Google enters the security (blog) space
Every large Internet company has an online security team in place, and Google is no different. Now the search engine giant is going public. Yesterday, Google launched its new online security blog. The blog will post news on its little-known antimalware team, which, it turns out, has been in existence for about a year.
In its initial post, Google clarifies its now-famous one-in-10-Web-sites-are-malicious statement, derived from a presentation Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu gave at last month's Hotbots 2007. Provos says the figure that is quoted in the media should be 0.1 percent (less than 1 percent) since the analysis used in the paper, "The Ghost in the Browser" (in PDF), covers several billion Web sites. From that number, presenters selected a subgroup of 12 million, of which 1 million were found to be engaging in drive-by downloads of malicious code. There's also a colorful map in today's post showing which countries are responsible for hosting compromised Web sites and distribution servers (the U.S. and China both appear bright red, with Canada and Russia coming in a close second on each map).
Given that malware on the Internet is a huge problem, Google has been quietly evaluating Web sites on its own. Frequent users of the search engine may have seen statements under site names indicating that Google suspects a given site may be harmful to your PC.
This is curious, since major security vendors Symantec, Trend Micro, and McAfee currently offer products that overlay online search results with similar warnings. ZDNet blogger Ryan Naraine wonders whether Google is planning to go up against these vendors or perhaps purchase an existing security vendor. Predictably, Google declined to speculate on its future plans.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments. 
%20space%20%7C%20News%20Blog%20-%20CNET%20News&srcUrl=http://news.cnet.com/8301-10784_3-9721866-7.html){kind=small}
Whenever Google enters a market, big changes happen. It happened with search, it happened with advertising, and one of the key points of my Innovation in E-mail post is that it happened in webmail. Now Google is stepping up to the plate as one of the largest global Internet corporations, and on their new blog they?re talking about tackling malware. The advantage a search company has in tracking this sort of thing is enormous, and Google?s renowned data-center processing power is sure to help too. I can?t help but note that this is another jab at software rival Microsoft and its perceived security vulnerability. A few predictions:
* Google hasn?t been lax in making acquisitions, and I expect them to buy the expertise they need both to complement their knowledge of search, and possibly to enter the desktop security market. The Google Pack, ?a free collection of essential software? already includes Norton Security Scan and Spyware Doctor Starter Edition. I wouldn?t be surprised if Google replaced these with it?s own re-branded tool, but I also think they?re more likely to offer an online utility.
* In the past, when Google has entered a market, some aspects of the service they?ve offered have usually seen reductions in prices. Search was free to begin with, but AdSense and AdWords made advertising available to all kinds of budgets, and Gmail brought data storage to the commodity-level pricing it deserved to be at. Unlike security companies, Google?s long-term profitability is enhanced by fewer threats on the web, and even fewer threats of threats on the web.