Google to be Our Web-Based Anti-Virus Protector ? 171
cyberianpan writes "For some time now, searches have displayed 'this site may harm your computer' when Google has tagged a site as containing malware. Now the search engine giant is is further publicizing the level of infection in a paper titled: The Ghost In The Browser. For good reason, too: the company found that nearly 1 in ten sites (or about 450,000) are loaded with malicious software. Google is now promising to identify all web pages on the internet that could be malicious - with its powerful crawling abilities & data centers, the company is in an excellent position to do this. 'As well as characterizing the scale of the problem on the net, the Google study analyzed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets. Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded form third party sites. The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found.'"
1 in 10? (Score:3, Funny)
Re:1 in 10? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2, Funny)
1) In Soviet Russia, first post, for one, welcomes our new Cowboy Neal overlords that can run linux on beowulf goatse clusters of this article was submitted three years ago, you stupid editors.
2)?????
3) Profit
aid and comfort to the enemy? (Score:1, Interesting)
Re:aid and comfort to the enemy? Helping microsoft (Score:5, Insightful)
Does it matter? (Score:5, Insightful)
I would hope that Google is looking at it more from the perspective of what is generally good for the betterment of the entire internet. Who cares if it directly benefits users of Microsoft product users more than Linux/OSX users? Bottom line, it is potentially one less infection, and one less pwned computer in a bot network. Less infections means less machines that are probing ports on random addresses, or used in brute force attacks, such as DoS attempts.
Don't get too tied up in the means, but rather what the potential end results, good or bad, might be.
Re: (Score:2)
SKYNET: first step of network Self Awareness (Score:2)
Up until now this has mainly been done in a supervised method where some central authority made a finding. Now this is becoming automated to recognize intruders without human intervention. And it's happening in a collective way in wh
Re:aid and comfort to the enemy? (Score:5, Insightful)
Do Linux or Apple users not mind all the spam to their inbox from hijacked machines?
Do Linux or Apple users not have to worry about some family member being taken in by a phishing scheme, hosted on a hijacked machine?
Do Linux or Apple users not mind tons of hijacked machines probing any SSH or other ports you might have open, looking for vulnerabilities or doing dictionary password attacks?
Less hijacked machines on the internet helps us all. Be you a Windows, Linux, Apple, BSD, or other user. Not caring about hijacked windows boxes because you are leet enough to use Linux is stupid.
Re: (Score:2, Insightful)
I'm fairly indifferent to which platform I use as long as it functions well. I'm also not the norm, but am privy to using many a malware free Windows Machine.
The more Linux distros are out there, the larger the market share, the more malware will target it. If you think you will always have a highhorse to sit on just because you run Linux or Mac, then I'll be there when you fall and b
Re: (Score:2)
I'm fairly indifferent to which platform I use as long as it functions well.
If you think you will always have a highhorse to sit on just because you run Linux or Mac, then I'll be there when you fall and bust your ass on the first widespread linux or mac malware invasion to point and laugh at you.
It obviously bothers you a lot that Mac and Linux machines don't have the same experience as Windows users. Too bad my machine will be all screwed up fr
Re: (Score:2)
What you suggest is wrong and immoral (Score:5, Insightful)
Since morality is defined by the desire to limit human suffering, protecting innocent people who don't know better from malware is always going to be for a greater good. People shouldn't have to get their OS reloaded every few months.
Not running your choice of OS doesn't make them bad, and is a startling simplistic world view. There's no "helping Microsoft" here; they are trying to protect all Internet users. Since those people are using Google search, it's really more like trying to serve their customers better. Since all their customers are Internet users; so ask yourself: what is concern #1 amongst Internet users?
Re: (Score:3, Interesting)
Really? I won't say that human suffering is good or anything, but I think that's a pretty short-sighted definition. I mean, if I just killed everyone there would be no more suffering.
Re: (Score:2, Informative)
For instance, botnets generally are made up of windows PCs, but are used to DDoS attack Unix webservers for ransom or political gain. They can also be used to attack network nodes such as vulnerable Cisco routers or corporate firewalls, it's a generic proxy model of attack which ca
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Interesting)
So if you install malware on OS X or Linux, it's on Windows?
Not unless you have Wine running, too.
Re: (Score:3, Funny)
Actually, I seem to recall that someone tried to run some Windows viruses in Wine.
Alas, Wine is not yet fully compatible with Windows, and it showed.
Re: (Score:3, Informative)
Re: (Score:2)
Hard to say. Do you think this might have something to do with it?
SMH [smh.com.au]Only works through Goolge now... (Score:4, Interesting)
Re:Only works through Goolge now... (Score:4, Funny)
Google Toolbar (Score:2)
Don't be surprised if somehow this becomes an integrated feature in Google Toolbar, much like their page rank feature. My guess is that you would be able to disable it, too.
Re: (Score:2)
Re: (Score:2)
It already exists somewhat (Score:2, Interesting)
Checks if they are forged sites and so on built right in. I would suspect not long there will be an option check if this is a bad site.
Re: (Score:2, Insightful)
Wouldn't good sites with bad ads or posts... (Score:5, Insightful)
Re: (Score:1, Funny)
Re: (Score:1)
Re: (Score:2)
Websites from people or organizations accidently distributing viruses are probably not the most insightful or useful websites anyway.
Re: (Score:2)
Re: (Score:3, Insightful)
The answer to your first question is most likely yes.
What it would do, hopefully, is force companies in the business of serving up ads for pages to clean up their act, or find themselves going out of business. When word gets out that XYZ web ad agency's ads led Google to flag ABC company's web page as having malware, those looking to whore search rank positions will drop them like a bad habit.
Re: (Score:3, Interesting)
And the only thing a person who wants to distribute malware neeeds to do is some minimal robots.txt manipulation. The pages with the "bait" content can still be "crawlable" by google while the malware may sit in areas which have been made non-crawlable.
Yet another stupid idea. Almost as stupid as the
Re: (Score:2)
It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets... These are often downloaded form third party sites.
The robots.txt file on the website's server has no effect on third-party content hosted on a completely different server.
And for the record, I think it's a brilliant idea. If an advertising agency serves up spyware it'll trash the rankings of the sites hosting its own ads, and pretty soon it'll have such a bad reputation among the entire web that nobody will use it. Thus it will force these advertising muppets to clean up th
Re: (Score:2)
Seems like the solution to that is obvious -- don't obey robots.txt for the purposes of the malware scan.
I'm not sure that robots.txt is legally binding anyway, except perhaps where it relates to an implicit permission to cache content (and even there I don't
Re: (Score:2)
Google already does that. It won't index content that's blocked, but it will still crawl it -- just in case. The rationale given is that when google was first starting out, web sites like the California DMV (Department of Motor Vehicles) and web sites like the New York Times, would just block all bots by default. And Google felt it couldn't afford to ignore such mainstream web sites, especially since
Re: (Score:2)
Yes, but there's nothing Google can do about that.
Google does not yet make a web browser that can out-marketshare Internet Explorer.
They do, however, have a search engine that significantly out-marketshares MSN Search.
Re: (Score:2)
Re: (Score:2)
I don't know. Wouldn't it be best if we had both?
It's optional whether you'll use Google's warning system, I know in a quite a lot of use cases people would rather filter 10%, hell, 20% or 30% of the web, if the remaining sites are guaranteed to be safe.
Pros and Cons (Score:5, Interesting)
I surf almost exclusively in Windows, using IE (IE6 + XP Pro on Desktop, IE7 + Vista on laptop) with no protection, and I've not had an issue with malware in years. But most people's browsing habits aren't quite like mine.
One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image.
I'm fairly interested to see how this plays out.
Re: (Score:3, Interesting)
One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image.
The next question would be, what are Google's plans/procedure for getting a site recrawled after a problem is corrected? I could see a company being be upset about not having a quick and effective way of getting this flag cleared after fixing the problem. Or, for that matter, a less scrupulous site operator removing the malware, getting cleared, then reintroducing it, and the repeat the cycle on the next crawl when it gets flagged again.
While I think Google would like to just say that such a warning
Re: (Score:3, Insightful)
A favor? Google has likely killed their company, or at least it's online portion. Remember the big debate about how certain companies weren't being seen on the front page of google searches a while ago? Remember
Re: (Score:2)
It means that the security of the site that I am using is positively correlated with its place in the rankings.
If a site is poorly designed and capable of being exploited with malware, it probably does deserve to be kicked into the 'get your s#!t together' pool down with the people who pay SEO 'professionals.'
The risk of such things happening will cause sites to care a lot more about security.
As for the 'low low price'
Re:Pros and Cons (Score:4, Insightful)
minor problem my foot. Your notion that bigcompanyhere.com is entitled to grandma's money even if they're peddling spyware is ridiculous. Google gave grandma exactly what she wanted: a place to buy a widget without getting 0wn3d. The fact that they did no favors for bigcompanyhere.com is of no concern to her. Or me.
I would be very surprised indeed. They don't offer consulting fees to get you back on the gravy train after you got penaltyboxed for purveying spam links
Spyware central isn't where I want to go, even if they sell the cheapest RAM by four cents. Google, of course, is working for their shareholders and get paid by their advertisers, but they have a vested interest in keeping the searchers happy so the advertisers will keep paying them. The people whose sites are included in the results don't have some God given right to be on the first page so they can make money. Nevertheless, google has always tried to walk the tightrope between being overrun by crappy keyword farms and kicking out legitimate sites.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Already being done (Score:5, Informative)
Informing webmasters (Score:5, Insightful)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
I agree that not all webmasters are incompetent, but I don't see why that means a tool like this should assume the opposite. A competent webmaster would probably fix the problem (even if it means temporarily removing the widget) as soon as they were notified in any case, not to mention that they'd be less likely to put a sketchy 3rd party component anyway.
Huh (Score:5, Funny)
My only complaint is that the pirates at Macrodobe STILL won't support my platform of choice! When will there be a flash player for people like me!
Re: (Score:3, Funny)
Re: (Score:2)
I think you misspelled OpenBSD...
Excuse me ... (Score:3, Funny)
Google is good, Google is great, and Google can do no wrong. Where on Earth did I ever get that pearl of wisdom? I read it on the internets, of course
Re: (Score:2)
Google did take care of that kid on the bike for me. I don't know how they did it, but all I had to do was give Google $2 and they made him go away somehow.
side rant on froogle (Score:2)
right.. (Score:5, Funny)
So google is going to protect us from webpages that use less than reputable advertising and widget services. Hmm, maybe google should go into the advertising and widget service, oh wait...
Useful, if reliable, but not 100% (Score:4, Interesting)
For example, one of my (very big) corp. customers is still running IE 7...
When I challenged the support guys about this, they said 'that's OK, we detect & block most things at the firewall'...
*sigh*
When I pointed out that:
1. That's bullshit.
2. Lots of their managers travelled, and surfed the net via unsecure methods like hotels using proxy servers, public wifi, they said 'that's OK, they can only access the intranet and internal mail via VPN'.
*double sigh*
So now I advise people not to click on URLs directly, or type them in, but go via Google. It's better than nothing...
Re: (Score:2)
I don't see the issuse the type of people who get malware/spyware/virus's will get them reguardless of browser, sure a good browser will help stop of it but your forgetting how stupid some people can be. The company sounds like they have a good approach, the VPN probably blocks all but a few ports and hopefully some sort of firewall stops the other attacks sure it doesnt help that externally infected machine but it
Anything wrong with this? (Score:1)
Five second answer (Score:2)
Google's response (Score:2)
Mask the identity of their crawler for this work.
end-users, man (Score:4, Insightful)
A Malware Site in China (Score:4, Funny)
Re:A Malware Site in China (Score:4, Funny)
450,000? (Score:5, Informative)
TFA does not say that "the company found that nearly 1 in ten sites (or about 450,000) are loaded with malicious software." This implies that there are a total of less than a half million sites that pose a risk.
It said that of the 4.5 million pages examined, "about 450,000 were capable of launching so-called "drive-by downloads"..."
It also notes that "A further 700,000 pages were thought to contain code that could compromise a user's computer, the team report."
The problem is probably quite a bit larger than presented in the summary, even if one ignores the confusion between "sites" and "pages".
Confusing title (Score:3)
Is this not based more at phising scams, trojans and other exploits, rather than just virii?
What's the main source of virus infections? Anybody got some research?
I'm guesing it's swapping infected files, not visiting pr0n sites...
Re: (Score:2)
Comment removed (Score:3, Interesting)
Re: (Score:2)
Not a good idea.
10% number misleading (Score:5, Insightful)
Ghost in the Browser? (Score:3, Funny)
See actual paper. Not really that new. (Score:5, Informative)
Here's the actual paper. [usenix.org] It's a Usenix paper.
What they're doing is straightforward, and it's much like what many virus scanners do. First, they look at web pages to see if there's anything suspicious that requires further analysis. If there is, they load the page into Internet Explorer (of course) in a virtual machine, and see if it changes its environment. The better virus scanners have been doing something like that for a few years now, running possible viruses in some kind of sandbox. Although they usually don't go all the way and run Internet Explorer in a virtual machine. (Are you allowed to do that under Microsoft's current EULA for IE 7?)
The main problem with Google's approach here is that it's after the fact. They won't notice a bad page until the next time they crawl it. Bad pages come and go so fast today that they'll always be behind. As the paper says, "Since many of the malicious URLs are too short-lived to provide statistically meaningful data, we analyzed only the URLs whose presence on the Internet lasted longer than one week."
If Google implements this, the main effect will be to push attackers into changing site names for attack sites even faster.
It's all so backward. What we need is to run most of Internet Explorer in a tightly sandboxed environment on the user's machine, so that when you close the window, any browser damage goes away. That would actually work.
Re: (Score:2)
Or, just not run Internet Explorer, which as far as I can tell, is the most effective solution overall.
Mitigating the damage is second best. (Score:3, Insightful)
What we need is for Internet Explorer to actually implement a real sandbox, and make all the attack vectors that involve ActiveX go away.
Re: (Score:2)
Sort of. Your conclusion that this would work is a result of looking at security only from a limited context. While this does limit the damage of a single type of attack (virus meddling with O/S files) it doesn't do anything at all to defend against the many other forms of online attacks.
To wit:
What about phishing
Google could "borrow" client cycles... (Score:2)
As much as I hate giving so much power to a single company... a Google web antivirus system is actually a pretty good idea.
Re: (Score:2)
Frivolous Lawsuit Time (Score:2)
Easy to defeat? (Score:5, Interesting)
Re: (Score:2)
Re: (Score:2)
This is a good step, but not enough (Score:2, Interesting)
One day people will learn to surf smarter, meanwhile, we will help them becoming smarter.
Pardon my cynicism, but.... (Score:4, Insightful)
I am shocked, SHOCKED, to discover that a company that makes money selling ads on other websites would want to highlight malware-spouting ads by other companies.
Yes, I agree that identifying these ads is a Good Thing. No, I don't think publicly-traded Google's intentions are entirely noble.
Great Idea - No False Sense of Security (Score:3, Insightful)
I see references to common things like widgets, but I don't see that as the most commonly attacked/exploited part of websites. Sure it's a real issue and is common (yes AdSense was hit with this kind of attack), but I hope they look for a lot more. One of the most common these days are the surprise addition to website sources of iframes with widths of 0. Or new and sudden references to
robots.txt (Score:2, Insightful)
Also, what about content that's delivered on pages that require you to login first (poral, message boards, etc..). These are areas a crawler is not going to get to and completely miss.
Going back to the fake login pages bit, unless Google can index every site every day these fake logi
Re: (Score:2)
The loss is that you could go to a safe link, then be redirected or whatever to an unsafe one, so its indeed not perfect, but...
Physician, heal thyself. (Score:2)
This is awesome - googlehacking helps blackhats (Score:2)
What a great idea.
Oh yes. I trust everything to Google (Score:2)