One in 25 Search Results Risky

Ant writes "According to Ars Technica, security researcher Ben Edelman revisited his May 2006 report on the relative risk of search engine results. In the original report, Edelman found that 5 percent of the results provided by search engines were marked as either "red" or "yellow" by SiteAdvisor, indicating that they presented some risk to the user. Now, Edelman says that his new study has shown that only 4.4 percent of such sites are risky, representing a drop of 12 percent since May... ... The study found that not only can regular links found by search engines be dangerous, the sponsored links that appear in prominent positions in the results pages can also be harmful. In fact, in the May study, sponsored links were more than twice as likely to be linked to malware than non-sponsored links (8.5 vs. 3.1 percent)."

Troll

[D3m0n0fTh3Fall]

How did you decide that only IE is vulnerable to the "risky" results that one might find by following these links ? Plenty of these sites will be camouflaged as "free screen savers" "free virus scanners" or "free music downloads". IE won't save people from being stupid and downloading software install packages from untrustworthy sources.

Re:

[GIL_Dude]

That's not really true. It's just a matter of how many people are available running the OS and how much time it is worth to the malware artist. After all, it doesn't matter what OS you are running; there are always foolish people who are willing to click anything and hand out the root password when it is asked for. It's true that informed, security conscious folks won't give the password. It's also true that most people running Linux these days are informed and security conscious, however that has really be

Re:

[TheSeer2]

Examples of the fallacy? I don't dispute they exist but without providing even one example you'll find that a lot of people will probably think you're lying.

Re:Troll

[vertinox]

How did you decide that only IE is vulnerable to the "risky" results that one might find by following these links?

Because IE 7 runs only on Windows.

Hence, it can be assumed that if you can run IE 7 then perhaps there are security problems involved.

If you run OS X or Linux, you can be assured that chances are those links are fairly safe as far as browser hacks and probability that someone decided to make a hack that affects both Firefox and Linux or Mac combination.

And yes I'm being a bit facetiously, but the grandparent isn't much as a troll but speaking a bit over zealously. Chances IE7 will have more problems than Firefox on any system because of its integration into the OS. Vista handles this a bit better than earlier operating systems, but it still has issues.

Re:

[joeldg]

yes.. overzealous..

every time I see a windows machine just crawling, it is loaded with spyware in IE
I have seen it way too many times.

in firefox you have extension makers who do things like rewriting amazon links, and a few others, but due to the nature of those they are fairly easy to disable.

not to mention, you can build a site with firefox on linux (which I use) or OSX (what the rest of the office uses) and it is great, then you test it on IE and find out that IE has some idiocy coded in to not be standa

Re:

[Beryllium Sphere(tm)]

>Chances IE7 will have more problems than Firefox on any system because of its integration into the OS.

It has terrible ancestry, but if the sandboxing works there should be fewer problems.

All browsers should be sandboxed: a huge complex program that takes massive amounts of untrusted input from multiple unknown sources, some of it guaranteed to be malicious?

Re:

[jimfulton]

While using Firefox may reduce the number of browser holes that can be exploited (or at least shift them around, particularly when you factor in extensions), it's still easy to get trashed.

Attackers are finding that it's easier to attack apps that are used with common file formats (Word doc, Excel spreadsheet, PDF, video, etc.) than to try to compromise the browser. Combine that with new morphing-code toolkits and pretty much anybody who wants to can create stuff that gets past any signature- or behavior-b

Re:

[Killall -9 Bash]

Virtualization as a security measure is nonsense. You'll just have multiple instances of malware infected windows running on your box.

In related news...

[porkThreeWays]

1 in 25 search queries is for bukkake. It's no wonder =P

Seen that here too.

[goldspider]

Back when the Goatse and Tubgirl landmines were all the rage. And it was FAR more than 1/25!! I'm still using eyebleach!

Re:

[Pinkfud]

Heh, I set my share of those landmines myself. Those were the days! It was also quite funny (for the evil-doer at least) to make a pair of popups that called each other. Pop-pop-pop-pop....

Actual study link

[Lord Grey]

The actual study appears to be here [siteadvisor.com].

Re:

[Anonymous Coward]

You can check it on urbandictionary.com... but you better not. It's really disgusting.

Re:

[RISTMO]

4.4% is 88% of 5%, hence a 12% drop.

Re:

[just_another_sean]

Exactly. 82% of the population knows that.

Re:

[forrestt]

It wasn't a typo, the poster has no concept of the English language. He meant to say, "a 12 percent drop" not "a drop of 12 percent".

4.4/5 = .88 = 1.00 - .12

A drop of 12 percent would mean we now have -7 percent of something which isn't possible.

Re:

[Anonymous Coward]

What English language do you speak? Whatever it is, it doesn't correspond with the language I speak (I'm a native English speaker), nor the language of ANYONE I have ever met in my ENTIRE LIFE (conservatively 50% of the people I talk to regularly are native English speakers). Are you confusing "a drop of 12 percent" with "a drop of 12 percentage points" perhaps?

google is the culprit..

[Anonymous Coward]

ok, why doesnt google just notify the user of these yellow, red, (ie. government type terrorism alert colors) on top of each search result returned from a query. Based on these studies they (google) should be able to use the same algorithms the researches used to achive the same conclusion about unsafe sites.

Or does google happen like all of these link farms, more advertisements and clicking = more profit for google? or id googles search algorithm to , shall i say, stupid? to distinguish the good guys (sites) from the bad...

Re:google is the culprit..

[just_another_sean]

I don't really want to argue one way or the other whether it is google's responsibility to do what you suggest but think of it from a logistics standpoint. Essentially your asking them to get into the AntiSpyware/AntiVirus game. They would need to setup a database of malware signatures, keep it up to date and then deal with the flack from users when they happen to miss something. Not to mention the whole "We're suing you for calling us spyware!" from the companies that deal in borderline, questionable software. I'm sure they would come out of the woodwork to sue someone with pockets like google's.

If anyone has the resources to do something like this on a massive scale it's Google; but I can understand why they don't. To me this is akin to the argument that ISPs should cut off users with obviously infected boxes. Hell, ISPs could block sites using the same method you want Google to employ. Sure it would be helpful to the public at large but dealing with the customer service issues and false positives would be a real headache! Try explaining to Aunt Tillie why she can't get to knitting.com anymore because there is a trojan on her box spamming thousands of people everyday.

Re:

[Anonymous Coward]

They would need to setup a database of malware signatures, keep it up to date and then deal with the flack from users when they happen to miss something. Not to mention the whole "We're suing you for calling us spyware!"

No they would'nt. All they would need is a small honeynet to detect this and flag legitimate sites installing spyware. Trust me, they have more than enough resources to do that no problem.

As far as the sueing thing goes. People on search engines have NO legal grounds to sue google, period.

Re:google is the culprit..

[Aladrin]

It'd become an arms race. Malware sites would simply rework their site until Google no longer listed them as malware, then do it again when Google figures out their new tactic.

Nobody would be helped (especially not the 99% of users that would click anyhow) and Google would spend a lot of money for nothing.

Re:

[Firehed]

Good PR isn't nothing.

Re:

[Crazyscottie]

Either that, or they'd sue Google.

"It's not 'malware,' it's 'personalized marketing.'"

Re:

[GeffDE]

Well, I mean, google does do something like it...

If you perform a risky search (My best shot was "vista serial crack") and then click on a shady link...google will send you to this page [google.com] before allowing you to proceed onto your destination.

Re:

[Eternauta3k]

I once searched for some serial and google warned me it was a dangerous site.

Re:

[dynamo52]

ok, why doesnt google just notify the user of these yellow, red, (ie. government type terrorism alert colors) on top of each search result returned from a query. Based on these studies they (google) should be able to use the same algorithms the researches used to achive the same conclusion about unsafe sites.

You can get the siteadvisor [siteadvisor.com] extension for Firefox. It does exactly that and also notifies you if you browse there through other means.

Re:

[kalleguld]

But the problem is, if you know enough about computers to install firefox and the siteadvisor plugin then you don't need it (that much).
Joe sixpack on the other hand would never use anything but IE and google, so one of these two things must change. And google is by far the easiest one of them to keep updated.

Risky to who?

[flyingfsck]

I can browse the net all day long with Linux and not encounter any risky stuff, except for a few Goatse type images...

Additional risks aren't mentioned...

[RISTMO]

Such as XSS attacks. If Google caches a page with XSS in the url (and it has done so in the past), the attack, which is simply JavaScript and not detectable by most antivirus software, can run in the background, retrieving information about the user or even opening up holes to later take over the user's computer.

On the internet...

[Bromskloss]

...anyone asking you to give them all your money is considered risky.

Re:

[just_another_sean]

In New York that's called a mugging.

shutting down malware, virus, spam sites . . . . .

[DaMattster]

When a company is allowed to continue doing business after being caught several times with its hand in the malware cookie jar and gets nothing more than a slap on the wrist, there becomes no incentive to cease malware/spyware behavior. This is an enforcement issue and enforcement is not good enough. I'll bet if you label malware as a form of terrorism . . . . Well, on second thought don't do that, too many innocents would get caught up in the dragnet.

Re:shutting down malware, virus, spam sites . . .

[Vreejack]

Slap on the wrist? There should be so much justice.

My solution is to use a custom hosts file. http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] publishes a nice one. Whenever I click on a lick in a web search list and I immediately get a "link not found" then I can pretty sure I didn't really want to go there in the first place. A lot of advertisements show up as "404's" as well.

"Risk" is bogus (was: Re:shutting down malware...

[quentin_quayle]

You shouldn't have to avoid sites entirely because of the kind of so-called "risk" that Edelman refers to.

Just ask, what does this "risk" consist of, exactly? If you read Edelman's articles carefully, or watch his videos, you'll find that the supposed hazards always involve (a) clicking "OK" when a page offers to download or run some software (b) using a browser with ActiveX, VBScript, Java or other random-code-execution turned on or (c) some combination - plus using a root account.

If your software is

The risk is not bogus

[bedelman]

I emphatically disagree. I've written plenty about security exploits, where users need not click "yes" (or anything else), nor need ActiveX, VBS, or any other such thing. Details [benedelman.org].

In any event, the piece at issue in the original post considers many kinds of risks -- not just exploits, but also run-of-the-mill scams, like "free" ringtones that aren't. You may not regard such sites as "risky" or harmful, but there are plenty of others who do, because they don't like the prospect of being ripped off.

Re:

[quentin_quayle]

I haven't examined everything on that page, but most of it reinforces my point. Most of the exploits fall in one of the categories:

* User installs some software and it turns out to be trojaned, or different than it purported to be in some way that's undesirable to the user.

* Exploits that rely on user having ActiveX enabled (with or without confirmation, warnings etc.)

* Exploits that rely on unpatched defects in other (non-browser) applications such as Windows Media Player initiating network connections.

* Z

SiteAdvisor = form spammer

[Anonymous Coward]

SiteAdvisor is annoying. They have their bot visit your website and fill in forms with junk to see whether or not you will spam the email address they supply. They keep hitting the price request form on my company's website, so a salesperson ends up calling the phone number they supply (always goes to voicemail) to try to help someone that isnt' real. Why does McAfee think it's OK to spam me to see whether or not I'll spam them back?

Re:

[Anonymous Coward]

Can't you whitelist and blacklist bots? The main search engine bots are known, just whitelist those and reject all the others, send them to a tarpit.

Hmmm...

[jense]

Adds a whole new dimension to Google's "I'm Feeling Lucky" button.

1 in 25...

[Thad Boyd]

...is not 5%.

Re:

[CByrd17]

True, but that was the number from the original study. 1/25 is 4% which is in line with the 4.4% referenced.

Trust

[Joebert]

In fact, in the May study, sponsored links were more than twice as likely to be linked to malware than non-sponsored links

Well, if this search engine places this site in this special spot, it must mean that this site is trustworthy.

They payed to be in that spot ?

Well, if they're able to pay for that spot, they must be trustworthy.

What do you mean where did they get the money to pay for that spot ?
How should I know ?

SiteAdvisor and Google

[PeterAitch]

This may be stating the obvious (and for once I'm not being ironic) but if you happen to run SiteAdvisor (as I do) and do a Google search, the relevant ratings come up as an integral part of the search results.

So, perhaps the question others have asked should be re-stated as "Why don't Google offer a site advisory service as part of their engine?" Perhaps because third-parties do so already? Google is, after all, primarily a search engine, albeit a distorted one due to proliferating sponsored links. OK,

elementary science education for all?

[l2718]

Sorry, but I am detecting crap. The process of measuring something in real life has inheret errors built into it. I doubt Dr. Edelman can measure the fraction of dangerous search results so accurately so that decimal digits have any meaning. Given that his methodology is to perform particular searches, for example, it's not obvious that his search pattern exactly represents that of a typical user, that his definition of a dangerous site is accurate, or how big are the fluctuations in search result placement in the search engines. Actually, I doubt you can even define the parameter he's measuring accurately enough for the difference between 4.4% and 5% to make sense. Very telling is that at not point does the study [siteadvisor.com] bother to address the error bars of the methodology. This indicates that no-one has any idea what the results actually mean, and that we should treat them with grave suspicion.

Specifically, the implicit claim in the article that the difference between 4.4% and 5% is statistically significant [wikipedia.org] is bougs. The real byline is "fraction of dangerous websites remains unchanged". The two numbers are clearly equal within any reasonable error of measurement. Note that Dr. Edelman's study does not actually make this comparison.

Re:

[l2718]

For another example why error bars matter, think back to the Florida Elections Debacle of 2000. Essentially, the errors inherent in the elections process were much greater than the effect that the balloting was supposed to measure, rendering the entire results meaningless. Of course, someone had to be declared a winner so as a matter of legal fiction, Mr. Bush was (rightfully, I suspect) declared to have carried the state. However, it is meaningless to talk about who really won the election -- the differe

Riskiness of my searches

[CmdrPorno]

If I type in "hirusite hermaphrodite midget donkey porn" and click "I'm feeling lucky," I wonder what the risk of the linked results will be...

Re:

[flyingfsck]

Wow, dude - I pasted that into Google and got one hit! Amazing...

Re:

[Reziac]

So, it appears the odds are... 100% :)

Uh oh

[Sir_Lewk]

I would RTFA, but it might be risky...

Um

[WCD_Thor]

Why is this news worthy? Seriously, if you haven't realized that the sponsored links are full of shit by now, just go shoot your self, it would be doing yourself and the world a favor.

hmmm....little math problem there

[ILuvRamen]

Edelman found that 5 percent of the results provided by search engines were marked as either "red" or "yellow"...his new study has shown that only 4.4 percent of such sites are risky, representing a drop of 12 percent

well now you just know that the statistics are accurate with math like that. Seriously, that makes less than no sense. Sounds like they just made up some stuff to advertise SiteAdvisor.

Wikipedia: bad shopping experience

[matt me]

Now which of siteadvisor and Wikipedia would you say is more accurate?

You get what you asked for

[mapkinase]

Arstechnica article says:

Edelman used the tool to run 2,500 popular keywords through several search engines

(1) That means that many of the sites you find by typing "sex", "porn" or "Brittney Spears" are dangerous. "Thank you!"

(2) I would appreaciate a study that will show me how dangerous are the searches that are useful to me, that is searches not for the popular keywords, but, in opposite, on words and phrases that represent some notions, phenomena, concepts that I do not know.

(3) How the presented statistics differ by the category? For example, I would like to see separate results for searches categorized under "Entertainment" and "Science".