Google to be Our Web-Based Anti-Virus Protector ?

cyberianpan writes "For some time now, searches have displayed 'this site may harm your computer' when Google has tagged a site as containing malware. Now the search engine giant is is further publicizing the level of infection in a paper titled: The Ghost In The Browser. For good reason, too: the company found that nearly 1 in ten sites (or about 450,000) are loaded with malicious software. Google is now promising to identify all web pages on the internet that could be malicious - with its powerful crawling abilities & data centers, the company is in an excellent position to do this. 'As well as characterizing the scale of the problem on the net, the Google study analyzed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets. Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded form third party sites. The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found.'"

Wouldn't good sites with bad ads or posts...

[Anarchysoft]

be blocked?

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.

Wouldn't it be far better to have safer browsers than to shut out (as many people or their organizations will do) 10% of the web?

Informing webmasters

[truthsearch]

Instead of just flagging sites for users, they should first add the detailed information to the Google Webmaster Tools. If it's third party software that's the problem inform the webmasters (at least those who use Google's tools) so they can take it down. Granted, it's their own fault for using third party software without enough investigation, but let them fix the problem before they're flagged for end users.

Re:aid and comfort to the enemy? Helping microsoft

[Aldur42]

Maybe, but any reduction in the number of infected PCs is win for the entire net.

end-users, man

[Skadet]

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.

These days, almost nothing is designed by the website owner. Unless you're coding your own html/php/asp/pearl/ruby/python or at very least peruse the source code of the widgets you download to make sure there's nothing bad in there, you're just another end-user. And so this is not unexpected. End-users are the ones that "CL1CK TH3 PURPL3 M0NK3Y F0R ELEVENTY M1LL10N DOLLERZZZZ!!!" and install all sorts of crazy stuff on their machines. (Rabbit trail: one of my clients many years ago actually ASKED me to install the infamous purple monkey for him because he liked the text-to-speech). Whether it's on the desktop or on the web, people who will install anything without even a hint of research will continue to spread computer-borne diseases. It's one of the reasons I hate MySpace. What 13-year-old girl isn't going to think sparkly, smiling unicorns aren't cute? Of COURSE they're going to spread them around, even though they're attached to a malicious website.

Re:Informing webmasters

[Miseph]

Um, no. A website can get hits 24 hours a day, 7 days a week, and while some websites have webmasters able to give that much coverage, most do not. What about all of the users who could potentially become infected in the time between when Google spots the malware and the webmaster can fix the problem? How long would Google give them to fix it before just putting up a notice anyway? The point is to control the propagation of malware, not give webmasters a chance to stop sucking at life before warning end users that the site is full of malware and incompetence.

Does it matter?

[Radon360]

I would hope that Google is looking at it more from the perspective of what is generally good for the betterment of the entire internet. Who cares if it directly benefits users of Microsoft product users more than Linux/OSX users? Bottom line, it is potentially one less infection, and one less pwned computer in a bot network. Less infections means less machines that are probing ports on random addresses, or used in brute force attacks, such as DoS attempts.

Don't get too tied up in the means, but rather what the potential end results, good or bad, might be.

10% number misleading

[Orinthe]

It should be noted that the 10% of the web number is somewhat misleading--some comments seem to think it implies that 1 in every 10 pages one visits are likely to contain malware, or the like. Chances are, most of these pages are not worth visiting. This isn't in in every ten pages on yahoo.com or cnn.com, it's probably more like 8 in 10 pages on freekiddiepornplz.com and piratewarezserialzhackz.tv.

Re:aid and comfort to the enemy?

[LurkerXXX]

Do Linux or Apple users not mind when a bot-net army takes down a website they are trying to access, or clogs the pipes?

Do Linux or Apple users not mind all the spam to their inbox from hijacked machines?

Do Linux or Apple users not have to worry about some family member being taken in by a phishing scheme, hosted on a hijacked machine?

Do Linux or Apple users not mind tons of hijacked machines probing any SSH or other ports you might have open, looking for vulnerabilities or doing dictionary password attacks?

Less hijacked machines on the internet helps us all. Be you a Windows, Linux, Apple, BSD, or other user. Not caring about hijacked windows boxes because you are leet enough to use Linux is stupid.

Re:Wouldn't good sites with bad ads or posts...

[Radon360]

The answer to your first question is most likely yes.

What it would do, hopefully, is force companies in the business of serving up ads for pages to clean up their act, or find themselves going out of business. When word gets out that XYZ web ad agency's ads led Google to flag ABC company's web page as having malware, those looking to whore search rank positions will drop them like a bad habit.

Re:Pros and Cons

[Jarjarthejedi]

"One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image."

A favor? Google has likely killed their company, or at least it's online portion. Remember the big debate about how certain companies weren't being seen on the front page of google searches a while ago? Remember how much less revenue those companies got? Think about it, if little old lady #13 wants to buy item xdfsd#14 from bigcompanyhere.com but Google tells her that it may contain scary Malware that could take over her computer how likely is she to buy item xdfsd#14 from bigcompanyhere.com? How likely is she to tell her friends not to buy item xdfsd#14 from bigcompanyhere.com? How likely is she to never shop on bigcompanyhere.com ever again even if they fix the minor problem that google flagged for them?

Any time a non-computer savy person sees this type of thing they're likely to avoid that site for a very long period of time. Sure, that'll make the companies more careful about what they put there, but it also gives Google even more control over the internet and internet based companies. I wouldn't be surprised if they (google) began offering "consulting" fees to remove the malware that google flagged from the companies site quickly, and how much of a leap is it from there to pure extortion?

Google controls a lot of the internet right now. Their job should not be to tell people where to search but rather to let them go where they want to go. This is a 'sounds like a good idea' idea but it could potentially be disastrous. Oh sure, what I layed out in my post is a pretty worst case scenario type thing, on the other hand how unlikely do you think it is? As for me, I'm expecting to see the 'Google Anti-Malware Division' started up pretty soon with their 'Low price of $100 to remove flagged malware from your site and get it back on the green list' within a year of this starting

What you suggest is wrong and immoral

[__aawdrj2992]

Since most of this malware attacks windows machines, isn't google helping microsoft more than it's helping linux or apple?

Since morality is defined by the desire to limit human suffering, protecting innocent people who don't know better from malware is always going to be for a greater good. People shouldn't have to get their OS reloaded every few months.

Not running your choice of OS doesn't make them bad, and is a startling simplistic world view. There's no "helping Microsoft" here; they are trying to protect all Internet users. Since those people are using Google search, it's really more like trying to serve their customers better. Since all their customers are Internet users; so ask yourself: what is concern #1 amongst Internet users?

Pardon my cynicism, but....

[mblase]

the Google study analyzed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets

I am shocked, SHOCKED, to discover that a company that makes money selling ads on other websites would want to highlight malware-spouting ads by other companies.

Yes, I agree that identifying these ads is a Good Thing. No, I don't think publicly-traded Google's intentions are entirely noble.

Re:Only works through Goolge now...

[Jorgandar]

The difference, if that ever happens, is that firefox will allow you to turn it off. Your ISP overlord has known about your web habits for years already.

Great Idea - No False Sense of Security

[madsheep]

Regardless of whether not not this provides a "false sense of security" it is a good idea. It would certainly be better than nothing. It won't really provide a false sense of security anymore than a phishing tool bar, antivirus software, or e-mail filtering. Right now people search for stuff on Google and click the link. There is no false sense of security. People are already assuming the websites are safe. If Google steps in and says "hey, this site isn't safe", then at least people have advance notice and choice.

I see references to common things like widgets, but I don't see that as the most commonly attacked/exploited part of websites. Sure it's a real issue and is common (yes AdSense was hit with this kind of attack), but I hope they look for a lot more. One of the most common these days are the surprise addition to website sources of iframes with widths of 0. Or new and sudden references to .js files or new obfuscated JavaScript. If they look for all of this and possibly analyze/process it, they can go a long way to stop this type of malware. This feature if implemented correctly is a win for everyone on the Internet... well except the bad guys. :)

robots.txt

[_bug_]

What about malicious sites (fake login pages) that disallow indexing/crawling via meta tags or robots.txt. If Google still searches/indexes that page then they break the rules for crawlers/bots and how does that reflect on them?

Also, what about content that's delivered on pages that require you to login first (poral, message boards, etc..). These are areas a crawler is not going to get to and completely miss.

Going back to the fake login pages bit, unless Google can index every site every day these fake login pages will be up and down long before the crawler reaches them.

The speed with which web-based worms, fake logins, viruses, etc.. spread is probably far far greater than the cycle time for Google to crawl the malicious site in question.

Where I could see some real value here is in using Google to detect vulnerabilities in existing sites (publicly available documents with sensitive information like CCs, open directories with long lists of mp3s or large videos, simple phrases that indicate some web vandal has hit the site like "X was here" or "hacked/owned/pwnd by X" etc. Focus on giving web developers a tool to evaluate their own site from a security perspective rather than worrying about the end user. Google's infrastructure really isn't built to work like that.

Re:Pros and Cons

[fuzz6y]

. . . even if they fix the minor problem that google flagged for them?

minor problem my foot. Your notion that bigcompanyhere.com is entitled to grandma's money even if they're peddling spyware is ridiculous. Google gave grandma exactly what she wanted: a place to buy a widget without getting 0wn3d. The fact that they did no favors for bigcompanyhere.com is of no concern to her. Or me.

I wouldn't be surprised if they (google) began offering "consulting" fees to remove the malware that google flagged from the companies site quickly

I would be very surprised indeed. They don't offer consulting fees to get you back on the gravy train after you got penaltyboxed for purveying spam links

Their job should not be to tell people where to search but rather to let them go where they want to go.

Spyware central isn't where I want to go, even if they sell the cheapest RAM by four cents. Google, of course, is working for their shareholders and get paid by their advertisers, but they have a vested interest in keeping the searchers happy so the advertisers will keep paying them. The people whose sites are included in the results don't have some God given right to be on the first page so they can make money. Nevertheless, google has always tried to walk the tightrope between being overrun by crappy keyword farms and kicking out legitimate sites.

Re:aid and comfort to the enemy?

[Synchis]

On that same note, just because there is currently not much malware on Linux or Mac, doesn't mean it will always be that way.

I'm fairly indifferent to which platform I use as long as it functions well. I'm also not the norm, but am privy to using many a malware free Windows Machine.

The more Linux distros are out there, the larger the market share, the more malware will target it. If you think you will always have a highhorse to sit on just because you run Linux or Mac, then I'll be there when you fall and bust your ass on the first widespread linux or mac malware invasion to point and laugh at you.

Malware developers are out to accomplish a goal, to infect as many machines in as little time possible.

So what makes more sense: Target Windows boxes which have lots of readily available holes to squirm through and a whopping 95% (maybe? I don't know for sure) market share?

Or target Linux and Mac, which don't have as many widely publicized holes, and only a measly 5% market share?

Its a no brainer right? But if the tables were turned, and it was Linux with the 95% market share, your sure as hell gonna be the first targeted.

The point is, why not be pro-active, and send a message to malware authors that we don't want it, and we wont stand for it? By integrating virus protection into the very fabric of the net, we stand that much greater chance that the next big malware outbreak (Whether it targets linux or windows) will be easier to contain, and ultimately will take away that which the malware authors seek: Attention and Distribution.

Mitigating the damage is second best.

[argent]

What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away.

What we need is for Internet Explorer to actually implement a real sandbox, and make all the attack vectors that involve ActiveX go away.