News
News
5/22/2007
07:42 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Wrestling With Malware, Google Launches Security Blog

Google said it began tackling online security in a public manner last year.

In a continuation of its year-old effort to make the Web more secure, Google today launched an online security blog to keep Internet users informed about security threats. It makes no mention, however, of Google's ongoing vulnerability to redirection exploits.

The initial post by Panayiotis Mavrommatis and Niels Provos of Google's Anti-Malware Team attempts to clarify misinterpretation of the company's own study about the prevalence of malware online.

"Unfortunately, the scope of the problem has recently been somewhat misreported to suggest that one in 10 Web sites are potentially malicious," explained Mavrommatis and Provos. "To clarify, a sample-based analysis puts the fraction of malicious pages at roughly 0.1%."

While Google may be glad to set the record straight that only about one in 1,000 Web sites are potentially malicious, it says something about the state of online security that some simply accepted the 1-in-10 figure.

Google began tackling online security in a public manner last year. In January 2006, Google was among the companies that sponsored the launch of StopBadware.org, a site conceived to fill the role of a neighborhood watch group on the Internet.

The insecurity of search came to the fore last May when a McAfee SiteAdvisor report found that search engines regularly returned risky sites when queried using popular keywords. Shortly before that report appeared, Google made an arguably long-overdue addition to its Webmaster Quality Guidelines: "Don't create pages that install viruses, Trojans, or other badware."

Three months ago in February, Google started to flag suspect search result links with the message, "This site may harm your computer." The company also disabled the links on flagged results, preventing users from visiting those sites unless they copied the URL and pasted it directly into their browser address bar.

That same month, Google also added a notification for owners of flagged sites to help those with good intentions identify and mitigate any malware they might be hosting.

While Google's efforts may provide some comfort to its users, cyberthieves appear to be unimpressed. Since last year, Google has been dealing with URL redirection exploits that allow phishers to disguise malicious URLs to look like Google links. While the company has closed some holes, others apparently remain.

"We're aware of the issue and working on a fix," said a Google spokesperson.

Indeed, Google has "started an effort to identify all Web pages on the Internet that could potentially be malicious," according to a security paper published by several Google engineers, Mavrommatis and Provos among them.

Even so, not everyone believes Google is moving fast enough. Writing about an exploit that Google closed in February, Robert Hansen, CEO of security consultancy SecTheory and the maintainer of ha.ckers.org under the name RSnake, said, "Google is riddled with these holes and they are incredibly easy to find."

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.