Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Google plays whack-a-mole

November 30th 2007 in Uncategorized

Posted to the Google Online Security Blog

Currently, we know of hundreds of thousands of websites that attempt to infect people’s computers with malware. Unfortunately, we also know that there are more malware sites out there. This is where we need your help in filling in the gaps. If you come across a site that is hosting malware, we now have an easy way for you to let us know about it. If you come across a site that is hosting malware, please fill out this short form. Help us keep the internet safe, and report sites that distribute malware.

Note this blog entry was published after Sunbelt reported the massive seeding of malicious web sites on Google (which were *not* flagged as dangerous), which was then cleaned up, and before it was reported that nonsense domains were reappearing in Google’s search, albeit with (apparently) no malicious content (yet). 

The cynic in me sees the blog entry as no more than a cynical attempt at damage control, but Google deserves some credit for creating the form, I suppose – yay them for giving their readers a warm fuzzy feeling when they report whatever site, but let’s be honest it – it ain’t gonna make any real difference.  First, victims need to know the report page exists.  Second, they have to report on it.  Third, Google has to act on it.  And, realistically, when we’re dealing with domains with nonsense names, made up of random letters, and random lengths – I’m sure that all of you with a fundamental grasp of mathematics and understanding of “odds” know what the chances are of this form making a real difference.

If Google wants to fight the bad guys one site at a time, then all power to them .. I sure as hell hope they have a hell of a lot of manpower behind them – they’re gonna need it.  Consider the analogy of the elephant and the ant.  The elephant is massive – the ant is miniscule, but the elephant is one, and the ants are millions.  A swarm of ants can overwhelm anything if they put their minds to it,even the elephant.  Now replace “elephant” with “Google” and “malicious web sites” with “ants”.  I think you see my point.

I’d far prefer that Google focus their efforts on something far more effective – like stopping malware sites from getting into their search results in the first place.  There is a basic, basic, flaw in the way that search engines work when the bad guys are able to play the system so easily.

There are some areas of the internet that are turning into the online version of Typhoid Mary, and these areas of the internet, I am sorry to say, may need to be judged guilty until proven innocent.  The modern Typhoid Mary is not just particular countries (like China, some eastern bloc countries and countries with lower socio-economic standards) but may also be Registrars that are known to have a higher than acceptable ratio of problematic sites, low standards when accepting new registrations, and domain servers that host a greater than average number of malicious or suspicious sites.

All search engines, and Google in particular, want to be all things to all people.  Their goal is to index the web and show you everything possible pertaining to your particular query or interest.  But, reality is that this is no longer safe.  We may need to take the hard decision to isolate some areas of the Internet as guilty until proven innocent.

Haute Secure is trying a Typhoid Mary type approach – in some ways it has a “guilty until proven innocent (or clean)” attitude to malware, but, ironically, I have expressed concern more than once that HS is too chatty and is warning against too many sites when no real danger exists, whether it be because there used to be a risk that is now gone, or there is a potential risk.  So, I understand what the implications for Google are if they decide to use the “guilty until proven innocent” protocol – after all, I ended up turning off Haute Secure because its warnings occurred so often.  I stopped paying attention to HS, turned some of its warnings off, and it fell victim the the modern version of the “Boy Who Cried Wolf” syndrome.  Google does not want to suffer the same fate.

That being said, the innocent days of the Internet as a wonderous, safe place that all can visit, and learn, and teach and share and explore without fear is gone.  The criminals have taken that dream away from us.  That is the reality.  And we all of us who create or host online content have some hard decisions to make.


2 comments to...
“Google plays whack-a-mole”


Great write up Sandi, love the analogy too.

Maybe Google needs to employ the likes of some of the malware hunters who do this stuff all day. I have a feeling we could make bigger dent in anything the regular Joe Net user does, especially with the trained eyes we have….


It’s seem more serious than my original though. Btw, the elephant and the ant reminding me an asian tale.

When you view a Web page by using Microsoft Internet Explorer 6, a GIF image that is located on the Web page appears as expected. However, if you press F5 to update the display, or if you click Refresh to update the display, the GIF image no longer appears. Instead, a red “X” appears as […]

Previous Entry

Source: Jeff Jones Security Blog
“For most people, their web browser is central to their interaction with the Internet, connecting to global web sites and helping them consume online services providing everything from booking flights to banking services to online shopping. This reality makes browsers a key tool when evaluating the security experience of users as […]

Next Entry