Network News

X My Profile
View More Activity

Google to Warn of 'Badware' Sites

Google said today that it has started warning Web surfers when they click on search results that may lead to sites that try to install spyware or adware on their computers.


If you do a Google search for "Asta-Killer," for example, then click on any of the top links that show up, Google will present you with a page that says "Warning -- the site you are about to visit may harm your computer!" Users are then given the option to continue to the site in question or find out more about the warning at StopBadware.org, By the way, that site does indeed throw a kitchen sink full of junk at your browser, so you're probably better off heeding the warning.

Turns out there isn't any information that I could find at StopBadware.org about why Google blocked that particular site (or any others that it blocked in my testing), but this strikes me as a good (if long overdue) first step for the world's largest search company.

I'd like to see Google eventually offer more information about what exactly these malicious sites try to do to visitors. A free browser add-on from McAfee's SiteAdvisor service will give users tons of information about why it has flagged a site as dangerous or suspicious, and I have it installed on most of the machines I use for Web browsing.

Oddly enough, SiteAdvisor does not yet have an opinion about the first result that turns up under the Asta-Killer Google search, though I imagine that its automated Web-trolling robots will produce a report about it at some point.

By Brian Krebs  |  August 4, 2006; 4:36 PM ET
 
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: At Least 12 Patches from Microsoft Next Week
Next: DefCon Delays Can't Stop the Madness

Comments

I agree, this is a great thing.

However, it will be interesting to see how this evolves, especially when Google advertisers are the ones with the "badware". Will Google be giving this same warning for spyware and adware sites that are paying Google ad revenue?

Or will "badware" sites be able to buy favoritism by paying off Google through ad revenue.

Posted by: IsAllFair | August 4, 2006 4:53 PM | Report abuse

Brian,

SiteAdvisor actually does have a detailed report on Asta-killer /dot/ com -- including the specific spyware it installs and the specific bad sites it links to. See http://www.siteadvisor.com/sites/asta-killer.com .

What you probably noticed was that Google's new "warning' interstitial interferes with SiteAdvisor's SafeSearch markup. SiteAdvisor's SafeSearch has to figure out what site a given Google link links to. Usually that's easy -- just look at the link. But these "warning" links don't actually link to the ultimate site; instead they link to Google's interstitial page. SiteAdvisor SafeSearch is smart enough to know something is wrong -- that Google.com isn't the result site. But SafeSearch can't quite figure out what site is being rated here, so it can't show an appropriate rating.

The upshot? It's standard for search engines to change their result pages from time to time, and SiteAdvisor SafeSearch always gets updated promptly in response. I've already passed this on to the right folks, so they can investigate and make the necessary tweak.

Posted by: Ben Edelman | August 4, 2006 5:07 PM | Report abuse

Brian:

Thanks so much for picking up this story. The process for StopBadware is that, after receiving a credible report of badware at a given URL, we do a first pass to verify the likelihood of badware on a site, at which point we put up a generic page describing what a user may find. Then, the site is put in a queue for a human review of whether there is in fact badware offered for download at the site in question. Once we've done a full review, and QAed it, then we will post a more specific page in place of the generic one to tell users about what we found and to make a recommendation to the host of the site as to what we think they ought to do if they care to get themselves out of what we consider to be the badware category. You'll find more and more of these specific pages over the coming weeks; right now, we're only partway through the list of URLs that we've initially collected. We encourage user participation in the StopBadware site, which is very much meant to be a neighborhood watch where we all work together toward a safer, more secure Internet.

-John Palfrey

Posted by: John Palfrey | August 4, 2006 10:29 PM | Report abuse

The domain name www.antibadware.com for sale

999 euros

Posted by: gabriel | August 5, 2006 4:13 PM | Report abuse

It will be very interesting to learn what to avoid before I click.

Just in case I stumble onto a 'bad' site I protect myself in three ways:

OS X, the free Firefox browser, and the free FireFox extension called NoScript all stay current automatically.

NoScript is whitelist-based filter that prevents all javascript, java and other plugins from activation within pages I browse - unless I approve it. When I don't, most pages behave to my satisfaction anyway. It operates on a 2nd-level domain basis.

Firefox is also available for Windows.

I'm not having any problems.

Those using OS X and the standard Apple Safari browser, who have yet to discover Firefox and its many extensions available for free, are having fewer, if any, problems than I - provided they exercise common sense and avoid being promiscuous with their browsing and other data.

When average Mac users take risks such as visiting sites Google will warn us about, chances are no harm will come to their computer or local data - although those days may seem numbered.

What is still interesting is that the number of exploits against Macs can be counted on two hands - and all but one of those were fixed by Apple BEFORE they were released 'in the wild' - provided the Mac user stays current with OS X. In other words, there are less than ten Mac exploits, and they only affect old versions of OS X.

Compare that with the hundreds of thousands of exploits against Windows, more and more each day.

I am affected by them when I use PCs at work (primarily because I do not have permission to do some of the work I am hired to do using those PCs) and when sites and portions of the internet I use are affected.

So I bring my MacBook to work.

Posted by: Bizzle | August 6, 2006 8:45 PM | Report abuse

Interesting to see Google make a token effort in this direction. And I think that it will be a big help stopping nuisance sites.
One question, Is the information database driven? It appears to me that serious threats (drive-by-downloads, malicious links in office docs) are more "hit and run" and might not be found by a database. Unfortunately they may be found as a result of a targeted search.
Either way its a step in the right direction. Thanks for the info!

Posted by: Newport | August 7, 2006 10:13 AM | Report abuse

I've been using McAfee's SiteAdvisor for awhile now and find it very useful. I'm glad to see the Grand Daddy of search-engines getting involved now. Just maybe this will help rid us all of these cretins once and for all.

Posted by: Mike | August 10, 2006 8:00 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company