Google Admits That Google.com Is Partially Dangerous

darthcamaro writes: For over a decade, Google's Safe Browsing technology has helped to alert users to dangerous sites, where malware and phishing exploits can be found. Apparently, one of those unsafe sites is none other than Google.com itself.

According to eWeek, "Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of Google.com (and the sites linked in its index), 'Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).'"

Be afraid, and look at our ads

[Cyphase]

"Coming up on News at 11: Google has released a report saying that Google.com.. could be dangerous? What does this mean? What do you need to do to stay safe? Tune in and watch through the entire hour and all the commercials, so we can give you the 90-second over-hyped package at the very end."

The real shocker

[EEPROMS]

is that a US billion dollar corporation is being honest for a change and applying the same rules to themselves as others.

Viruses just get easier and easier to get

[GoodNewsJimDotCom]

I once got a virus from an immitation poker site link. I didn't download an executable. All I did was click a link to what I thought was a popular poker site on one of the top hits. If I recall correctly, firefox crashed and then I had to reinstall windows. Since then, I browse the web on windows as little as possible.

Re:Viruses just get easier and easier to get

[vlad30]

Since then, I browse the web on windows as little as possible.

This has been my philosophy always, additionally block ads and disabled flash and javascript only opening them up when needed. Here we can blame poor coders and site owners if they didn't abuse ads and vetted them so that there site had acceptable ads we would not have ad blockers.

Just a comparison many years ago TV and newspapers didn't accept ads that were annoying or unacceptable. now they do additionally they increased the ad rate on tv from 12 to 18 mins per hour and newspapers often have articles that are essentially ads for companies same goes for many "news stories" on tv. video rentals and sales increased because of it and now people have moved to streaming and downloading

Re:Viruses just get easier and easier to get

Is there a solution?
It seems like browsing the web 'safely' these days involves:

- Constantly making sure my browser is up to date.
- Installing a JavaScript blocker and making sure it's always up to date.
- Installing flash and advertisement blockers and making sure they're always up to date.
- Running my browser from within a virtual machine that is restored to a previous 'safe' snapshot.
- Isolating my VM traffic through a separate anonymizing VPN service.

I'm sure this isn't exhaustive and there are other things one should be doing (please tell us!).

I have been told that it is now possible to break out of many Virtual Machines and that even if you use a live, non writable DVD to boot from you may still be able to get infected with some kind of a UEFI root kit. So even if I am doing all of the above and making browsing a pretty unpleasant experience anyway, I'm still vulnerable to infection.

How is any normal person expected to browse the web securely. :/

Re:Viruses just get easier and easier to get

[KGIII]

Just install uMatrix and be done with it. It will take a little while to figure out how to use it and you build up your whitelist as you go. Just keep your settings files backed up and reasonably current and you can use them across multiple computers and multiple browsers. Block everything you don't need. I may refresh a screen a dozen or so times before I get the settings for that site right but it's always the least permissions and I only have to do it for that site once. It's amazing how many sites I don't even bother with doing it for them at all.

I may not have full functionality but I'm only going to visit that news site once - I don't need to have their dynamic content of their latest weather updates loaded in the upper left, a dozen trackers in the bottom, an optimizely script to make sure I get the correct display on a mobile, or anything like that. If I want a script to run then I enable it and refresh. I generally don't want it to run. If I do then I want it and only it to run. I also want it to be selective between sites. (Things a hosts file can't do.)

So, I use uMatrix and get along just fine. It took a little while to figure out how it works. I then figured out that I should save the results. (It's just a single click.) I then realized that exporting them was possible and a good idea - I use multiple computers. I then realized that I could load even fewer things. I then realized it had a way to set the defaults if I wanted to enable them - so I let CSS and straight images (no scripts) display.

I've yet to have to enable a third party cookie, for example, on *any* site for *any* functionality. If a site wants to load too many things then I just don't bother - I've a limit to what I'll allow for code to run on my computer. It's mine. I control it. I say no.

It's really just an easier way to practice safe hex. It's what you should be doing anyhow. I don't have to go through all of the things you're doing. I don't need to use a VM. I don't have to worry about infections if code doesn't run. I let first party stuff load by default. That's it. I often won't allow any third party content at all. That's how you get nasties... I don't want nasties. There is no content so meaningful that I am going to enable people who aren't me to run random things on my computer. There's no site worth it.

I'm building out a site right now - actually in another tab. There is third party content. Every bit of it is optional and the site retains full functionality without it. There's no need to enable any active scripting, of any type, to make full use of the site. You can even use it just fine in Lynx.

By the way, if you're using Windows there's a really neat browser you can try. It's called OffByOne. It doesn't do much except browse pages. There's no scripting allowed. None. There's no way to make it work, last time I used it.

Re:No shit...

[Austerity+Empowers]

I can also get access to illegal activities. Google.com is part of a criminal conspiracy!

Everyone send this to Dianne Feinstein

[kheldan]

So she can author a Senate bill to outlaw Google.

Re:Everyone send this to Dianne Feinstein

[KGIII]

Now, now... This is a matter of great importance and involves national security. We need to ensure the safety of the citizens. Surely then, this must be a bipartisan bill?

On an actually serious note, can you imagine if they tried to write a law that made *all* types of malware illegal? You'd end up with something that said something along the lines of; "Causing any unwanted or unexpected behavior." Half the people would be cheering for this. The other half would be trying to figure out how to get their least favorite OS vendors arrested.

Re:No shit...

Much as *I* hate myself for being a gen-x waste of space and watching my contemporaries raising monumentally self-absorbed children who end up on tumblr and reddit complaining about trivial bullshit, I still believe that you have to grow up at some point and take personal responsibility.

My mother was the first in her family to get to go to university. My grandfather got shot at by German occupiers as a profession and his dad died in a ditch in France doing the same. Every generation has different issues to deal with and every generation should stop pretending that their own particular cross to bear is so much worse than every other.

But good on you for trying to be a decent human being. At the end of the day, that's all we can really expect from people.

This is news?

[LordWabbit2]

Google may have indexed bad sites and not realized it. News at 11.

Re:No shit...

[KGIII]

By we, you mean us on Slashdot, right? Well, I'd like to say that "we" never did any such thing because "we" are not retarded. However... There are a few people who do post here who may very well have thought that at some point in the past or think that today.

That is not a slight against you personally. I haven't a clue who you are, you're just "some AC" who may or may not be retarded. I'll give you, personally, the benefit of doubt but that's increasingly difficult with ACs and even some fairly frequent poster.

If you look at my UID number then you'll see that I've been here for a minute. I used to give ACs the benefit of doubt and I usually try to do so still but it has reached the point where I'll oftentimes just delete the reply notification if it is from an AC. I don't know if ACs have collectively gotten worse or if I've just become less patient. There are also some really stupid people who have accounts. I can mentally filter them out more easily as I notice names when I read the threads.

So, as much as I'd like to say that we're not stupid enough to think that sort of thing here on Slashdot, we're not that bright. When I joined Slashdot, I actually joined and kept my mouth shut for a long time - this was way back with my first account that I've long since forgotten the name of. I registered but didn't say much for a very long time because I was too busy enjoying reading the smart people's posts.

I'd like to say that we were better then but that's not actually true. I was just dumber then. See, I've gone back and read a lot of those old threads and we've always had stupid people.

I don't really know where I'm going (and I didn't when I started) with this post but I'm basically trying to say that I'd be a liar if I said I didn't think someone here was stupid enough to believe it. Sure, they're not going to acknowledge it now that they've seen this but there's surely at least one person (perhaps they're just unfamiliar with it and not stupid) who believes that Google actually makes a true good-faith effort to clean their links of malware, copyrighted material, and other undesirable information. Someone here believes that Google has people, or software - but probably believes it's people who double check the software results, that actually check for malware.

How many times have you come across Google-cloaking, or whatever they're calling it now? When you see a search engine result, click the page, and the page doesn't actually say anything even remotely like what the search engine result says? Yeah, Google also claims they remove them from their search engine - or claimed that they were going to do so. I seem to recall they said they *still* do so, don't quote me on it. But, see Forbes... If you check a Forbes link at Google, you'll see they cache something different than they display to the Google web crawler/bot. Hell, one of the popular help forums, before the advent of StackExchange, used to get prominent rankings but displayed different content to Google than it displayed to the users. Yet, they stayed high in the ranking for years.

No, no... I don't trust Google to do anything more than they absolutely have to. No, I don't trust Google to have my interest at heart. I don't trust Google to protect me. I don't trust their "don't be evil" slogan and I seem to recall they've actually gone so far as to remove that.

But someone, even someone here, certainly believes that they do all those things and more. It could be stupidity or they could just not yet know better because nobody has told them and they've not come across it. If there's something so stupid that nobody could possibly believe it, in your opinion, there's almost certainly at least one person on Slashdot who not only believes it but will argue about it. No stupidity is too great or too small for a Slashdotter to not believe it.

It's at this time that I'll be humble and point out that I am actually a Slashdotter too. Chances are good that there's something stupid that I'm completely certain about.

Re:Do No Evil

[phishybongwaters]

Well see, you have to at least be realistic about the position google is in. Yes, some asshat at some point decided that "do no evil" would be a smart motto. But look at this situation right here, a hypothetical. Google decides to censor content from search results to remove malware and such. Google immediately becomes "evil" because they are censoring.... something and that's a violation of my whatever. Or, Google doesn't censor the results, and immediately becomes evil because "google gave me a virus!". Google can be as transparent as possible when it comes to your data "It's not yours" but still, they are the big evil monster. No, no they clearly are not, a big ugly monster would run around screaming to anyone within earshot "I'm protecting your rights, I won't cave" while caving, 100% and giving your data up. Google is as evil as people that are stupid enough to not understand the terms they agreed to.

Really?

[argStyopa]

This sounds about as intrinsically dangerous as a phone book: some of the numbers enclosed may connect you to criminals and naughty people.