Google Warns Users About "Unsafe Sites" 163
Dynamoo writes "The BBC is reporting that Google will start to warn users about unsafe websites, in particular those that host spyware or have privacy implications. The technology to do this has been developed in partnership with StopBadware, and appears to be an alternative to the popular McAfee SiteAdvisor application. Perhaps this will help curtail slimeware ridden sites from peddling their wares. But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop."
This will invite more unjust lawsuits (Score:5, Insightful)
Why not just stick them at the end of the search (Score:4, Insightful)
flag javascript, flash, schlockwave (Score:0, Insightful)
Google Desktop (Score:5, Insightful)
In my opinion it's like saying I am a risk because I have arms. Potentially I could strangle someone with them.
Many web sites are "unsafe" because (Score:2, Insightful)
but looking at the recent string of security holes in Firefox/Thunderbird shows that this is not particulary
safe either.
Why not fix the software and/or its default configuration so that it is safe to use?
Google Dekstop isn't unsafe (Score:5, Insightful)
There's nothing wrong with people who are willing to voluntarily give up some measure of their own privacy in exchange for a service provided on that data -- I use Gmail for all of my e-mail, even to the point of forwarding multiple accounts into my gmail inbox, and don't think twice about the fact that somewhere, Google is reading and storing it.
The problem arises when people aren't informed their privacy is being tampered with...malicious web toolbars and cursor packages, Gator, etc. No anti-spyware application I've seen to date has detected Google Desktop (granted, I've only seen 3 machines that actually used GD) but that says something to me.
Poop (Score:3, Insightful)
About Time (Score:5, Insightful)
Or even better still, read the Google cache of the site with all the bad stuff removed. That would be trick!
I'm sure my letter of commendation, along with Google stock options grant, is arriving any moment now.
Re:Google Dekstop isn't unsafe (Score:2, Insightful)
Conflict of interest? (Score:4, Insightful)
Fair enough, since I guess you can assume that Google wouldn't be actually creating malware on purpose. If you just single out those sites with the 1000 porn banners that try and install virii and spyware on your computer, Google won't have a problem. However, I think, the real problem for most users is not sites like that which are obviously dodgy, its the sites that look clean and professional that seem to have a legitimate purpose for their software, and often those proprietors are quick to try and play up their legitimacy. When Google marks them as "bad", you can expect lawsuits.
While I find that this may be a big plus for a search engine that can be percieved as impartial to software makers, as Google becomes a notable software maker itself, it may be an issue. It certainly could leave them vulnerable to the charge of conflict of interest as time goes on.
Re:Many web sites are "unsafe" because (Score:5, Insightful)
That doesn't address sites that deliberately link people to executables that they delibrately download and run because they think they're about to see a 3D holographic movie of unicorns actually producing rainbows in the shape of guardian angel puppies protecting endangered species that are making jokes about the president.
The point is that if Google finds sites polluted by such malware - not just some plugin-abusing bit of blinking nonsense - then they're going to give you the heads up on the link. I think it's great - but it will just make the bad guys get involved in another hide-the-malware arms race.
Re:About Time (Score:3, Insightful)
While they're at it ... (Score:4, Insightful)
Better yet, consider standards compliance and accessibility when ranking pages.
If Google wants to use their position to police the Internet, why stop with Spyware. Test whether people have a secure browser and tell them when they don't:
"FYI, your version of IE is 3 years out of date. Please go here [microsoft.com] to upgrade it, or go here [mozilla.com] to replace it."
They could fix a lot of the problem right there.
Re:Why not just stick them at the end of the searc (Score:4, Insightful)
But what if your site was somehow rated as "spyware-filled", when, in fact, it wasn't? Would you rather be flagged as dangerous, or would you rather be sent to the bottom? At least the flag can be ignored.
Re:This will invite more unjust lawsuits (Score:3, Insightful)
Some borderline cases might slip through; I seem to recall Gatorsoft (maybe as Claria?) getting an exemption from some anti-spyware software/lists by claiming that the user installed their products for the features (like automated form-filling) and were 'clearly' notified about the other aspects of the software, but even catching the totally sleazy operators would be a major win. (And odds are Google would still find some verbiage to apply to even this edge case even if they were sued.)
Re:Conflict of interest? (Score:4, Insightful)
Re:Pandora's Box (Score:4, Insightful)
Re:Dangerous Words (Score:3, Insightful)
Re:Google Dekstop isn't unsafe (Score:5, Insightful)
It piggy backs on other thigs that are useful..that is a significant difference
Re:flag javascript, flash, schlockwave (Score:5, Insightful)
They'll flag sites that deploy malware, spyware, and other junk. They'll flag sites that use unrestricted javascript and dangeous security workarounds. Not everything. Blanket labelling would only cause annoyance.
I'll tell you what a pandoras box really is (Score:3, Insightful)
i'll keep your box closed for now.
Re:Many web sites are "unsafe" because (Score:2, Insightful)
Why not require users to pass a course on safe computing before they have a license to use the internet?
Why not format the hard drive of every user who picks up a virus from a website, to teach them a lesson?
etc...
How about: Why not stop spouting rhetoric and attempt to deal with the malware/trojan situation (which will NEVER fully be solved by OS/browser security) in a realistic manner without the high-and-mighty attitude?
Re:Here's the Link (Score:4, Insightful)
Re:This will invite more unjust lawsuits (Score:3, Insightful)
And what about sites that sell malware as tangible goods, like anybody stocking Sony CDs?
I'm not terribly worried about these sites, for myself, as I'm pretty up on things. The real target would be the unsophisticated computer users (i.e. those who have several bots running on their computer and don't know it.)
What would be very useful is a Safe Mode button on browsers which turn off/on image viewing, flash, java, all plug-ins, etc. You'd need to reload, but if you are looking for text, the rest of that is so much dross anyway.
now lawsuits, just wait until they warn about FUD emitting sites. ha!
Re:Just Grow Up and Respect Women (Score:3, Insightful)
Re:This will invite more unjust lawsuits (Score:3, Insightful)
Is it software that reports individually identifiable tracking information? Any web page using Google Analytics, IMR Worldwide, Tacoda, or Overture is already doing that (as is the "Windows Genuine Advantage" program.)
Is it software that connects to a previously unrevealed external server? The "Help" button in many programs is nothing more than a link to a helpful web site, and sometimes that site isn't run by the company that wrote the original software. (So does the "Windows Genuine Advantage" program.)
I'm being somewhat facetious here, but there seems to be a lot more "I know it when I see it" attitude towards malware than there are actual definitions. Sure, there's a lot of crap I've scraped out of other peoples' computers that I'd call "malware", but I'd be hard-pressed to come up with a good definition that would withstand these sleazeballs' attempts to sue Google.
This Will Only Provide a False Sense of Security (Score:4, Insightful)
The reason it won't work very well is that all the malware sites have to do is present a non-malware version of their pages to google's spiders. If they don't see the malware, they can't know it is there for everybody else.
So, at first we will see Google correctly identify malware sites, and that will be effective for just long enough that people will come to expect that sites without a malware warning are safe. By then, someone will have come up with an automated systems for giving google a "clean" version of the website and serving malware to everyone else. This automation will spread rapidly and then google will no longer be effective - but now some number of people will have started to rely on google's warnings (or rather lack of warning), thus making them more vulnerable than before.
I think another poster's idea is much better - include malware detection as part of the pagerank score. Don't advertise it, don't spell it out, just do it. Malware sites will sink to the end of the search results (where they belong anyway since they are rarely useful for anything but malware distribution). Eventually the malware distributors will figure it out and start feeding "good" pages to google's spyder - but at least no regular users will ever be lulled into a false sense of security by thinking that the lack of a warning is an indication of safety.
Re:Just Grow Up and Respect Women (Score:3, Insightful)
I do spyware and antispyware testing all the time as part of my job. I go to sites with ActiveX installers or that exploit browser flaws and let a virtual machine become badly infected and then run various tests.
Not once have I ever had to go to a porn site to do this. Wrestling fan sites, yes. Serial number and warez sites, yes. Screensaver sites, yes. Certain "ad-supported free hosted" sites, yes. Porn, no, not once.
Re:This will invite more unjust lawsuits (Score:2, Insightful)
What attributes, exactly, define malware? Some people suggest that malware is anything and everything that can't be 100% uninstalled. But many of Microsoft's OS packages fit that description (as does the "Windows Genuine Advantage" program.)
This is not a coincidence.