Google Warns Users About "Unsafe Sites" 163
Dynamoo writes "The BBC is reporting that Google will start to warn users about unsafe websites, in particular those that host spyware or have privacy implications. The technology to do this has been developed in partnership with StopBadware, and appears to be an alternative to the popular McAfee SiteAdvisor application. Perhaps this will help curtail slimeware ridden sites from peddling their wares. But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop."
Here's the Link (Score:5, Funny)
www.goatse.ru
Re:Here's the Link (Score:4, Insightful)
This will invite more unjust lawsuits (Score:5, Insightful)
Re:This will invite more unjust lawsuits (Score:3, Insightful)
To win this lawsuit, the malware providers are going to have to prove that they don't do exactly what Google says they do, which is going to be challenging.
Some borderline cases might slip through; I seem to recall Gatorsoft (maybe as Claria?) getting an exemption from some anti-spyware software/lists by claim
Re:This will invite more unjust lawsuits (Score:3, Informative)
> do exactly what Google says they do, which is going to be challenging.
The successful suits will come from sites (not malware "providers")that don't host any malware but were falsely accused of doing so.
Re:This will invite more unjust lawsuits (Score:2)
Re:This will invite more unjust lawsuits (Score:2)
I'm not saying it isn't a good idea or that Google shouldn't do it, just that there will be problems.
Re:This will invite more unjust lawsuits (Score:2)
Re:This will invite more unjust lawsuits (Score:2)
Re:This will invite more unjust lawsuits (Score:3, Interesting)
Re:This will invite more unjust lawsuits (Score:3, Insightful)
Is it software that reports individually identifiable tracking information? Any web page using Google Analytics, IMR Worldwide, Tacoda, or Overture is already doing that (as is the "Window
Re:This will invite more unjust lawsuits (Score:2)
Re:This will invite more unjust lawsuits (Score:2, Insightful)
What attributes, exactly, define malware? Some people suggest that malware is anything and everything that can't be 100% uninstalled. But many of Microsoft's OS packages fit that description (as does the "Windows Genuine Advantage" program.)
This is not a coincidence.
Re:This will invite more unjust lawsuits (Score:2)
Re:This will invite more unjust lawsuits (Score:3, Insightful)
And what about sites that sell malware as tangible goods, like anybody stocking Sony CDs?
I'm not terribly worried about these sites, for myself, as I'm pretty up on things. The real target would be the unsophisticated computer users (i.e. those who have several bots running on their computer and don't know it.)
What would be very useful is a Safe Mode button on browsers which turn off/on image viewing, flash, java, all plug-ins, etc. You'd need to reload, but if you are looking for text, the rest of th
Re:Just Grow Up and Respect Women (Score:3, Insightful)
Re:Just Grow Up and Respect Women (Score:3, Insightful)
I do spyware and antispyware testing all the time as part of my job. I go to sites with ActiveX installers or that exploit browser flaws and let a virtual machine become badly infected and then run various
Why not just stick them at the end of the search (Score:4, Insightful)
Re:Why not just stick them at the end of the searc (Score:4, Insightful)
But what if your site was somehow rated as "spyware-filled", when, in fact, it wasn't? Would you rather be flagged as dangerous, or would you rather be sent to the bottom? At least the flag can be ignored.
Re:Why not just stick them at the end of the searc (Score:2)
If Google reported my site as "spyware-filled" and it wasn't, I'd want Google to fix it. As long as they have a straightforward and reasonably quick process for dealing with false positives, I'd be glad if they moved spyware-filled sites to the bottom of the list, if not off the list altogether (perhaps by
Re:Why not just stick them at the end of the searc (Score:2)
Let's assume I have a commercial site. It normally comes up within the first two Google pages for a certain search. Suddenly, it doesn't come up even in the first three or four. Since it's my page, I could presumably craft a specific search to narrow things down. If I clicked on it and Google warned against spywar
Re:Why not just stick them at the end of the searc (Score:2)
And therein lies the problem. They're entitled to do this - but all references to free speech etc, they're making a statement that it is the intention of a site to harm. That's a material statement that could well have material damages associated.
Re:Why not just stick them at the end of the searc (Score:2)
Re:Why not just stick them at the end of the searc (Score:2)
Re:Why not just stick them at the end of the searc (Score:2, Interesting)
But they have a reputation to keep if they're going to keep vistors and ad-impressions. Showing integrity is one way to do that.
Google Desktop (Score:5, Insightful)
In my opinion it's like saying I am a risk because I have arms. Potentially I could strangle someone with them.
Re:Google Desktop (Score:5, Funny)
Yeah, as a Brit I always wondered why the US constitution had to explicitly give the right to wear T-shirts; over here we take that as a given.
Re:Google Desktop (Score:2)
I agree with GP. If something is a real risk to computer security, it is generally hacked within the first six months of popularity. I think that the mention of GDS in the writeup was a needless shot.
Re:Google Desktop (Score:2)
True, but this isn't actually the worst problem. :-) Things which are real risks to computer security not only get hacked once when they first become popular, they continue to be hacked over the years as new vulnerabilities are found.
Re:Google Desktop (Score:5, Funny)
Sincerely,
The Goverment.
Re:Google Desktop (Score:2)
Well if like a computer program your arms were only capable of doing what they were pre-programed to do then all your arms would do is strangle people, wouldn't they?
Crapware doesn't help you because its not programed to do that.
Many web sites are "unsafe" because (Score:2, Insightful)
but looking at the recent string of security holes in Firefox/Thunderbird shows that this is not particulary
safe either.
Why not fix the software and/or its default configuration so that it is safe to use?
Re:Many web sites are "unsafe" because (Score:5, Insightful)
That doesn't address sites that deliberately link people to executables that they delibrately download and run because they think they're about to see a 3D holographic movie of unicorns actually producing rainbows in the shape of guardian angel puppies protecting endangered species that are making jokes about the president.
The point is that if Google finds sites polluted by such malware - not just some plugin-abusing bit of blinking nonsense - then they're going to give you the heads up on the link. I think it's great - but it will just make the bad guys get involved in another hide-the-malware arms race.
Re:Many web sites are "unsafe" because (Score:2)
Re:Many web sites are "unsafe" because (Score:2, Insightful)
Why not require users to pass a course on safe computing before they have a license to use the internet?
Why not format the hard drive of every user who picks up a virus from a website, to teach them a lesson?
etc...
How about: Why not stop spouting rhetoric and attempt to deal with the malware/trojan situation (which will NEVER fully be solved by OS/browser security) in a realistic manner without the high-and-mighty attitude?
Re:Many web sites are "unsafe" because (Score:2)
Re:Many web sites are "unsafe" because (Score:2)
So what's Microsoft's excuse?
(Sorry, couldn't resist)
Rich
Re:Many web sites are "unsafe" because (Score:2)
And in business, the customer is all what matters.
Also, it is *not* possible to fix all the bugs.
Bugs are part and parcel of any software system, and the bigger the system is, the more bugs there will be.
One can do a reasonable amount of work in decreasing the bugs, but after a limit, the cost of quality goes up too high.
So, I also would have to agree with GP in this matter.
Also, a problem can be attacked from different angles.
This is just another security solution, wh
Google Dekstop isn't unsafe (Score:5, Insightful)
There's nothing wrong with people who are willing to voluntarily give up some measure of their own privacy in exchange for a service provided on that data -- I use Gmail for all of my e-mail, even to the point of forwarding multiple accounts into my gmail inbox, and don't think twice about the fact that somewhere, Google is reading and storing it.
The problem arises when people aren't informed their privacy is being tampered with...malicious web toolbars and cursor packages, Gator, etc. No anti-spyware application I've seen to date has detected Google Desktop (granted, I've only seen 3 machines that actually used GD) but that says something to me.
Re:Google Dekstop isn't unsafe (Score:2, Insightful)
Re:Google Dekstop isn't unsafe (Score:5, Insightful)
It piggy backs on other thigs that are useful..that is a significant difference
I can find you a of people (Score:2)
If so motivated I could find you at least 100 people that I know that would agree with that statement. They are not the smartest people not the kind that know what slashdot is, but they exist. They download whatever looks like it might make using the computer more fun, then they get confused when strange things start happening to their comptuer and they call me to fix it. I do, remove all fothe crap explain to them
Re:I can find you a of people (Score:2)
There is a fundamental difference between being sought out and piggy backing upon other "useful" software (someone wanted that screensaver etc)
Re:I can find you a of people (Score:2)
Re:I can find you a of people (Score:2)
My time is valuable,. i dont mind helping out, but I dont go a
Re:Google Dekstop isn't unsafe (Score:2)
I am now fully disclosing that I'm going to shoot you with a handgun. Don't worry, you'll be perfectly safe.
*BANG*
Re:Google Dekstop isn't unsafe (Score:2)
I'm only going to partially agree with you on that one.
When deciding to give up their privacy, people are going to weigh the benefit gained against the harm done (in theory). The question is, when your choices are limited and all of them require you to give up your privacy, what are you going to do?
Privacy (IMO) needs to be actively protected. We've
Re:Google Dekstop isn't unsafe (Score:2)
Given the choice between, say, sharing nothing with the Feds except the bare-minimum legally required data (bank statements and travel records, for instance) and sharing more detailed information (phone records, credit card purchases, etc) I would likely voluntarily share more information than absolutely necessary, just because I'm a helpful guy like
Re:Google Dekstop isn't unsafe (Score:2)
Re:Google Dekstop isn't unsafe (Score:2)
That is very much a false dicotomy. Giving up privacy may well make no difference to real risks. Indeed given some of the questionable entities the US Government unconditionally
Re:Google Dekstop isn't unsafe (Score:2)
Poop (Score:3, Insightful)
Screen Savers (Score:2)
About Time (Score:5, Insightful)
Or even better still, read the Google cache of the site with all the bad stuff removed. That would be trick!
I'm sure my letter of commendation, along with Google stock options grant, is arriving any moment now.
Re:About Time (Score:3, Insightful)
Re:About Time (Score:2)
Re:About Time (Score:2)
So as you can see, he is saying it should be an option that you have to manually turn on.
Not enough.. (Score:2)
The real solution would be to completely remove these sites from the search results and sponsored links. They already remove plenty of sites they think are "spamming" the results, but they won't remove their bread and butter crapware from their sponsored links.
So long, and thanks for the FUD. (Score:3)
From the article:
Google confirmed to ZDNet UK that data was temporarily transported outside of businesses when the Search Across Computers feature was used, and that this represented "as much of a security risk as e-mail does."
And also...
Gartner has recommended that businesses use Google Desktop for Enterprise, as this allows systems administrators to centrally turn off the Search Across Computers feature, which it said should be "immediately disabled."
In other words, mostly harmless.
Conflict of interest? (Score:4, Insightful)
Fair enough, since I guess you can assume that Google wouldn't be actually creating malware on purpose. If you just single out those sites with the 1000 porn banners that try and install virii and spyware on your computer, Google won't have a problem. However, I think, the real problem for most users is not sites like that which are obviously dodgy, its the sites that look clean and professional that seem to have a legitimate purpose for their software, and often those proprietors are quick to try and play up their legitimacy. When Google marks them as "bad", you can expect lawsuits.
While I find that this may be a big plus for a search engine that can be percieved as impartial to software makers, as Google becomes a notable software maker itself, it may be an issue. It certainly could leave them vulnerable to the charge of conflict of interest as time goes on.
Re:Conflict of interest? (Score:4, Insightful)
While they're at it ... (Score:4, Insightful)
Better yet, consider standards compliance and accessibility when ranking pages.
If Google wants to use their position to police the Internet, why stop with Spyware. Test whether people have a secure browser and tell them when they don't:
"FYI, your version of IE is 3 years out of date. Please go here [microsoft.com] to upgrade it, or go here [mozilla.com] to replace it."
They could fix a lot of the problem right there.
Re:While they're at it ... (Score:2)
Google is in a dominent position they could force compliance with standards . People are chasing google. If they started ranking lower based on standards incompliance, people would quickly make their sites work right.
Re:While they're at it ... (Score:5, Interesting)
I mean, MSN Search [w3.org] does a better job of meeting the W3C's "standards" than Google does.
* When I clicked that link I got a validation check for google.co.jp, but google.com has the same "Optimized so it downloads better on my 2400 baud modem" approach to its source.
Re:The W3C is useless! (Score:2)
Re:The W3C is useless! (Score:2)
Re:While they're at it ... (Score:2)
The police have the authority to take actions on your actions. I.e your action: take a lady's purse, police action: cuff you and take you to the station.
With Google: your action, search for info, find sites that are flagged 'unsafe' you click on it anyway, Google's action: nothing (maybe offer ads for spyware removal
An Example (Score:2, Interesting)
Re:An Example (Score:2)
Re:An Example (Score:4, Informative)
Re:An Example (Score:2)
Re:An Example (Score:2)
Re:An Example (Score:2)
Yet they *still* rank it in first place. As usual - Google's left hand doesn't know what its right is doing.
Re:An Example (Score:2)
Also, prostitutes.
Also, Also, Drugs.
Re:An Example (Score:2)
Google's toolbar has click tracking functionality that you may activate. They use this click-through data to help determine the value of a page's popularity. If the warning showed on the actual results page, there would be an artificial change to the rankings based on an action they took.
Separating the "malware" message from the results still allows an accurate sampling from the initial clicks in the organic results. Also, as another poster pointed out earlier, if there is no soli
Dangerous Words (Score:2)
Free screensavers
Bearshare
Screensavers
Winmx
Limewire
Lime wire
Free ringtones
Where is 'advertisment?'
Re:Dangerous Words (Score:3, Insightful)
"Unsafe Sites" (Score:3, Funny)
Questions that need answers (Score:5, Interesting)
How do they handle redirects? If I have a site that redirects a user to bad content, is the original page flagged as bad? Combined with a page that isn't crawled, how would they know to flag it?
How are they going to handle any obfuscation that takes place? Or handle new malware? This might not be a show-stopper, but I think it is a techinical issue that should be addressed.
How are they going to handle the lag between crawling and new content? My server gets crawled about once a week. So I would have ~6 days to host bad content before switching it back to look legit for my next Google crawl.
What system are they going to have to handle complaints or appeals? If my site is flagged incorrectly, Google is taking a risk of liability by flagging it that way. It seems that if they take due diligence to keep the false positives low, there will be an increase in false negatives.
These are just off the top of my head and I am sure there are a lot more issues that I haven't thought of.
Re:Questions that need answers (Score:2)
Stay Safe (Score:2)
But for those who just can't go cold turkey. Best way to stay safe is use hardware firewall and/or new wired router, software firewall, and VMWare's Browsing Appliance with ubuntu.
Grease Monkey script (Score:2, Informative)
This Will Only Provide a False Sense of Security (Score:4, Insightful)
The reason it won't work very well is that all the malware sites have to do is present a non-malware version of their pages to google's spiders. If they don't see the malware, they can't know it is there for everybody else.
So, at first we will see Google correctly identify malware sites, and that will be effective for just long enough that people will come to expect that sites without a malware warning are safe. By then, someone will have come up with an automated systems for giving google a "clean" version of the website and serving malware to everyone else. This automation will spread rapidly and then google will no longer be effective - but now some number of people will have started to rely on google's warnings (or rather lack of warning), thus making them more vulnerable than before.
I think another poster's idea is much better - include malware detection as part of the pagerank score. Don't advertise it, don't spell it out, just do it. Malware sites will sink to the end of the search results (where they belong anyway since they are rarely useful for anything but malware distribution). Eventually the malware distributors will figure it out and start feeding "good" pages to google's spyder - but at least no regular users will ever be lulled into a false sense of security by thinking that the lack of a warning is an indication of safety.
Re:This Will Only Provide a False Sense of Securit (Score:2)
Re:This Will Only Provide a False Sense of Securit (Score:2)
Labelling it "malware" will have the same effect as banning anyway, so they will have nothing to lose. Google can only ban a site if they catch it.
Plus, there are clearly exceptions - news sites that let google index content that normally requires a username/password. I used to regularly get into such sites simply by setting my user-agent to that of the google spider. That doesn't work so much anymore si
Shhhh (Score:2)
Is goatse considered unsafe? (Score:2, Funny)
I'll tell you what a pandoras box really is (Score:3, Insightful)
i'll keep your box closed for now.
Re:Pandora's Box (Score:2)
Re:Pandora's Box (Score:2, Informative)
Re:Pandora's Box (Score:4, Insightful)
Re:flag javascript, flash, schlockwave (Score:5, Insightful)
They'll flag sites that deploy malware, spyware, and other junk. They'll flag sites that use unrestricted javascript and dangeous security workarounds. Not everything. Blanket labelling would only cause annoyance.
Re:flag javascript, flash, schlockwave (Score:2)
The majority of ads, especially obnoxious interstitial and animated ads, use Flash and/or JavaScript. No thanks.
surely, nine outta ten times, the benefits outweigh the risks.
Interesting, my assessment of the risk to benefit ratio is completely opposite. But then, I'm a sysadmin who is responsible for security at several organizations, and I've spent too much time cleaning up infected machines at client sites to have any illusions about the natur
Re:flag javascript, flash, schlockwave (Score:2)
Re:flag javascript, flash, schlockwave (Score:2)
I tend to use both (Score:2)
Re:flag javascript, flash, schlockwave (Score:2)
Re:What would you expect them to say? (Score:2)
Re:What would you expect them to say? (Score:2)
Re:What would you expect them to say? (Score:2)