Google Admits That Google.com Is Partially Dangerous (eweek.com) 100
darthcamaro writes: For over a decade, Google's Safe Browsing technology has helped to alert users to dangerous sites, where malware and phishing exploits can be found. Apparently, one of those unsafe sites is none other than Google.com itself.
According to eWeek, "Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of Google.com (and the sites linked in its index), 'Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).'"
According to eWeek, "Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of Google.com (and the sites linked in its index), 'Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).'"
Re: (Score:1)
Yeah probably better of on reddit.com/r/mildlyinteresting
Re: (Score:2)
Slashdot is rapidly becoming indistinguishable from 4chan.
Re: (Score:1)
The headlines should say: "Google admits that idiots are idiots. Downloading malware gets your computer infected with malware."
Seriously, though. When did "we" ever think Google was fully sanitizing its results?
Re:No shit... (Score:5, Interesting)
By we, you mean us on Slashdot, right? Well, I'd like to say that "we" never did any such thing because "we" are not retarded. However... There are a few people who do post here who may very well have thought that at some point in the past or think that today.
That is not a slight against you personally. I haven't a clue who you are, you're just "some AC" who may or may not be retarded. I'll give you, personally, the benefit of doubt but that's increasingly difficult with ACs and even some fairly frequent poster.
If you look at my UID number then you'll see that I've been here for a minute. I used to give ACs the benefit of doubt and I usually try to do so still but it has reached the point where I'll oftentimes just delete the reply notification if it is from an AC. I don't know if ACs have collectively gotten worse or if I've just become less patient. There are also some really stupid people who have accounts. I can mentally filter them out more easily as I notice names when I read the threads.
So, as much as I'd like to say that we're not stupid enough to think that sort of thing here on Slashdot, we're not that bright. When I joined Slashdot, I actually joined and kept my mouth shut for a long time - this was way back with my first account that I've long since forgotten the name of. I registered but didn't say much for a very long time because I was too busy enjoying reading the smart people's posts.
I'd like to say that we were better then but that's not actually true. I was just dumber then. See, I've gone back and read a lot of those old threads and we've always had stupid people.
I don't really know where I'm going (and I didn't when I started) with this post but I'm basically trying to say that I'd be a liar if I said I didn't think someone here was stupid enough to believe it. Sure, they're not going to acknowledge it now that they've seen this but there's surely at least one person (perhaps they're just unfamiliar with it and not stupid) who believes that Google actually makes a true good-faith effort to clean their links of malware, copyrighted material, and other undesirable information. Someone here believes that Google has people, or software - but probably believes it's people who double check the software results, that actually check for malware.
How many times have you come across Google-cloaking, or whatever they're calling it now? When you see a search engine result, click the page, and the page doesn't actually say anything even remotely like what the search engine result says? Yeah, Google also claims they remove them from their search engine - or claimed that they were going to do so. I seem to recall they said they *still* do so, don't quote me on it. But, see Forbes... If you check a Forbes link at Google, you'll see they cache something different than they display to the Google web crawler/bot. Hell, one of the popular help forums, before the advent of StackExchange, used to get prominent rankings but displayed different content to Google than it displayed to the users. Yet, they stayed high in the ranking for years.
No, no... I don't trust Google to do anything more than they absolutely have to. No, I don't trust Google to have my interest at heart. I don't trust Google to protect me. I don't trust their "don't be evil" slogan and I seem to recall they've actually gone so far as to remove that.
But someone, even someone here, certainly believes that they do all those things and more. It could be stupidity or they could just not yet know better because nobody has told them and they've not come across it. If there's something so stupid that nobody could possibly believe it, in your opinion, there's almost certainly at least one person on Slashdot who not only believes it but will argue about it. No stupidity is too great or too small for a Slashdotter to not believe it.
It's at this time that I'll be humble and point out that I am actually a Slashdotter too. Chances are good that there's something stupid that I'm completely certain about.
Re: (Score:1)
"I don't trust their "don't be evil" slogan and I seem to recall they've actually gone so far as to remove that." ..well.. of course being evil they could just keep it and lie right through their face.. but there must still be a spark of godness left in them to account for their taking it down. Because, of course, yes.. they've gone over to "the dark side"
"Join me, Luke" Come over to the dark side: " (Labored mechanical breathing) "Come over to..."ALPHABET!"
"Sorry pops".. "that sounds even creepier than the
Re: (Score:1)
It's not the millennials that are to blame, it's the fucking parents that raised them. I hate myself every day for being a millennial, but I've done my best to minimize my millennialism's negative impact on the people around me. I've tried to reverse engineer what it's like to be a normal person.
Re:No shit... (Score:4, Insightful)
Much as *I* hate myself for being a gen-x waste of space and watching my contemporaries raising monumentally self-absorbed children who end up on tumblr and reddit complaining about trivial bullshit, I still believe that you have to grow up at some point and take personal responsibility.
My mother was the first in her family to get to go to university. My grandfather got shot at by German occupiers as a profession and his dad died in a ditch in France doing the same. Every generation has different issues to deal with and every generation should stop pretending that their own particular cross to bear is so much worse than every other.
But good on you for trying to be a decent human being. At the end of the day, that's all we can really expect from people.
Re: (Score:3)
I can also get access to illegal activities. Google.com is part of a criminal conspiracy!
Flash included under very long if statement (Score:2)
Anyone know why they might call Flash on Google.com? (View the source and search)
Re: (Score:2)
Anyone know why they might call Flash on Google.com? (View the source and search)
Because Flash bakes the best cookies?
Re: (Score:3)
Be afraid, and look at our ads (Score:2)
This blows away openbid dangerous ads (Score:1)
APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%... [bing.com]
Less power/cpu/ram + IO use + complexity vs. local DNS servers, routers & antivirus w/ less security issues. Compliments firewalls (no layered filtering drivers firewalls use blocking less used IP addys, hosts block more used hostnames) & DNS (lightens server load too). Antivirus = reactive. Hosts = proactive, blocking infection BEFORE it hits you. Gets data via 10 security sites.
(Works vs. HTTP PUSH servers in Chrome w/ f
Re: (Score:2)
Does nothing for Windows 10 data reporting - they don't use DNS or HOSTS.
The real shocker (Score:5, Insightful)
Re: (Score:2)
How about this very subject until they just recently changed it? I should think that would be an adequate example of one such instance, yes?
Re: (Score:2)
How about this very subject until they just recently changed it? I should think that would be an adequate example of one such instance, yes?
Are you saying Google once claimed that all of their search results were perfectly safe to click on? I don't think I understand what you mean. Could you elaborate?
Re: (Score:1)
They cheated with their placement at some point in the past.
I think it was favoring their own ads or some such.
Re: (Score:2)
They cheated with their placement at some point in the past.
I think it was favoring their own ads or some such.
No, the argument was that they shouldn't be advertising their own services on Google search at all, or else should artificially boost competitors' ads. Google's response was that their self-promotion ads on Google search were selected for a particular search results based on exactly the same relevance and quality ranking algorithms used for everything else. In other words, that they applied precisely the same rules to their ads as everyone else's.
So, unless your argument is that they were lying, this is a
Make them different letters in the Alphabet (Score:2)
Perhaps the complaint is that Google isn't quite up-front about this wall of separation. One solution might be to split search and other services into separate businesses within Alphabet.
Re: (Score:2)
Perhaps the complaint is that Google isn't quite up-front about this wall of separation.
It seems to me that Google is quite up-front about it. If there's an issue it's just that people don't want to believe it. I'm not sure moving pieces of the business out of the Google company to separate Alphabet companies would help with that.
Viruses just get easier and easier to get (Score:3)
Re: (Score:3)
Since then, I browse the web on windows as little as possible.
This has been my philosophy always, additionally block ads and disabled flash and javascript only opening them up when needed. Here we can blame poor coders and site owners if they didn't abuse ads and vetted them so that there site had acceptable ads we would not have ad blockers.
Just a comparison many years ago TV and newspapers didn't accept ads that were annoying or unacceptable. now they do additionally they increased the ad rate on tv from 12 to 18 mins per hour and newspapers often have articles th
Re: (Score:2, Interesting)
Is there a solution?
It seems like browsing the web 'safely' these days involves:
- Constantly making sure my browser is up to date.
- Installing a JavaScript blocker and making sure it's always up to date.
- Installing flash and advertisement blockers and making sure they're always up to date.
- Running my browser from within a virtual machine that is restored to a previous 'safe' snapshot.
- Isolating my VM traffic through a separate anonymizing VPN service.
I'm sure this isn't exhaustive and there are other thi
Re:Viruses just get easier and easier to get (Score:4, Informative)
Just install uMatrix and be done with it. It will take a little while to figure out how to use it and you build up your whitelist as you go. Just keep your settings files backed up and reasonably current and you can use them across multiple computers and multiple browsers. Block everything you don't need. I may refresh a screen a dozen or so times before I get the settings for that site right but it's always the least permissions and I only have to do it for that site once. It's amazing how many sites I don't even bother with doing it for them at all.
I may not have full functionality but I'm only going to visit that news site once - I don't need to have their dynamic content of their latest weather updates loaded in the upper left, a dozen trackers in the bottom, an optimizely script to make sure I get the correct display on a mobile, or anything like that. If I want a script to run then I enable it and refresh. I generally don't want it to run. If I do then I want it and only it to run. I also want it to be selective between sites. (Things a hosts file can't do.)
So, I use uMatrix and get along just fine. It took a little while to figure out how it works. I then figured out that I should save the results. (It's just a single click.) I then realized that exporting them was possible and a good idea - I use multiple computers. I then realized that I could load even fewer things. I then realized it had a way to set the defaults if I wanted to enable them - so I let CSS and straight images (no scripts) display.
I've yet to have to enable a third party cookie, for example, on *any* site for *any* functionality. If a site wants to load too many things then I just don't bother - I've a limit to what I'll allow for code to run on my computer. It's mine. I control it. I say no.
It's really just an easier way to practice safe hex. It's what you should be doing anyhow. I don't have to go through all of the things you're doing. I don't need to use a VM. I don't have to worry about infections if code doesn't run. I let first party stuff load by default. That's it. I often won't allow any third party content at all. That's how you get nasties... I don't want nasties. There is no content so meaningful that I am going to enable people who aren't me to run random things on my computer. There's no site worth it.
I'm building out a site right now - actually in another tab. There is third party content. Every bit of it is optional and the site retains full functionality without it. There's no need to enable any active scripting, of any type, to make full use of the site. You can even use it just fine in Lynx.
By the way, if you're using Windows there's a really neat browser you can try. It's called OffByOne. It doesn't do much except browse pages. There's no scripting allowed. None. There's no way to make it work, last time I used it.
Re: (Score:2)
This is what causes people to disparage you. I'm one of the (seemingly rare) people that missed your posts (well, some of them
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid, but it only applies to Windows (please correct me if I am wrong) PCs, so
Everyone send this to Dianne Feinstein (Score:5, Funny)
Re: (Score:3)
Now, now... This is a matter of great importance and involves national security. We need to ensure the safety of the citizens. Surely then, this must be a bipartisan bill?
On an actually serious note, can you imagine if they tried to write a law that made *all* types of malware illegal? You'd end up with something that said something along the lines of; "Causing any unwanted or unexpected behavior." Half the people would be cheering for this. The other half would be trying to figure out how to get their leas
Google to blame for Microsoft Windows malware? (Score:1)
Come on slashdot, what was the name of the desktop operating System required to promulgate this dangerous Google malware. Wouldn't it be simpler for google not not warn people about this Windows Malware?
This is news? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Google may have indexed bad sites and not realized it. News at 11.
Where do you get the idea they didn't realize it?
Re: (Score:2)
Because when they do realize it, they block the site and warn the user?
Google has every incentive to make the web as safe an experience as possible for its users. Without those users coming to use their services by the hundreds of millions, they don't generate all that ad revenue. There's no profit in intentionally allowing a user to become infected by a bad site.
Re: (Score:2)
Because when they do realize it, they block the site and warn the user?
Google has every incentive to make the web as safe an experience as possible for its users. Without those users coming to use their services by the hundreds of millions, they don't generate all that ad revenue. There's no profit in intentionally allowing a user to become infected by a bad site.
I suppose I wasn't clear. I meant that Google always knew that it indexed malicious sites, and knows that it always will index malicious sites. Google tries to identify and block them, but that will always be best-effort, never a guarantee. Maybe that's what the OP was saying, too, but the way he said it made it sound like Google believed the index was clean at some point.
Re: (Score:2)
Ah, yeah, I misunderstood, and see what you're getting at now.
Of course, I would sort of had figured it was somewhat self-evident, since Google attempts to index the entire web, and I'd imagine most people at Google thought the same thing. Naturally some of those will be malicious by nature. Another poster elsewhere made the analogy that some of the phone numbers in the phone book would undoubtedly put you in touch with some very bad / dangerous people, and it seemed a reasonable comparison, at least as a
Re: (Score:2)
My fault for being terse.
I thought it was sort of weird how someone with a Google+ tag would accuse Google of deliberately sending users to malicious sites
Heh, and a Google employee as well (aside: I started using the G+ login to slashdot a while ago when slashdot was temporarily broken and for some reason wouldn't accept my old login. Clicking the "log in with G+" button was super easy, so I did it. I have a much longer posting history, and much lower UID, as "swillden").
Really? (Score:5, Insightful)
This sounds about as intrinsically dangerous as a phone book: some of the numbers enclosed may connect you to criminals and naughty people.
mostly dead is still partly alive (Score:2)
More Accurate Title (Score:1)
"Google Admits that Google.com Contains Links"
In a surprisingly candid revelation today, Google admitted that their spidering engines are actually intended to find links to web sites and that these links will be shown on Google.com.