August 4, 2006 3:15 PM PDT

Google puts up 'Beware of malware' signs

Google has started warning people when search results could potentially lead them to malicious code.

The search giant is using data from the Stop Badware Coalition to flag sites that are potentially host to malicious software. Google, along with Sun Microsystems and Chinese PC maker Lenovo, announced support for the group in January.

Google Stop Badware

People who attempt to go to a Web site that has been identified as risky by the coalition are taken to a warning page.

"Warning--the site you are about to visit may harm your computer!" the page states in bold type, then suggesting users can "learn more about malware and how to protect yourself at"

The interrupt page suggests that users can try returning to the search page and choosing a different result, trying another search, or they can continue to the potentially malicious site.

"We're not going to say don't do it," said John Palfrey, a professor at the Harvard Law School and one of the driving forces behind the effort. "What we want to do is basically give people some more information about what might happen to their computer."

Harvard has teamed with Britain's Oxford University to provide much of the manpower for the coalition's Web-monitoring effort. People can report sites that have malicious code on them, and then a human being checks the report before any sites are flagged, Palfrey said.

Palfrey likens the effort to a "Neighborhood Watch" program. Sites in question are not removed from search engines, but the idea is that users are warned of potential problems. Although the Stop Badware Coalition has been working closely with Google, Palfrey said he would like to see other search engines tap its watch list as well.

"We very much encourage other search engines to join and use the data in the same way," he said. "We're quite open."

A Google representative was not immediately available for comment. is one of a number of coalitions aiming to stop the spread of malicious code. Initially, the group was focused on merely identifying bad programs, but not necessarily on working on which sites distributed the code.

"The initial idea was to say that law in the ordinary sense of the word has not been doing a good job with these highly distributed problems--spyware or viruses or spam," Palfrey said.

See more CNET content tagged:
coalition, malicious code, Sun Microsystems Inc., search engine, Google Inc.


Join the conversation!
Add your comment
About Time!
It's about time a search engine did something like this. Other options also include plugins like SiteAdvisor (<a class="jive-link-external" href="" target="_newWindow"></a>) that warn you when a site is malicious. I like though that this is built into Google and requires no additional software to be implemented. Yay!
Posted by BMR777 (61 comments )
Reply Link Flag
What the Hell are you thinking??? This is the user's responsibility - NOT Google or any search engine!
Posted by wearegod (3 comments )
Link Flag linked to this through NYT ... linked to this through the NYT last week. Still an interesting article.
Posted by JoeCrow (83 comments )
Reply Link Flag
Jean-Pierre Khoueiri-Why not just take the sites down from Google?
If they know which sites are hosting the malicous software, why don' they just take them out of their cache, thus reducing the websites traffic and makeing the web community safer. Drop me an email if you'd like to chat
Posted by (5 comments )
Reply Link Flag
Great window dressing!
Great window dressing, looks good on the resume, but sadly another bad idea just made worse, giving all a false sense of security!

Oh well, security nil, badhats 1, yet again!
Posted by heystoopid (691 comments )
Reply Link Flag
That would be censorship
That would be censorship. Not a good idea. You would have the bible bashers queueing up to get them to ban porn links, and then bans on the sites of those fighting terorrist states like Israel would be next - eg Hamas, Hizbollah, etc. Then anything your govenment or any other minority lobby group didnt want you to see. If you want that sort of service, move to China.
Posted by richto (895 comments )
Reply Link Flag
Google is not the Government! This is a good thing!
A serious company looks after its customers! Is not that self evident. I am surprised that this has not happened before. In China the Government is not protecting people from visiting sites that are dangerous for them; it is stopping people from visiting sites that seem to be dangerous for the Government and its power!
Björn Lundahl,
Göteborg Sweden
Posted by Björn Lundahl (253 comments )
Link Flag
not really
Censorship in this case would be not allowing the website to even show up on the search. If someone is that stupid, yes they can click on the link and continue. Its a "warning", not censorship.
Posted by aSiriusTHoTH (176 comments )
Link Flag
Not really
It's a private company choosing to run their business, and their own software, how they choose to.

There's no censorship, you're simply receiving a warning about a potentially harmful website.

The links produced by using googles search engine are links that google have either been paid to produce, or have been asked to produce - but they're running on google servers and being displayed by google software.

If you distrust that Oxford or Harvard engineers can decide whether a site is harmful or not you can choose to ignore the warning and continue to the website.

If you feel that this is too much like a net nanny or preaching a "holier than thou" message at you, you can choose to use another search engine.

But what we can't do is tell google that they're not allowed to run their software how they choose to, or that they aren't allowed to warn their search customers about potentially harmful websites.

In a way they do bare some responsibility for the result of using their links (after all people sue businesses if they come to harm using that businesses product, even if it's obvious that their behaviour with that product is dangerous) - so I consider this more of a warning label for their less reputable listings than anything like censorship.
Posted by ajbright (447 comments )
Link Flag
"lolz".. are we like 10 years old?
Posted by aSiriusTHoTH (176 comments )
Reply Link Flag
No it wouldn't
It is informed usage. You are told the risks and allowed to go on. Censorship would be being prevented from going on.
Posted by MadKiwi (153 comments )
Reply Link Flag
What if
What if your site gets on the warning list and you don't think it should be there? Do you go to a lawyer? Suing seems to be a universal answer these days.
Posted by cswor (9 comments )
Reply Link Flag
Anyone else concerned over this?
I really do NOT like that google is now thinking it should be filtering content 'for our own good'. I'm by no means a fan of purveyors of malware, but on the other hand I dont want google black listing sites. First malware... then what? Adult material? Politically Incorrect speech?

If google wants to 'warn' users by putting a little graphic icon next to results, that would be sufficient. But to actually hijack a link is too much. And then, of course, there will be innocent publishers getting branded incorrectly as malware sites. Will google be the recipient of numerous libel suits for ruining the reputation of publishers?
Posted by (402 comments )
Reply Link Flag
It's their link, so they get to choose
To be blunt, you're using Google's search engine - and it's their link that takes you to the site you think you want to visit.

They have every right to run their software any way they choose, just as you have the right to not use it. For all you know they could already be filtering out websites they don't want you to see - like they do for the Chinese government.

They take money to put particular websites at the top of their search lists, and they take money to place them down the sides or along the bottom of the page.

But these sites have been verified as potentially harmful by Harvard and Oxford - and it's up to you to decide whether you trust these entities to make that decision. You've simply been told that a particular site might be harmful, you're not prevented from going to that site, and you're not prevented from using another search engine that fails to warn you about sites hosting malware.

So it's not really a free speach issue, there's no government entity forcing you to use google.

If you decide that this is too similar to an oversensitive net nanny making your choices for you, go to the at least half a dozen other search engines that operate in the way you're happy with.
Posted by ajbright (447 comments )
Link Flag
Wet Security Blanket if ya ask me!!!
I don't like the sounds of this. Google will start putting up some signs of places which they think may be malacious. That's about as clear vague as it gets.

Google is putting up a false sense of security in that they won't catch all sites and some which they fail to flag will contain malacious code. That said... are they willing to guarantee that NO site which they don't include that warning on WILL include malacious code? Hardly not. That said, then what's the point other than to give people a warm-fuzzy feeling that Google might be safer than Yahoo or other search engines.

Bottom line: There will be a lot of false-positives and a few positive-falses. False-positives are quite known in the security world, but Google will be creating a new term "false-positives" in which they don't flag as malacious, but which contains malacious code!!!

My bet is that somebody will draw them into court over the matter and probably win and then they'll stop this non-sense!

It's a marketing ploy at best... and a false (wet) security blanket at worse!!!

Posted by wbenton (522 comments )
Reply Link Flag
Invitation to lawsuits
Whatever the merits of this (and as a Mac user malware is of no
present concern to me), all it will take is one lawsuit by a web site
Google warns about to put an end to this. Lawyers control
everything in American, including love, eating, and breathing.
Posted by nicmart (1829 comments )
Reply Link Flag
This is the worst case of SPAM initiated by Google. Google is WAY OUT of their core and if you check around the Web, their SPAM application even identified GOOGLE.COM as a potentially malicious site - which in reality it IS.

WHAT EVER HAPPENED TO THEIR GOLDEN RULE OF 'DO NO HARM'? Google's definition of 'Malicious" is harming many sites that simply have code that fits their description of malware, but by other definitions is NOT. What the HELL is Google thinking?

This is really pissing me off! Getting AV and Anti Malware software is the responsibility of individual users. Google has NO RIGHT to arbitrarily throw up warning pages on sites based on one definition of 'malware'.

Posted by wearegod (3 comments )
Reply Link Flag
I'm ready to start using another search engine - one that is not supplied by Boogle ;-)
Posted by wearegod (3 comments )
Reply Link Flag
This is a fascinating dilemma. The obvious two problems are 1: Can you trust these Harvard and Oxford people to be all honest and straight forward chaps without a crazy extreme right wing religious agenda? I don't think so. Secondly ; How exactly do they determine if a site is dangerous? If it's a porn site it is by definition automatically dangerous? I don't think so. I see a lot of serious problems with the implementation of this.
Posted by safemode55 (6 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.