Malware and phishing Web sites can often lurk among the legitimate sites you’ll find when conducting an online search, so Google has been tweaking its Safe Browsing technology to make it easier to identify and avoid such unwanted sites. The search giant recently began providing new warnings alerting surfers to the possibility that sites they’re about to visit could contain unwanted software that might hijack their browsers.
The warnings appear for people searching online using the Google Chrome, Apple Safari or Mozilla Firefox Web browsers. Microsoft’s Internet Explorer browser uses its own filter — SmartScreen — to warn surfers about phishing and malware sites.
Google recently also began providing automatic notifications about Web pages with potential malware to Google Analytics users. In December, it also revised its Google AdWords requirements with an updated policy on unwanted software.
Defining ‘Unwanted Software’
According to Google’s new policy, unwanted software includes apps that are deceptive, affect user systems in unexpected ways, are secretly bundled with other software or use trickery or piggybacking on other programs to get people to install them. Unwanted apps can also be difficult to remove or they can collect and transmit information about users without their knowledge.
For marketers who use Google, this means that “advertisers with software downloads hosted on their sites or linked to from their sites must comply with the Unwanted Software policy, regardless of the devices on which the software is installed. All such software downloads must comply with this new policy, whether or not these downloads are promoted through AdWords.”
Not all sites with unwanted software deliver their malware intentionally. Some may have been hacked, and Google’s Safe Browsing tool has been designed to identify those sites as well as intentionally harmful sites. Karl Sigler, Threat Intelligence Manager at the cybersecurity firm Trustwave, told us that sites with unwanted software are significant problems on the Web.
“(T)here’s an entire underground economy surrounding the practice. Criminals create networks of malicious Web sites called exploit kits. They then rent those malicious Web sites out to other criminals that use them to compromise victims. Some of these exploit kit campaigns breach hundreds of thousands of computers,” Sigler said.
“Many times criminals don’t need to exploit a vulnerability. They can often use social engineering to trick a victim into installing malware on their own systems,” he added. “This often occurs by prompting a user to install a fake software update that is actually malware.” Sigler called Google’s latest Safe Browsing changes “a wonderful service.”
Scanning ‘Millions of Web Sites’
“Safe Browsing scans millions of Web sites to identify those sites that install malware without a user’s knowledge,” according to Google’s Transparency Report. “We discover and categorize these sites by autonomous system numbers, thousands of which exist on the Internet.”
Recently, scanning by Google’s Autonomous System identified 6,062 attack sites in just one day on the more than 73,000 sites managed by Hostspace Networks. Google noted that the success of various malware techniques can shift rapidly, leading to spikes in the number of problematic sites discovered over time.
Google continually revises and updates how its algorithms work to refine the search results it produces. In addition to making it easier for users to identify potentially harmful sites, it is also putting a growing priority on ensuring that its search results provide reliable and factual information.
Last month, for example, it added a new feature to deliver medically validated facts in its Knowledge Graph for health-related searches. It also has researchers working on systems to bump Web sites with trustworthy information higher up in its search rankings.