Forgot your password?
typodupeerror
Google Security The Internet

Google Highlights Trouble In Detecting Malware 84

Posted by Soulskill
from the gotta-check-under-all-the-bits dept.
JohnBert writes "Google issued a new study (PDF) on Wednesday detailing how it is becoming more difficult to identify malicious websites and attacks, with antivirus software proving to be an ineffective defense against new ones. The company's engineers analyzed four years worth of data comprising 8 million websites and 160 million web pages from its Safe Browsing service, which is an API that feeds data into Google's Chrome browser and Firefox and warns users when they hit a website loaded with malware. Google said it displays 3 million warnings of unsafe websites to 400 million users a day."
This discussion has been archived. No new comments can be posted.

Google Highlights Trouble In Detecting Malware

Comments Filter:
  • by Flipao (903929) on Friday August 19, 2011 @10:22AM (#37142194)
    And that's even before you escalate UAC rights, I find software like Sandboxie works far better to protect my computer than any antivirus out there.
    • Then prove it. The IP of my Windows machine at home is 66.25.165.182. Come on, little script kiddy, show me your stuff.

      • by tukang (1209392)
        Gladly, but first you need to prove that the IP of your home machine is what you say it is.
        • by _0xd0ad (1974778)

          Surprisingly enough it's in one of RoadRunner's residential IP blocks ("Allocations for this OrgID serve Road Runner residential customers out of the Austin, TX and Tampa Bay, FL RDCs").

          He should have at least made it interesting, like 209.251.178.99.

          • Why is that surprising? This just in: someone's home computer will be using an IP within a residential block of their ISP! STOP THE PRESSES!!!

            • by _0xd0ad (1974778)

              The surprising part is that you posted your real IP address. The one I posted is what resolved for fbi.gov (I know, I'm not terribly creative).

              • The surprising part is that you posted your real IP address. The one I posted is what resolved for fbi.gov (I know, I'm not terribly creative).

                LMAO creative indeed.

        • You are missing the point, and are not the OP.
        • Except that anything I post you will attempt to claim doesn't prove anything and you'll slink away like a chickenshit. You either are going to have to believe me or not. I don't really care.

          • I'm fairly sure that a simple web-page or telnet reply saying "This is HarrySquatter (1698416), tukang (1209392) please come in for /. story 1328237" would've been sufficient.

            • But that doesn't prove anything. Could I not just as easily be at someone else's computer doing that? Once again, nothing I can do or so is going to be something irrefutable so he's either going to have to man up and just prove himself or slink off like a chickenshit. I honestly don't give a flying fuck.

              • by _0xd0ad (1974778)

                Could I not just as easily be at someone else's computer doing that?

                What would that accomplish? So somebody else's Windows computer could be hacked.

                Anyway, your Slashdot user ID number is stored in plain readable text in the cookies.sqlite file, which would be the most obvious way to determine if you'd got into the right computer. If you wanted to, I mean...

                Granted, that same cookie could probably be used to access your Slashdot account, but I'm confident he'd never do that...

                • My point is that any evidence I can give can easily be faked. Nothing I can do or say is 100% irrefutable evidence. Hell I could be posting from my friend's computer that is running Slackware instead of Windows and we could be doing nothing but laughing at tukang. He's never going to know if that's true or not despite what I can say to the contrary.

                  • by _0xd0ad (1974778)

                    No doubt. But the overall point was that Windows is "stupidly easy" to compromise, and if that's true it presumably wouldn't be that hard to determine that the computer at that IP wasn't even running Windows. Anyway, I still think you should have posted the IP address for the FBI or CIA or some other spook agency on the outside chance that he'd really try to break in.

                    • I'm not afraid of little script kiddy boy. If someone wants to try their hand, they are more than welcome.

    • Oh yeah? Stupid easy - ok. Compromise my machine then. Windows 7 64 bit, I've been lazy about patching it, haven't done so for about a month. My IP address is 24.107.113.55, and I've set my pc as the DMZ for all inbound traffic. I'll be at work for about 8 hours, I'll leave it running. Good luck.
      • by Anonymous Coward

        I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!

        • by PNutts (199112)

          I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!

          And to teach him a lesson I downloaded Glitter.

          • by ElKry (1544795)

            And to teach him a lesson I downloaded Glitter.

            Totally disproportionate actions like this are the reason hackers are classified as terrorists.

        • by cc1984_ (1096355)

          I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!

          I can't tell whether this is a joke or not. THE GP's IP is not responding to ping and nmap reports the host is down (I know that these don't mean anything on its own, but deep down, I so wish parent isn't joking!)

      • by oakgrove (845019)
        I just hacked in and checked your browser history. Good God, man! Don't you know just thinking about that shit is illegal in all but like 3 countries??
    • Experience (do not install any softwares without making a diff of you registry before and after) and sensible software configuration (like no script in wmv, no script in pdf,..., no script in any kind of document except a web page with everything from the adds servers around the world blacklisted) works even better but is it less convenient.

  • Yet another story hinting at the huge lie that is perpetrated on the world in the form of antivirus "protection". Like I've always said, these tools do more to undermine my PC than malware ever has. A good "secure-by-default" installation and a decent understanding of responsible Internet use is all you need. Instead, most people deal with significantly slower performance, and borderline criminal subscription tactics. Protection from new and future threats has always been and will always be a fantasy.

    • A good "secure-by-default" installation

      One fundamental problem in home computer security is that vendors disagree on how to define [c2.com] "good 'secure-by-default' installation". For example, does it involve establishing a policy of trusting a third party to determine whether each program is safe and enforcing this policy with no way for the end user to override it? Apple (iOS), Microsoft (Xbox 360 and Windows Phone 7), Nintendo, and Sony seem to think so.

      • That's a good point. I guess all I meant by secure-by-default is an installation that separates system tasks and user tasks. So, users don't have access to change the OS, and they play wildly in their own sandbox. I know that malware can often just skirt those protections and root the system using vulns. That's why I added responsible Internet use. Despite running without any protection at all, I never get the infections that the rest of my family does.

        • by tepples (727027)
          So you define "secure-by-default" as what I perceive to be the default scenario in Ubuntu, Mac OS X, and Windows Vista/7: only a user with administrative privileges can make system-wide changes, and such users are prompted to elevate before making system-wide changes. Thank you for getting that out of the way, although some people are likely to reply about the data in their user account being ultimately more precious than the operating system. The next problem is coming up with a practical way to instill "a
        • by Anonymous Coward

          > So, users don't have access to change the OS, and they play wildly in their own sandbox

          That is nothing more than a dogma. For single user, personal machines I could care less about the OS being safe. What I care more about are my personal files. I hope that after 20 years or so of using a PC, i've got some value in my personal files. THAT's what i don't want compromised - THAT's what needs to be safe. Not the OS that I can download and re-install in under an hour.

          I do realize that if the OS is compromi

    • I support the Antivirus industry, and anything else which causes insane demand for RAM/CPUs in normal users.
      Then I can keep my machines at the price sweet spot, and still have awesome specs.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Yet another story hinting at the huge lie that is perpetrated on the world in the form of antivirus "protection". Like I've always said, these tools do more to undermine my PC than malware ever has. A good "secure-by-default" installation and a decent understanding of responsible Internet use is all you need. Instead, most people deal with significantly slower performance, and borderline criminal subscription tactics. Protection from new and future threats has always been and will always be a fantasy.

      Not all antivirus is created equal, MSE is very lightweight on resources, and it is free - so no 'criminal subscription tactics". And it do offer additional protection. For me it has several times flagged and cleaned malware, sometimes from quite surprising sources. You can have as safe user practices you want, but that won't completely avoid accidental exposure - malware have been found even on brand new USB memory sticks in unopened shrink wrap.

      It is of course not 100% protection, but that isn't really an

    • by ka9dgx (72702)

      Instead of secure by default, you have run by default in all 3 major environments... Linux, Windows, OSx

      Time is running out for this insane approach to doing things... the various band-aids are now in play are rapidly losing their efficacy, and none address the basic issue: code can no longer be trusted.

      Fortunately. a few brave souls have ventured into this area with projects oriented at fixing the situation properly.

      In the Linux area, seccomp-nurse [chdir.org] is a sandboxing framework based on SECCOMP. It is designed

  • Reliance on JS (Score:3, Insightful)

    by mfh (56) on Friday August 19, 2011 @10:31AM (#37142316) Journal

    Javascript really is the source of the most recent problems because it can allow entry into systems and activation of malware remotely. This is why ActiveX is also bad. Developers rush into this kind of technology thinking of the payoff but not the cost.

    Really though, JS is totally unnecessary so I run noscript and I don't visit sites that have a zillion JS calls to different sites. I probably could turn antivirus off and still be okay.

    • Re: (Score:2, Insightful)

      and I don't visit sites that have a zillion JS calls to different sites.

      Posting on Slashdot about not going to JavaScript heavy sites. *head asplodes*

    • JavaScript makes sense because for a lot of sites, it is either JavaScript... or Flash for most interactive content. And yes, I know that HTML 5 will be the cure-all for JavaScript/Flash but it isn't out yet and JavaScript is the best we've got
      • by mfh (56)

        http://csszengarden.com/ [csszengarden.com]

        Look at these templates. Not one of these uses Javascript and they are amazing. They are functional.

        They don't have the same level of backend code pushing that you see with JS topheavy sites, but they also don't have a lot of the annoying "features".

        Google for example has a semi-new feature that when you press scroll down the JS captures your keypress and pushes your focus to the next search result. This is horrible and I don't see a way to disable it. When I press downarrow I want t

        • But those are all static pages. Of course if you are doing nothing but displaying static content it makes sense to not use JS. Slashdot used to be perfectly fine long before they made it so JS heavy as well. Apparently, though, it was way more fun to create a laggy AJAXy experience over fixing the bugs in the older discussion system.

          • by mfh (56)

            I still wish Slashdot had not done the changes in the UI they did. The problem I'm finding with Slashdot is when I click of text or double click it, it collapses instead of selects text. That's a huge change from the way things are supposed to work.

        • by oakgrove (845019)

          Google for example has a semi-new feature that when you press scroll down the JS captures your keypress and pushes your focus to the next search result. This is horrible and I don't see a way to disable it.

          Go into your Google settings and turn off "Instant" and the arrow keys will return to normal functionality. Why instant and the scroll thing are related, I don't know.

      • I was thinking about this a few days ago. I don't know much about HTML5, but if it has similar capabilities as JS and Flash, how am I going to have the equivalent of NoScript and AdBlock? I _hope_ someone is working on suitable countermeasures.

        • by mfh (56)

          Someone will work on countermeasures and then we'll feel secure. The next logical step is when someone works on counter-countermeasures to bypass the countermeasures. This chains on and on.

          The closer people get to working together the farther apart we get in this closed system without pure moderation.

  • Why not have the browser have some kind of globally coordinated download queue that queues the download until someone can scan it. If it's (by URL) already been scanned, then let it download, then verify the MD5 sum of the downloaded vs scanned content. If it matches, then all is good. If not delete it. I don't define "scanned" because it could be a virus scan, or an automated install to a virtual machine, which reports back any opened ports or initiated connections for further review.

    This would be a pain

  • What malware should I be worried about on my Samsung Chromebook?

  • by ifrag (984323)
    FTFS

    displays 3 million warnings of unsafe websites to 400 million users a day

    I didn't RTFA, but doesn't that look like it doesn't add up? 400 million users are displayed 3 million warnings? I guess it means 400M users are warned from 3M identified sites?

  • by Anonymous Coward

    For years, I have had machines on the net that never used any antivirus. And so far, no virus on them either. Nice to have a system that is designed not to be vulnerable. (There is the occational software security error, but they usually get fixed before anyone have time to exploit them.)

    If you care about security, don't bother with windows - or any system that need third-party security add-ons to work reliably. Windows has a series of design errors, in addition to the occational programming errors. Runni

    • Running everything with admin privileges

      Are you still running Windows 98 or a pre SP version of XP?

      automatically running code embedded in email and documents,

      Which can be made to work in Linux as well.

      automatically running code off the web (activex) and so on.

      You don't automatically run ActiveX code. IE will always flag you and ask if you want to run it unless you've set your security settings to the bare minimum. Which would be dumb to do.

  • by AlienIntelligence (1184493) on Friday August 19, 2011 @10:38AM (#37142412)

    1and1 has been a host for me for some time.

    Then I got flagged by Google as having malware and I was like... wtf... I don't even actively use
    those sites. So, I FTP'd in and downloaded some files, there was an injection of code in all of
    my index.htm(l) and default.htm(l) files.

    Now, I've had 1and1, since they came to the US. I had a plan back then that had all the goodies,
    ssh access to my shell for my sites, so it was easy to administer.

    Well, "because of new policies" my old service I had was changed to another... like the cell
    companies moving you around on new plans. My new plan, has no ssh access.

    What's worse, 1and1, refused to give me shell access so I could take care of all of those
    malware files.

    Let me repeat... A HOSTING PROVIDER REFUSED TO GIVE ME ACCESS TO MY OWN SITE
    TO CORRECT A MALWARE ISSUE!

    Nice huh?

    So, like I said, since I don't really use those sites, I just deleted them all via FTP and told
    1and1 to go fuck themselves. I put up what I needed that was important (after cleaning) on
    an EC2 "free" instance.

    -AI

  • Strangely enough, I just got my first ever warning from the safe browsing service about 10 minutes ago. Visiting a website that I go to regularly... I'm glad they caught that one site getting compromised at least as I place very little confidence in AV software nowadays.
  • http://tech.slashdot.org/story/11/08/16/200209/IE-9-Beats-Other-Browsers-at-Blocking-Malicious-Content [slashdot.org]

    Google: "But it's hard!"

    That said, I'm not particularly thrilled with a browser feature that tells you where not to go on the internet. I'd rather be able to go there and not get infected by browser exploits. Drive-by downloads I'm not worried about. Embedded PDFs I'm not worried about. (I uninstalled the Adobe plugin. Any PDFs are downloaded rather than opened.) That pretty much just leaves the browser, Fl

  • 1. use a more secure OS (meaning anything other than MS-Windows) a Linux distro or one of the flavors of BSD

    2. keep two webbrowsers = one with plugins and goodies for websites you know are known safe like slashdot, youtube, & etc... but never use that fancy browser with the plugins for general purpose webbrowsing

    3. for general purpose webbrowsing and looking in to unknown websites use a locked down and secured webbrowser that does not even have any plugins and with javascript disabled, .. and if a
    • That's not what the web works like. The people endangered by malware are your neighbors (particularly your male neighbor because he's watching porn all day, and we all know women don't watch porn). Your neighbors are people who hardly know what "Browser" means, have once heard about this "Microsoft Linux" thing and will buy a new PC when their current one gets slow. This is the majority of the society, and you can't fix it by adding more instructions and manuals to every piece of software.
    • by danish94 (2427678)
      Or you could just use chrome with click-to-play (go to about:flags and enable it) and the do not allow javascript setting and put trusted sites in exceptions list. Or you could use NoScripts for more control but i would rather not install any add-on's either. Or you could use the incognito mode as your general browsing browser due to all plugins and extensions are disabled and all your info is deleted so no chance of malicious site getting the info. I see absolutely no reason to have 2 browsers.
  • Google used to have a problem with malware and phishing sites being hosted on their own Google Sites. Once they plugged that hole, the malware moved to Google Spreadsheets. Because you can put HTML in Google's spreadsheets, it can be used as a free hosting service. Google hadn't anticipated this, and their abuse operation couldn't handle it.

    Google seems to have plugged the spreadsheet hole now. I noticed recently that Google has disappeared from our major domains being exploited by active phishing scams. [sitetruth.com]

Mystics always hope that science will some day overtake them. -- Booth Tarkington

Working...