Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Security Communications Network Networking Privacy Software The Internet News Technology

Google Admits That Google.com Is Partially Dangerous (eweek.com) 100

darthcamaro writes: For over a decade, Google's Safe Browsing technology has helped to alert users to dangerous sites, where malware and phishing exploits can be found. Apparently, one of those unsafe sites is none other than Google.com itself.

According to eWeek, "Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of Google.com (and the sites linked in its index), 'Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).'"

This discussion has been archived. No new comments can be posted.

Google Admits That Google.com Is Partially Dangerous

Comments Filter:
  • Anyone know why they might call Flash on Google.com? (View the source and search)

    • Anyone know why they might call Flash on Google.com? (View the source and search)

      Because Flash bakes the best cookies?

  • "Coming up on News at 11: Google has released a report saying that Google.com.. could be dangerous? What does this mean? What do you need to do to stay safe? Tune in and watch through the entire hour and all the commercials, so we can give you the 90-second over-hyped package at the very end."
    • by Anonymous Coward

      APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%... [bing.com]

      Less power/cpu/ram + IO use + complexity vs. local DNS servers, routers & antivirus w/ less security issues. Compliments firewalls (no layered filtering drivers firewalls use blocking less used IP addys, hosts block more used hostnames) & DNS (lightens server load too). Antivirus = reactive. Hosts = proactive, blocking infection BEFORE it hits you. Gets data via 10 security sites.

      (Works vs. HTTP PUSH servers in Chrome w/ f

  • The real shocker (Score:5, Insightful)

    by EEPROMS ( 889169 ) on Tuesday April 19, 2016 @11:17PM (#51944915)
    is that a US billion dollar corporation is being honest for a change and applying the same rules to themselves as others.
  • I once got a virus from an immitation poker site link. I didn't download an executable. All I did was click a link to what I thought was a popular poker site on one of the top hits. If I recall correctly, firefox crashed and then I had to reinstall windows. Since then, I browse the web on windows as little as possible.
    • by vlad30 ( 44644 )

      Since then, I browse the web on windows as little as possible.

      This has been my philosophy always, additionally block ads and disabled flash and javascript only opening them up when needed. Here we can blame poor coders and site owners if they didn't abuse ads and vetted them so that there site had acceptable ads we would not have ad blockers.

      Just a comparison many years ago TV and newspapers didn't accept ads that were annoying or unacceptable. now they do additionally they increased the ad rate on tv from 12 to 18 mins per hour and newspapers often have articles th

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Is there a solution?
      It seems like browsing the web 'safely' these days involves:

      - Constantly making sure my browser is up to date.
      - Installing a JavaScript blocker and making sure it's always up to date.
      - Installing flash and advertisement blockers and making sure they're always up to date.
      - Running my browser from within a virtual machine that is restored to a previous 'safe' snapshot.
      - Isolating my VM traffic through a separate anonymizing VPN service.

      I'm sure this isn't exhaustive and there are other thi

      • by KGIII ( 973947 ) <uninvolved@outlook.com> on Wednesday April 20, 2016 @05:03AM (#51945685) Journal

        Just install uMatrix and be done with it. It will take a little while to figure out how to use it and you build up your whitelist as you go. Just keep your settings files backed up and reasonably current and you can use them across multiple computers and multiple browsers. Block everything you don't need. I may refresh a screen a dozen or so times before I get the settings for that site right but it's always the least permissions and I only have to do it for that site once. It's amazing how many sites I don't even bother with doing it for them at all.

        I may not have full functionality but I'm only going to visit that news site once - I don't need to have their dynamic content of their latest weather updates loaded in the upper left, a dozen trackers in the bottom, an optimizely script to make sure I get the correct display on a mobile, or anything like that. If I want a script to run then I enable it and refresh. I generally don't want it to run. If I do then I want it and only it to run. I also want it to be selective between sites. (Things a hosts file can't do.)

        So, I use uMatrix and get along just fine. It took a little while to figure out how it works. I then figured out that I should save the results. (It's just a single click.) I then realized that exporting them was possible and a good idea - I use multiple computers. I then realized that I could load even fewer things. I then realized it had a way to set the defaults if I wanted to enable them - so I let CSS and straight images (no scripts) display.

        I've yet to have to enable a third party cookie, for example, on *any* site for *any* functionality. If a site wants to load too many things then I just don't bother - I've a limit to what I'll allow for code to run on my computer. It's mine. I control it. I say no.

        It's really just an easier way to practice safe hex. It's what you should be doing anyhow. I don't have to go through all of the things you're doing. I don't need to use a VM. I don't have to worry about infections if code doesn't run. I let first party stuff load by default. That's it. I often won't allow any third party content at all. That's how you get nasties... I don't want nasties. There is no content so meaningful that I am going to enable people who aren't me to run random things on my computer. There's no site worth it.

        I'm building out a site right now - actually in another tab. There is third party content. Every bit of it is optional and the site retains full functionality without it. There's no need to enable any active scripting, of any type, to make full use of the site. You can even use it just fine in Lynx.

        By the way, if you're using Windows there's a really neat browser you can try. It's called OffByOne. It doesn't do much except browse pages. There's no scripting allowed. None. There's no way to make it work, last time I used it.

  • by kheldan ( 1460303 ) on Wednesday April 20, 2016 @01:33AM (#51945179) Journal
    So she can author a Senate bill to outlaw Google.
    • by KGIII ( 973947 )

      Now, now... This is a matter of great importance and involves national security. We need to ensure the safety of the citizens. Surely then, this must be a bipartisan bill?

      On an actually serious note, can you imagine if they tried to write a law that made *all* types of malware illegal? You'd end up with something that said something along the lines of; "Causing any unwanted or unexpected behavior." Half the people would be cheering for this. The other half would be trying to figure out how to get their leas

  • "Attackers on this site might try to trick you to download software or steal your information"

    Come on slashdot, what was the name of the desktop operating System required to promulgate this dangerous Google malware. Wouldn't it be simpler for google not not warn people about this Windows Malware?
  • This is news? (Score:5, Insightful)

    by LordWabbit2 ( 2440804 ) on Wednesday April 20, 2016 @02:58AM (#51945345)
    Google may have indexed bad sites and not realized it. News at 11.
    • by Luthair ( 847766 )
      eweek is a dead giveaway for trash.
    • Google may have indexed bad sites and not realized it. News at 11.

      Where do you get the idea they didn't realize it?

      • Because when they do realize it, they block the site and warn the user?

        Google has every incentive to make the web as safe an experience as possible for its users. Without those users coming to use their services by the hundreds of millions, they don't generate all that ad revenue. There's no profit in intentionally allowing a user to become infected by a bad site.

        • Because when they do realize it, they block the site and warn the user?

          Google has every incentive to make the web as safe an experience as possible for its users. Without those users coming to use their services by the hundreds of millions, they don't generate all that ad revenue. There's no profit in intentionally allowing a user to become infected by a bad site.

          I suppose I wasn't clear. I meant that Google always knew that it indexed malicious sites, and knows that it always will index malicious sites. Google tries to identify and block them, but that will always be best-effort, never a guarantee. Maybe that's what the OP was saying, too, but the way he said it made it sound like Google believed the index was clean at some point.

          • Ah, yeah, I misunderstood, and see what you're getting at now.

            Of course, I would sort of had figured it was somewhat self-evident, since Google attempts to index the entire web, and I'd imagine most people at Google thought the same thing. Naturally some of those will be malicious by nature. Another poster elsewhere made the analogy that some of the phone numbers in the phone book would undoubtedly put you in touch with some very bad / dangerous people, and it seemed a reasonable comparison, at least as a

            • My fault for being terse.

              I thought it was sort of weird how someone with a Google+ tag would accuse Google of deliberately sending users to malicious sites

              Heh, and a Google employee as well (aside: I started using the G+ login to slashdot a while ago when slashdot was temporarily broken and for some reason wouldn't accept my old login. Clicking the "log in with G+" button was super easy, so I did it. I have a much longer posting history, and much lower UID, as "swillden").

  • Really? (Score:5, Insightful)

    by argStyopa ( 232550 ) on Wednesday April 20, 2016 @07:06AM (#51946175) Journal

    This sounds about as intrinsically dangerous as a phone book: some of the numbers enclosed may connect you to criminals and naughty people.

  • It's absurd to say something is "partially dangerous". A rattlesnake is only partially dangerous: the dangerous part is the fangs. Even a hand grenade has a pin and stuff, so even it's only partially dangerous.
  • "Google Admits that Google.com Contains Links"

    In a surprisingly candid revelation today, Google admitted that their spidering engines are actually intended to find links to web sites and that these links will be shown on Google.com.

Keep up the good work! But please don't ask me to help.

Working...