Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google to be Our Web-Based Anti-Virus Protector ?

Zonk posted more than 7 years ago | from the oh-google-is-there-anything-you-can't-do dept.

Google 171

cyberianpan writes "For some time now, searches have displayed 'this site may harm your computer' when Google has tagged a site as containing malware. Now the search engine giant is is further publicizing the level of infection in a paper titled: The Ghost In The Browser. For good reason, too: the company found that nearly 1 in ten sites (or about 450,000) are loaded with malicious software. Google is now promising to identify all web pages on the internet that could be malicious - with its powerful crawling abilities & data centers, the company is in an excellent position to do this. 'As well as characterizing the scale of the problem on the net, the Google study analyzed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets. Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded form third party sites. The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found.'"

Sorry! There are no comments related to the filter you selected.

1 in 10? (3, Funny)

Xoltri (1052470) | more than 7 years ago | (#19086275)

When I was living at home my sister must've found every last one of them. She was terrible for breaking the computer.

Re:1 in 10? (4, Funny)

hal2814 (725639) | more than 7 years ago | (#19086549)

Well most downloaded malware comes through online games and porn. Which one did your sister have a hankering for?

Re:1 in 10? (3, Funny)

Kurrurrin (790594) | more than 7 years ago | (#19088385)

I'm trying to figure out how the first post can be tagged as redundant. It doesn't work, unless one is taking into account the entire history of posting on /. And if that is the case, then everyone should just start off with (Score:-1, Redundant) to save mods the trouble.

aid and comfort to the enemy? (1, Interesting)

fred fleenblat (463628) | more than 7 years ago | (#19086301)

Since most of this malware attacks windows machines, isn't google helping microsoft more than it's helping linux or apple?

Re:aid and comfort to the enemy? Helping microsoft (5, Insightful)

Aldur42 (1042038) | more than 7 years ago | (#19086439)

Maybe, but any reduction in the number of infected PCs is win for the entire net.

Re:aid and comfort to the enemy? (-1, Troll)

Joe The Dragon (967727) | more than 7 years ago | (#19086547)

it's harder to insatll malware on mac osx and linux then it is on windows.

Re:aid and comfort to the enemy? (2, Interesting)

Anonymous Coward | more than 7 years ago | (#19086937)

it's harder to insatll malware on mac osx and linux then it is on windows.

So if you install malware on OS X or Linux, it's on Windows?

Not unless you have Wine running, too.

Re:aid and comfort to the enemy? (2, Funny)

cp.tar (871488) | more than 7 years ago | (#19088307)

Actually, I seem to recall that someone tried to run some Windows viruses in Wine.

Alas, Wine is not yet fully compatible with Windows, and it showed.

Does it matter? (4, Insightful)

Radon360 (951529) | more than 7 years ago | (#19086729)

I would hope that Google is looking at it more from the perspective of what is generally good for the betterment of the entire internet. Who cares if it directly benefits users of Microsoft product users more than Linux/OSX users? Bottom line, it is potentially one less infection, and one less pwned computer in a bot network. Less infections means less machines that are probing ports on random addresses, or used in brute force attacks, such as DoS attempts.

Don't get too tied up in the means, but rather what the potential end results, good or bad, might be.

Re:Does it matter? (1)

pegr (46683) | more than 7 years ago | (#19086867)

Do we really want to make it easier to identify malware sites so evil-doers will have a ready-made list of sites to entrap the unsuspecting? At least going through Google, you get a "head's up" first. With a direct link, you don't even get that...

Re:aid and comfort to the enemy? (5, Insightful)

LurkerXXX (667952) | more than 7 years ago | (#19086789)

Do Linux or Apple users not mind when a bot-net army takes down a website they are trying to access, or clogs the pipes?

Do Linux or Apple users not mind all the spam to their inbox from hijacked machines?

Do Linux or Apple users not have to worry about some family member being taken in by a phishing scheme, hosted on a hijacked machine?

Do Linux or Apple users not mind tons of hijacked machines probing any SSH or other ports you might have open, looking for vulnerabilities or doing dictionary password attacks?

Less hijacked machines on the internet helps us all. Be you a Windows, Linux, Apple, BSD, or other user. Not caring about hijacked windows boxes because you are leet enough to use Linux is stupid.

Re:aid and comfort to the enemy? (1)

dave562 (969951) | more than 7 years ago | (#19087109)

There's no sense in making the user suffer or declaring them an enemy combatant.

What you suggest is wrong and immoral (5, Insightful)

kevlarcowboy (996973) | more than 7 years ago | (#19087193)

Since most of this malware attacks windows machines, isn't google helping microsoft more than it's helping linux or apple?

Since morality is defined by the desire to limit human suffering, protecting innocent people who don't know better from malware is always going to be for a greater good. People shouldn't have to get their OS reloaded every few months.

Not running your choice of OS doesn't make them bad, and is a startling simplistic world view. There's no "helping Microsoft" here; they are trying to protect all Internet users. Since those people are using Google search, it's really more like trying to serve their customers better. Since all their customers are Internet users; so ask yourself: what is concern #1 amongst Internet users?

Re:aid and comfort to the enemy? (2, Informative)

mrsteveman1 (1010381) | more than 7 years ago | (#19087367)

It is in everyone's interest to both secure Windows and stop malware in general, because an infected box can be used for things other than gathering info on the owner, which then affects people who have nothing to do with Windows.

For instance, botnets generally are made up of windows PCs, but are used to DDoS attack Unix webservers for ransom or political gain. They can also be used to attack network nodes such as vulnerable Cisco routers or corporate firewalls, it's a generic proxy model of attack which can be used for any number of attack vectors on any number of different systems. Recently there was even a browser exploit that allowed an attacker to use the box as a security scanner for vulnerable websites, this affected ALL systems, including OS X and Linux.

So, you can see windows is a huge part of the problem and everyone would be better off if it died, but it benefits everyone to stop malware, even if it means fixing problems Microsoft can't or wont fix themselves.

Re:aid and comfort to the enemy? (0)

Anonymous Coward | more than 7 years ago | (#19087583)

When did Microsoft/Windows become the enemy? (Of Google, obviously the /. crowd has its own opinions... even while most of them surf from Windows computers.) Microsoft is a competitor, but hardly a threat (at this point).

Besides, Microsofties aren't the only people who use Windows. The victim of malware isn't Microsoft (they already have your money), it's the Windows user.

Re:aid and comfort to the enemy? (0)

Anonymous Coward | more than 7 years ago | (#19087873)

Seriously are you a moron or just a troll?

Helping to clean up the net is a good thing for everyone.

Re:aid and comfort to the enemy? (2, Informative)

fred fleenblat (463628) | more than 7 years ago | (#19087973)

Neither, it is my honest opinion that microsoft should clean up its own mess.

Re:aid and comfort to the enemy? (1)

digitig (1056110) | more than 7 years ago | (#19088095)

Most of their customer base is probably using MS Windows machines, too -- probably over 90% (eg, [url:http://www.w3schools.com/browsers/browsers_os .asp]). Why shouldn't they help their customer base?

Only works through Goolge now... (4, Interesting)

cyberianpan (975767) | more than 7 years ago | (#19086331)

This is potentially a very useful service but not all URLs we visit are from Google searches, some we still type in others as links from pages. However could we soon expect a Firefox add in that will filter all http requests through Google ? So then our new overlords will indeed know everything about our web-habits ?

Re:Only works through Goolge now... (3, Funny)

Random832 (694525) | more than 7 years ago | (#19086557)

However could we soon expect a Firefox add in that will filter all http requests through Google ? http://www.google.com/history [google.com]

Google Toolbar (1)

Radon360 (951529) | more than 7 years ago | (#19086771)

Don't be surprised if somehow this becomes an integrated feature in Google Toolbar, much like their page rank feature. My guess is that you would be able to disable it, too.

Re:Google Toolbar (1)

morgan_greywolf (835522) | more than 7 years ago | (#19087139)

Uhhh...it already is [google.com]

Re:Google Toolbar (1)

Radon360 (951529) | more than 7 years ago | (#19087421)

Page rank feature - yes, it's been there for years, right along with the pop-up blocker.

Didn't see the malware alerter/blocker though, did I miss it?

Axis is evil (1, Funny)

Anonymous Coward | more than 7 years ago | (#19087257)

Google, SCO, Microsoft... the axis of evil...

It already exists somewhat (2, Interesting)

Anonymous Coward | more than 7 years ago | (#19087405)

Tools > Options > Security > Tell me if the site i'm visiting is a suspected forgery, then the option check by asking google.

Checks if they are forged sites and so on built right in. I would suspect not long there will be an option check if this is a bad site.

Re:Only works through Goolge now... (2, Insightful)

Jorgandar (450573) | more than 7 years ago | (#19087489)

The difference, if that ever happens, is that firefox will allow you to turn it off. Your ISP overlord has known about your web habits for years already.

Re:Only works through Goolge now... (1)

VinB (936538) | more than 7 years ago | (#19087595)

They would only be given this new authority if they promise to step down once the threat is vanquished....

.... now begun the click wars have!

Wouldn't good sites with bad ads or posts... (5, Insightful)

Anarchysoft (1100393) | more than 7 years ago | (#19086339)

be blocked?

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.
Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?

Re:Wouldn't good sites with bad ads or posts... (1, Funny)

Anonymous Coward | more than 7 years ago | (#19086511)

Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?
No. Because that will impact Google's ability to monetize their intellectual property through certification / exception schemes.

Re:Wouldn't good sites with bad ads or posts... (1)

Anarchysoft (1100393) | more than 7 years ago | (#19086719)

| Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web? No. Because that will impact Google's ability to monetize their intellectual property through certification / exception schemes.
Do you mean something like SORBS?

Re:Wouldn't good sites with bad ads or posts... (1)

zCyl (14362) | more than 7 years ago | (#19086615)

Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?

Websites from people or organizations accidently distributing viruses are probably not the most insightful or useful websites anyway.

Re:Wouldn't good sites with bad ads or posts... (1)

Anarchysoft (1100393) | more than 7 years ago | (#19086803)

Websites from people or organizations accidently distributing viruses are probably not the most insightful or useful websites anyway.
Probably not, but if it really is 10% that's a huge chunk of the net. Of course, is this 10% of pages, sites, pages with unique content, etc, etc? And, if it is a free hosting site or something along those lines, perhaps the content creator really has no control over what banners, etc are displayed... Perhaps they should just use Google Pages. ;) I have found Google's badware warning on sites that did have useful content.

Re:Wouldn't good sites with bad ads or posts... (1)

DrEldarion (114072) | more than 7 years ago | (#19087811)

If it's 10% of sites, I'd be blown away. 10% of pages, though... I wouldn't be surprised if 10% of pages on the net were created with the sole intent of distributing malware or viruses, let alone sites that do it unintentionally.

Re:Wouldn't good sites with bad ads or posts... (0)

Anonymous Coward | more than 7 years ago | (#19088147)

Bu7 wh3r3 w1|| 1 g37 my w4r3z fr0m?

But seriously, there actually is useful (legal) stuff (including legitimate downloads) on at least some of these blocked sites.

Re:Wouldn't good sites with bad ads or posts... (2, Insightful)

Radon360 (951529) | more than 7 years ago | (#19086881)

The answer to your first question is most likely yes.

What it would do, hopefully, is force companies in the business of serving up ads for pages to clean up their act, or find themselves going out of business. When word gets out that XYZ web ad agency's ads led Google to flag ABC company's web page as having malware, those looking to whore search rank positions will drop them like a bad habit.

Re:Wouldn't good sites with bad ads or posts... (2, Interesting)

arivanov (12034) | more than 7 years ago | (#19086899)

They would.

And the only thing a person who wants to distribute malware neeeds to do is some minimal robots.txt manipulation. The pages with the "bait" content can still be "crawlable" by google while the malware may sit in areas which have been made non-crawlable.

Yet another stupid idea. Almost as stupid as the .bank domain. Or windows asking you to reboot just because the program you run was called "install" or had an MSI extension.

Re:Wouldn't good sites with bad ads or posts... (1)

hotdiggitydawg (881316) | more than 7 years ago | (#19087635)

Hello?!? McFly?!? I know this is /. but the least you could do is read the summary!

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets... These are often downloaded form third party sites.
The robots.txt file on the website's server has no effect on third-party content hosted on a completely different server.

And for the record, I think it's a brilliant idea. If an advertising agency serves up spyware it'll trash the rankings of the sites hosting its own ads, and pretty soon it'll have such a bad reputation among the entire web that nobody will use it. Thus it will force these advertising muppets to clean up their act or go out of business, a move which is long overdue IMHO.

Re:Wouldn't good sites with bad ads or posts... (1)

Kadin2048 (468275) | more than 7 years ago | (#19087715)

And the only thing a person who wants to distribute malware neeeds to do is some minimal robots.txt manipulation. The pages with the "bait" content can still be "crawlable" by google while the malware may sit in areas which have been made non-crawlable.

Seems like the solution to that is obvious -- don't obey robots.txt for the purposes of the malware scan.

I'm not sure that robots.txt is legally binding anyway, except perhaps where it relates to an implicit permission to cache content (and even there I don't think the courts have really established any tests that use it, outside of the Netherlands anyway), so Google could just have its crawlers go through everything on the malware scan, but then only index and cache the parts that aren't blocked off. If a page had any malicious content in an area prohibited by robots.txt, then you could assume that the main site was probably bad (since the person creating the robots.txt file specifically crafted it to hide the malware) and you could flag the whole site as possibly dangerous.

Re:Wouldn't good sites with bad ads or posts... (1)

mblase (200735) | more than 7 years ago | (#19087513)

Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?

Yes, but there's nothing Google can do about that.

Google does not yet make a web browser that can out-marketshare Internet Explorer.

They do, however, have a search engine that significantly out-marketshares MSN Search.

Re:Wouldn't good sites with bad ads or posts... (1)

Anarchysoft (1100393) | more than 7 years ago | (#19087647)

| Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web? Yes, but there's nothing Google can do about that. Google does not yet make a web browser that can out-marketshare Internet Explorer.
Good point. It would be neat if there was an extension that would use Google's site safety check and disabled scripting, flash, etc if the current site was flagged. That way the content could still be there, the sections of the internet wouldn't be cordoned off and people would be safer.

Re:Wouldn't good sites with bad ads or posts... (1)

DrEldarion (114072) | more than 7 years ago | (#19087899)

I imagine they'll implement it in the Google toolbar.

Re:Wouldn't good sites with bad ads or posts... (1)

LnxAddct (679316) | more than 7 years ago | (#19088425)

Yea, it'd be nice to have operating systems that can't be taken advantage of, or a multitude of things... but we don't live in a perfect world. Google is helping with what they're best at doing, and it's a solution that works *now*... not some theoretical perfect browser. I doubt they'll outright block the sites, but rather notify the sites and in the meantime warn users while the sites still contain malicious content. In fact this will probably help content providers more than anything, because right now most have no way of checking their own sites for malicious things.
Regards,
Steve

Re:Wouldn't good sites with bad ads or posts... (1)

Anarchysoft (1100393) | more than 7 years ago | (#19088457)

I doubt they'll outright block the sites, but rather notify the sites and in the meantime warn users while the sites still contain malicious content.
I thought that's what they already did and this was a step further?

Pros and Cons (4, Interesting)

PixieDust (971386) | more than 7 years ago | (#19086347)

I can see a lot of Pros and Cons to this. While certainly it's good that such a major player is taking an active and aggressive stance on this, I thinkk it's also going to cause a lot of people to have a false sense of security. And while this only affects users who search for pages (and that is a LOT of traffic), it's still going to bring the question to some users "Google tells me if a site is dangerous, what do I need malware protection for?"

I surf almost exclusively in Windows, using IE (IE6 + XP Pro on Desktop, IE7 + Vista on laptop) with no protection, and I've not had an issue with malware in years. But most people's browsing habits aren't quite like mine.

One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image.

I'm fairly interested to see how this plays out.

Re:Pros and Cons (3, Interesting)

Radon360 (951529) | more than 7 years ago | (#19087053)

One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image.

The next question would be, what are Google's plans/procedure for getting a site recrawled after a problem is corrected? I could see a company being be upset about not having a quick and effective way of getting this flag cleared after fixing the problem. Or, for that matter, a less scrupulous site operator removing the malware, getting cleared, then reintroducing it, and the repeat the cycle on the next crawl when it gets flagged again.

While I think Google would like to just say that such a warning would be reset on the next crawl showing a clean site, most businesses would not be happy about this. This could potentially become an administrative overhead nightmare if not carefully done.

Re:Pros and Cons (3, Insightful)

Jarjarthejedi (996957) | more than 7 years ago | (#19087159)

"One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image."

A favor? Google has likely killed their company, or at least it's online portion. Remember the big debate about how certain companies weren't being seen on the front page of google searches a while ago? Remember how much less revenue those companies got? Think about it, if little old lady #13 wants to buy item xdfsd#14 from bigcompanyhere.com but Google tells her that it may contain scary Malware that could take over her computer how likely is she to buy item xdfsd#14 from bigcompanyhere.com? How likely is she to tell her friends not to buy item xdfsd#14 from bigcompanyhere.com? How likely is she to never shop on bigcompanyhere.com ever again even if they fix the minor problem that google flagged for them?

Any time a non-computer savy person sees this type of thing they're likely to avoid that site for a very long period of time. Sure, that'll make the companies more careful about what they put there, but it also gives Google even more control over the internet and internet based companies. I wouldn't be surprised if they (google) began offering "consulting" fees to remove the malware that google flagged from the companies site quickly, and how much of a leap is it from there to pure extortion?

Google controls a lot of the internet right now. Their job should not be to tell people where to search but rather to let them go where they want to go. This is a 'sounds like a good idea' idea but it could potentially be disastrous. Oh sure, what I layed out in my post is a pretty worst case scenario type thing, on the other hand how unlikely do you think it is? As for me, I'm expecting to see the 'Google Anti-Malware Division' started up pretty soon with their 'Low price of $100 to remove flagged malware from your site and get it back on the green list' within a year of this starting

Re:Pros and Cons (1)

kevlarcowboy (996973) | more than 7 years ago | (#19087287)

Thats a good point, getting tagged as unsecure could kill a Web site.

HOORAY! Now that MySpace is dead, our corporate networks will once again be productive. I for one welcome our new Web search overlords.

Re:Pros and Cons (1)

Belial6 (794905) | more than 7 years ago | (#19087813)

If the existence of MySpace is causing your corporate networks to become unproductive, you have a lot bigger problems, and none of them are MySpace.

Re:Pros and Cons (1)

Edward Kmett (123105) | more than 7 years ago | (#19087567)

Personally, I kind of like the side-effects and I don't really see the problem with this.

It means that the security of the site that I am using is positively correlated with its place in the rankings.

If a site is poorly designed and capable of being exploited with malware, it probably does deserve to be kicked into the 'get your s#!t together' pool down with the people who pay SEO 'professionals.'

The risk of such things happening will cause sites to care a lot more about security.

As for the 'low low price' case you lay out, its totally at odds with the way google does business, it quite simply requires too many boots on the ground and is too invasive. The sites they index are not their customers.

Re:Pros and Cons (3, Insightful)

fuzz6y (240555) | more than 7 years ago | (#19088463)

. . . even if they fix the minor problem that google flagged for them?

minor problem my foot. Your notion that bigcompanyhere.com is entitled to grandma's money even if they're peddling spyware is ridiculous. Google gave grandma exactly what she wanted: a place to buy a widget without getting 0wn3d. The fact that they did no favors for bigcompanyhere.com is of no concern to her. Or me.

I wouldn't be surprised if they (google) began offering "consulting" fees to remove the malware that google flagged from the companies site quickly

I would be very surprised indeed. They don't offer consulting fees to get you back on the gravy train after you got penaltyboxed for purveying spam links

Their job should not be to tell people where to search but rather to let them go where they want to go.

Spyware central isn't where I want to go, even if they sell the cheapest RAM by four cents. Google, of course, is working for their shareholders and get paid by their advertisers, but they have a vested interest in keeping the searchers happy so the advertisers will keep paying them. The people whose sites are included in the results don't have some God given right to be on the first page so they can make money. Nevertheless, google has always tried to walk the tightrope between being overrun by crappy keyword farms and kicking out legitimate sites.

Already being done (4, Informative)

zappepcs (820751) | more than 7 years ago | (#19086361)

McAfee SiteAdvisor already does this for Google search results pages. This is nothing new. Its a FF extension and works well, though lately it has pointed out that proxy servers are trying to steal my identity when I try to use them.

Informing webmasters (4, Insightful)

truthsearch (249536) | more than 7 years ago | (#19086381)

Instead of just flagging sites for users, they should first add the detailed information to the Google Webmaster Tools. If it's third party software that's the problem inform the webmasters (at least those who use Google's tools) so they can take it down. Granted, it's their own fault for using third party software without enough investigation, but let them fix the problem before they're flagged for end users.

Re:Informing webmasters (2, Insightful)

Miseph (979059) | more than 7 years ago | (#19086723)

Um, no. A website can get hits 24 hours a day, 7 days a week, and while some websites have webmasters able to give that much coverage, most do not. What about all of the users who could potentially become infected in the time between when Google spots the malware and the webmaster can fix the problem? How long would Google give them to fix it before just putting up a notice anyway? The point is to control the propagation of malware, not give webmasters a chance to stop sucking at life before warning end users that the site is full of malware and incompetence.

Re:Informing webmasters (1)

truthsearch (249536) | more than 7 years ago | (#19087777)

Um, yes. Not every webmaster is incompetent. Having malware through a generally respectable ad agency, for example, may be no fault of the webmaster. Why would it hurt to wait one week to put the feature on the front-end of Google, and informing webmaster through their tool first? One week wouldn't make any significant difference when the new version of this feature doesn't even exist today.

Huh (5, Funny)

Realistic_Dragon (655151) | more than 7 years ago | (#19086401)

I browse the internet on my Linux box, running OS X with MacOnLinux. On OS X I run VMWare player hosting FreeBSD, where I have all the options turned to OFF. That runs Firefox, which connects to a web-2.0 version of Lynx. I use this to connect to another site which manually lets me enter netcat commands and read the result.

My only complaint is that the pirates at Macrodobe STILL won't support my platform of choice! When will there be a flash player for people like me!

Re:Huh (2, Funny)

rthille (8526) | more than 7 years ago | (#19088301)

They have! just download it from here! [site.com]

Excuse me ... (2, Funny)

WrongSizeGlass (838941) | more than 7 years ago | (#19086447)

Of course Google can protect us against everything and everyone (except the IRS, acne and that kid on the bike in Better Off Dead). They can do anything they say they can do ... and even stuff that they haven't thought of yet.

Google is good, Google is great, and Google can do no wrong. Where on Earth did I ever get that pearl of wisdom? I read it on the internets, of course ... on some site that rhymes with froogle.

Re:Excuse me ... (1)

hal2814 (725639) | more than 7 years ago | (#19086669)

"except the IRS, acne and that kid on the bike in Better Off Dead"

Google did take care of that kid on the bike for me. I don't know how they did it, but all I had to do was give Google $2 and they made him go away somehow.

side rant on froogle (1)

game kid (805301) | more than 7 years ago | (#19086865)

I read it on the internets, of course ... on some site that rhymes with froogle.
I wonder how the Froogles.com [zdnet.com] guy is feeling, now that Google calls that service Google Product Search [google.com] .

Re:Excuse me ... (1)

Phu5ion (838043) | more than 7 years ago | (#19087321)

Yeah, just as long as Google doesn't come to your house saying; "I want my two dollars!"

right.. (5, Funny)

mastershake_phd (1050150) | more than 7 years ago | (#19086471)

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.
 
So google is going to protect us from webpages that use less than reputable advertising and widget services. Hmm, maybe google should go into the advertising and widget service, oh wait...

Useful, if reliable, but not 100% (3, Interesting)

Bearhouse (1034238) | more than 7 years ago | (#19086483)

Some people don't like, or cannot use, Firefox or Opera, plus sensible add-ons such as anti-phising plug-ins, noscript...

For example, one of my (very big) corp. customers is still running IE 7...

When I challenged the support guys about this, they said 'that's OK, we detect & block most things at the firewall'...

*sigh*

When I pointed out that:
1. That's bullshit.
2. Lots of their managers travelled, and surfed the net via unsecure methods like hotels using proxy servers, public wifi, they said 'that's OK, they can only access the intranet and internal mail via VPN'.

*double sigh*

So now I advise people not to click on URLs directly, or type them in, but go via Google. It's better than nothing...

Re:Useful, if reliable, but not 100% (0, Flamebait)

Giometrix (932993) | more than 7 years ago | (#19087093)

From my understanding IE7 is pretty secure, especially on Vista.

Anything wrong with this? (1)

awesomo2001 (991790) | more than 7 years ago | (#19086485)

From the article,

The user is presented with links that promise access to 'interesting' pages with explicit pornographic content, copyrighted software or media.
In other words, the people who have their computers hacked are those looking for trouble in the first place (although I have to admit that I don't consider porn trouble but I bet most of these problematic sites are serving copyrighted material anyways.) I guess you get what you pay for!

eh? (0)

Anonymous Coward | more than 7 years ago | (#19086503)

1 in 10 sites equals 450,000?

Thanks Slashdot, I never realised the internet was so small.

Re:eh? (0)

Anonymous Coward | more than 7 years ago | (#19088153)

Thanks for upholding the /.er traditions and ignoring TFA! Go, you!

Sample size = 4,500,000
"Bad" sites = 450,000

Five second answer (1)

guerby (49204) | more than 7 years ago | (#19086519)

Just display something different, that is hide malware) when googlebot comes on your website.

Google's response (1)

Radon360 (951529) | more than 7 years ago | (#19087103)

Mask the identity of their crawler for this work.

end-users, man (3, Insightful)

Skadet (528657) | more than 7 years ago | (#19086521)

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.
These days, almost nothing is designed by the website owner. Unless you're coding your own html/php/asp/pearl/ruby/python or at very least peruse the source code of the widgets you download to make sure there's nothing bad in there, you're just another end-user. And so this is not unexpected. End-users are the ones that "CL1CK TH3 PURPL3 M0NK3Y F0R ELEVENTY M1LL10N DOLLERZZZZ!!!" and install all sorts of crazy stuff on their machines. (Rabbit trail: one of my clients many years ago actually ASKED me to install the infamous purple monkey for him because he liked the text-to-speech). Whether it's on the desktop or on the web, people who will install anything without even a hint of research will continue to spread computer-borne diseases. It's one of the reasons I hate MySpace. What 13-year-old girl isn't going to think sparkly, smiling unicorns aren't cute? Of COURSE they're going to spread them around, even though they're attached to a malicious website.

A Malware Site in China (3, Funny)

PHAEDRU5 (213667) | more than 7 years ago | (#19086525)

http://www.usconstitution.net/ [usconstitution.net]

Re:A Malware Site in China (1)

Anonymous Coward | more than 7 years ago | (#19087439)

its not in China and i cant find any reports on malware from that site

whois -h whois.arin.net 209.197.84.79
OrgName: pair Networks
OrgID: PAIR
Address: 2403 Sidney St
Address: Suite 510
City: Pittsburgh
StateProv: PA
PostalCode: 15232
Country: US

but then most malware is based and run from US regardless of where they say it is

Re:A Malware Site in China (3, Funny)

PHAEDRU5 (213667) | more than 7 years ago | (#19087533)

You're not very smart, are you?

450,000? (4, Informative)

rueger (210566) | more than 7 years ago | (#19086539)

Sigh, are basic editorial skills too much to ask here? (I know, it's a rhetorical question).

TFA does not say that "the company found that nearly 1 in ten sites (or about 450,000) are loaded with malicious software." This implies that there are a total of less than a half million sites that pose a risk.

It said that of the 4.5 million pages examined, "about 450,000 were capable of launching so-called "drive-by downloads"..."

It also notes that "A further 700,000 pages were thought to contain code that could compromise a user's computer, the team report."

The problem is probably quite a bit larger than presented in the summary, even if one ignores the confusion between "sites" and "pages".

mod dow+N (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#19086579)

are incoMpatible 7Z000 users of

Confusing title (2)

Bearhouse (1034238) | more than 7 years ago | (#19086633)

"Our Web-Based Anti-Virus.."

Is this not based more at phising scams, trojans and other exploits, rather than just virii?

What's the main source of virus infections? Anybody got some research?

I'm guesing it's swapping infected files, not visiting pr0n sites...

Re:Confusing title (1)

mandelbr0t (1015855) | more than 7 years ago | (#19087329)

It depends on what you call a virus. Most spyware has viral qualities, usually with the exception that it doesn't use the host to propagate itself. Those are usually delivered through the web via the standard Punch-the-Monkey-type flashlets. Real virii are much worse, and I use the propagation property to decide what's 'real'. Propagation consumes resources on your PC and becomes a risk to anybody directly connected to your network. Spyware usually just, well, spys on you and reports back to a central server(s).

I don't have anything more than anecdotal evidence, but I've seen many more virii through infected warez (pirated commercial software) than any other method. Hint: Beware the Vista crack... I still see the odd spam mail that has a virus attachment, but I've not seen any web page that has attempted to infect my computer (IE7 on Vista, so I think I'm as vulnerable as you get these days). OTOH, I don't use the web for pr0n.

What I'd like to know (2, Interesting)

MikeRT (947531) | more than 7 years ago | (#19086645)

Is how they plan on allowing sites to redeem themselves or explain why they had the software there in the first place. If some spammer embeds some malware in a comments section, and you later find it and clean it up, will you be able to get back into Google's good graces?

Re:What I'd like to know (1)

cherokee158 (701472) | more than 7 years ago | (#19087177)

Google has farmed this process out to a third party, stopbadware.org, thereby insuring that an understaffed company is forced to deal with tons of irate web users trying desperately to get their site traffic restored before their business goes belly up.

Not a good idea.

10% number misleading (4, Insightful)

Orinthe (680210) | more than 7 years ago | (#19086745)

It should be noted that the 10% of the web number is somewhat misleading--some comments seem to think it implies that 1 in every 10 pages one visits are likely to contain malware, or the like. Chances are, most of these pages are not worth visiting. This isn't in in every ten pages on yahoo.com or cnn.com, it's probably more like 8 in 10 pages on freekiddiepornplz.com and piratewarezserialzhackz.tv.

Ghost in the Browser? (3, Funny)

PlayItBogart (1099739) | more than 7 years ago | (#19086785)

Is that anything like Ghost in the Shell?

I'm googleperplexed... (1)

smitty97 (995791) | more than 7 years ago | (#19086945)

the company found that nearly 1 in ten sites (or about 450,000)
Let me get this straight.. 1. there are only 4,500,000 web sites, and 2. 37% of them [google.com] have 09-f9-11... on them?

Re:I'm googleperplexed... (0)

Anonymous Coward | more than 7 years ago | (#19087231)

I'd like to explain the concept of a SAMPLE to you.

You Better Believe Google!! (0)

Anonymous Coward | more than 7 years ago | (#19086957)

I was trying to download a pirated program (to test it out), Google warned me, and I installed it anyway, and had to reformat my machine!!

See actual paper. Not really that new. (5, Informative)

Animats (122034) | more than 7 years ago | (#19086989)

Here's the actual paper. [usenix.org] It's a Usenix paper.

What they're doing is straightforward, and it's much like what many virus scanners do. First, they look at web pages to see if there's anything suspicious that requires further analysis. If there is, they load the page into Internet Explorer (of course) in a virtual machine, and see if it changes its environment. The better virus scanners have been doing something like that for a few years now, running possible viruses in some kind of sandbox. Although they usually don't go all the way and run Internet Explorer in a virtual machine. (Are you allowed to do that under Microsoft's current EULA for IE 7?)

The main problem with Google's approach here is that it's after the fact. They won't notice a bad page until the next time they crawl it. Bad pages come and go so fast today that they'll always be behind. As the paper says, "Since many of the malicious URLs are too short-lived to provide statistically meaningful data, we analyzed only the URLs whose presence on the Internet lasted longer than one week."

If Google implements this, the main effect will be to push attackers into changing site names for attack sites even faster.

It's all so backward. What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away. That would actually work.

Re:See actual paper. Not really that new. (1)

Kadin2048 (468275) | more than 7 years ago | (#19087985)

It's all so backward. What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away. That would actually work.

Or, just not run Internet Explorer, which as far as I can tell, is the most effective solution overall.

Frivolous Lawsuit Time (1)

packetmon (977047) | more than 7 years ago | (#19086993)

I once wrote a document called Ghost in the Shell [google.com] which dealt with crypto/stego. I wonder if I can sue Google for stealing the concept name in order to pay back the anime producer who will sue me after they get wind of it..

Woohoo! (1)

retro77 (1097467) | more than 7 years ago | (#19087041)

Good! now I can finally get that copy of Vista without getting all the spyware....just kidding....i dont condone software piracy...

Wrong title for summary (0)

Anonymous Coward | more than 7 years ago | (#19087051)

Shouldn't the title be "Google to be Our Web-Based Anti-Virus Protector Overlord?" Seems more apropos.

Easy to defeat? (4, Interesting)

140Mandak262Jamuna (970587) | more than 7 years ago | (#19087079)

The malicious websites just have to skip the malicious code when the user agent string is google crawler. Are they going to change the user agent string? Will it be considered pretexting (the euphemism for impersonating)?

Re:Easy to defeat? (1)

mandelbr0t (1015855) | more than 7 years ago | (#19087539)

Nah. They'll just use Tor. Everyone else can be anonymous on teh intarwebs, why not Google?

This is a good step, but not enough (2, Interesting)

zukinux (1094199) | more than 7 years ago | (#19087089)

It's very nice from Google or any other company to do so. But I think the solution is to teach people to surf smarter! I.e When they think they want to download a movie, there's no way to download .exe file! it's just plain stupidity. People need to read the messages they pop before they click yes on every message like : By Clicking yes 1Click-weather-adware-traybar will be installed.
One day people will learn to surf smarter, meanwhile, we will help them becoming smarter.

my first oblig. (1)

yoyoq (1056216) | more than 7 years ago | (#19087305)

I, for one, welcome our web-based anti-virus protector.

Pardon my cynicism, but.... (3, Insightful)

mblase (200735) | more than 7 years ago | (#19087483)

the Google study analyzed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets

I am shocked, SHOCKED, to discover that a company that makes money selling ads on other websites would want to highlight malware-spouting ads by other companies.

Yes, I agree that identifying these ads is a Good Thing. No, I don't think publicly-traded Google's intentions are entirely noble.

Great Idea - No False Sense of Security (2, Insightful)

madsheep (984404) | more than 7 years ago | (#19087521)

Regardless of whether not not this provides a "false sense of security" it is a good idea. It would certainly be better than nothing. It won't really provide a false sense of security anymore than a phishing tool bar, antivirus software, or e-mail filtering. Right now people search for stuff on Google and click the link. There is no false sense of security. People are already assuming the websites are safe. If Google steps in and says "hey, this site isn't safe", then at least people have advance notice and choice.

I see references to common things like widgets, but I don't see that as the most commonly attacked/exploited part of websites. Sure it's a real issue and is common (yes AdSense was hit with this kind of attack), but I hope they look for a lot more. One of the most common these days are the surprise addition to website sources of iframes with widths of 0. Or new and sudden references to .js files or new obfuscated JavaScript. If they look for all of this and possibly analyze/process it, they can go a long way to stop this type of malware. This feature if implemented correctly is a win for everyone on the Internet... well except the bad guys. :)

How accurate? (0)

Anonymous Coward | more than 7 years ago | (#19087597)

When Richard Jeni died, I did a google search to see who he was. The first hit was his webpage, but it was tagged 'this site may harm your computer', so I didn't bother. Bad timing! And not very accurate either!

Please NO MORE Google stories (0)

Anonymous Coward | more than 7 years ago | (#19087657)

Did Google pay Slashdot? Every day there are two or three Google stories, I use Google for search, but I am really sick of reading so much on daily basis about one single company on Slashdot.

mod d=o3n (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#19087707)

Beyond th3 scope of transfer, Netscape

Great. (2, Funny)

dogbrt (913020) | more than 7 years ago | (#19087801)

I've always wanted protection from those dreaded Anti-virus software.

robots.txt (2, Insightful)

_bug_ (112702) | more than 7 years ago | (#19088343)

What about malicious sites (fake login pages) that disallow indexing/crawling via meta tags or robots.txt. If Google still searches/indexes that page then they break the rules for crawlers/bots and how does that reflect on them?

Also, what about content that's delivered on pages that require you to login first (poral, message boards, etc..). These are areas a crawler is not going to get to and completely miss.

Going back to the fake login pages bit, unless Google can index every site every day these fake login pages will be up and down long before the crawler reaches them.

The speed with which web-based worms, fake logins, viruses, etc.. spread is probably far far greater than the cycle time for Google to crawl the malicious site in question.

Where I could see some real value here is in using Google to detect vulnerabilities in existing sites (publicly available documents with sensitive information like CCs, open directories with long lists of mp3s or large videos, simple phrases that indicate some web vandal has hit the site like "X was here" or "hacked/owned/pwnd by X" etc. Focus on giving web developers a tool to evaluate their own site from a security perspective rather than worrying about the end user. Google's infrastructure really isn't built to work like that.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?