Posted March 4, 2008 4:40 pm by with 6 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Last month, Google released a report stating that 1.3% of search queries returned “malicious” results, which included malware. Many people took this as reason to panic and immediately asked “Why aren’t they doing something about this?” (I would interject here that if 98.7% of search queries return only safe results, it would seem that they have done something about this.)

However, 85% of those asked by Virus Bulletin in a recent survey said that search engines should be doing more about malware. Meanwhile, I’m guessing 99.9% of them couldn’t tell you what search engines have already done about malware from pages listed SERPs.

But of course, that kind of policing could bring about all kinds of Google bowling possibilities:

Besides raising issues over freedom of speech, [Randy Abrams, director of technical education at Eset,] foresees another side effect of blocking sites: a new kind of DoS attack, where a website is infected with malware by a competitor or someone with a grudge, thus causing it to disappear from search engine results.

Correct me if I’m wrong, but isn’t Google already catching a lot of flak for being the ‘Internet police’? I know, I know, demanding internal consistency from the masses is one of those dangerous pastimes we would all do well to avoid to keep our blood pressure under control. But really, are people scared of Google having too much influence in their lives or are they too busy begging for more?

  • What i don’t get is why they don’t just remove the listing instead of warning you before you enter the site.

  • Jordan McCollum

    To my knowledge, Google doesn’t even warn you. It’s other add-on services that add flags. I’ve never seen a Google-sponsored warning about malware.

  • giedrius

    Google warns you. There is a blacklist of sites, I assume. Not so sure how it is produced, but I assume scanning site for usual iframe/activeX exploits + manual blacklist. Google collected malicious site list for a long time, it was even published at some point. Check google security blog. Its quite easy to get infected. At least twice i saw sites hacked though phpBB, once through Joomla, and WP is/was vulnerable as well. Just google for specific software version with known vulnerability and you got list of sites to infect (WP puts its version in the headers, for example). And I do not believe in automatic removal of malicious sites from index either. Just imagine what one badly coded wordpress/other software plugin could do to your site.

  • My Wot is a great firefox add-on for warning people of untrustworthy sites.

  • I’d rather my anti virus software give me the malware message. I’m not sure why Google or any other search engine should be seen as the security experts. I would think we’d see more false positives than real malware.

    It would also open up another form of abuse. Is your competitor ranking better than you? Get them on the malware list.

  • google does give a warning if they believe that a site is infected. but i can’t take any chances. i see to it my PC is always protected by antivirus, firewalls, etc..