23:02 · Score: 1

APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...
Less power/cpu/ram + IO use + complexity vs. local DNS servers, routers & antivirus w/ less security issues. Compliments firewalls (no layered filtering drivers firewalls use blocking less used IP addys, hosts block more used hostnames) & DNS (lightens server load too). Antivirus = reactive. Hosts = proactive, blocking infection BEFORE it hits you. Gets data via 10 security sites.
(Works vs. HTTP PUSH servers in Chrome w/ firewalls)
Safe https://www.virustotal.com/en/...
(Verified by Mr. S. Burn of Malwarebytes: "I've seen the code & yes it's safe" http://forum.hosts-file.net/vi... )
* See subject...
APK
P.S. - Hosts gain speed (hardcodes + adblocks), security (vs. bad sites/dns security issues), reliability (vs. downed/poisoned dns), & anonymity (dns requestlogs/trackers) vs. other solutions w/ what you natively have. Hosts != blockable by ClarityRay/BlockIQ like Adblock/UBlock/Ghostery
1. Re:This blows away openbid dangerous ads by omnichad · 2016-04-20 01:40 · Score: 1
  
  Does nothing for Windows 10 data reporting - they don't use DNS or HOSTS.
Really? by argStyopa · 2016-04-20 00:06 · Score: 4, Insightful

This sounds about as intrinsically dangerous as a phone book: some of the numbers enclosed may connect you to criminals and naughty people.

--
-Styopa
mostly dead is still partly alive by Pseudonymous+Powers · 2016-04-20 01:53 · Score: 1

It's absurd to say something is "partially dangerous". A rattlesnake is only partially dangerous: the dangerous part is the fangs. Even a hand grenade has a pin and stuff, so even it's only partially dangerous.
More Accurate Title by Mandatory+Default · 2016-04-20 04:03 · Score: 1

"Google Admits that Google.com Contains Links"
In a surprisingly candid revelation today, Google admitted that their spidering engines are actually intended to find links to web sites and that these links will be shown on Google.com.
Re:This stops malicious links & FAR more threa by JazzLad · 2016-04-20 04:30 · Score: 1

Hi APK,

This is what causes people to disparage you. I'm one of the (seemingly rare) people that missed your posts (well, some of them ;-) ), but posting the same thing over and over really doesn't benefit the conversation. I get that it is your style (ironic though it is), but I have things in my style that I leave off Slashdot.

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid, but it only applies to Windows (please correct me if I am wrong) PCs, so it isn't really a '1-size fits all, all other methods be damned' solution. At the risk of inflating his ego, as KGIII says, security is a process, not an application. There's nothing wrong with a multi-pronged approach (and, in fact, it's typically better).

So, listen or don't, you're free to do largely as you wish, but I think you'd be more successful if you advocated your solution as a component of good security vis-à-vis ad/malvertising, rather than the only option.

--
"If you have nothing to hide, you have nothing to fear." - Every fascist, ever
Make them different letters in the Alphabet by tepples · 2016-04-20 05:22 · Score: 1

Perhaps the complaint is that Google isn't quite up-front about this wall of separation. One solution might be to split search and other services into separate businesses within Alphabet.
1. Re:Make them different letters in the Alphabet by shawn2772 · 2016-04-20 06:57 · Score: 1
  
  Perhaps the complaint is that Google isn't quite up-front about this wall of separation.
  It seems to me that Google is quite up-front about it. If there's an issue it's just that people don't want to believe it. I'm not sure moving pieces of the business out of the Google company to separate Alphabet companies would help with that.
Re:No shit... by doccus · 2016-04-21 09:07 · Score: 1

"I don't trust their "don't be evil" slogan and I seem to recall they've actually gone so far as to remove that." ..well.. of course being evil they could just keep it and lie right through their face.. but there must still be a spark of godness left in them to account for their taking it down. Because, of course, yes.. they've gone over to "the dark side"
"Join me, Luke" Come over to the dark side: " (Labored mechanical breathing) "Come over to..."ALPHABET!"
"Sorry pops".. "that sounds even creepier than the dark side of the force" "Can't I.. you know.. just get a little bit of 'the force'"
"You disappoint me, Luke" "(Hsshshhssh More mechanical breathing)" "By now everybody would have (Hshsshh hsshsshh) switched to Alphabet"
Cmon.. Pop.. don't be evil, OK?"
(Long silent pause)
Throws down mask.. (Perfect breathing, suddenly!)
" OK! What the heck! I didn't like being evil anyways!"
"Let's go, pops' Oh, BTW, better kill the emperor.."
"OK" (Slice. Aaaaargh! Glop!)