From Matt Cutts blog:
Matt Cutts: Gadgets, Google, and SEO
Normally I like Nick Carr a lot, but the headline on his most recent article (”Google preparing to police web”) didn’t strike me as accurate. If Nick needs some background on how Google handles urls that potentially spread malware, maybe other people would benefit as well. I dropped a comment on Nick’s post that I’ll echo here, with minor edits and more hyperlinks: (Disclosure: I’m a software engineer at Google.) Nick, I normally love your posts, but your headline (”Google preparing to police web”) isn’t very accurate, because we’ve been tackling malware for quite a while. Here’s some historical context. Almost exactly a year ago, Google and other search engines were raked over the coals for exactly the opposite reason: allowing users to get infected with malware from search engine results. See Matt Cutts: Gadgets, Google, and SEO » SiteAdvisor Study for more background. At the time, we were already anticipating the issue and had added “Don’t create pages that install viruses, trojans, or other badware.” to our webmaster guidelines. Google’s response when we believed malware was present was to warn the user via an interstitial when they clicked on a search result that might infect their computer. See Matt Cutts: Gadgets, Google, and SEO » Info about malware warnings and how to appeal them for an example post about this process and how to appeal it if you have removed the malware or believe there was an error. Users liked the malware protection a lot, so we added some annotation to listings for sites that could potentially infect a machine. See Google Operating System: Google Flags Pages that Install Malicious Software for more info. Of course, it’s important to help regular webmasters who might have been hacked and not even know that they were infecting their users. To that effect, we added sample urls with suspected malware to our webmaster console. See Matt Cutts: Gadgets, Google, and SEO » Got malware? Google will help you find it. for more details. I’ve highlighted Niels Provos‘ fantastic work on my blog before, but Provos also provides free tools at SpyBye: Finding Malware to help webmasters scan their own sites for malware. All in all, I think Google does a pretty good job of protecting users from getting infected, while at the same time providing tools that assist webmasters in detecting and correcting hacked urls that could spread malware. Certainly compared to other search engines I think we provide more notice to users about potential malware urls, and we provide more info to webmasters about potentially hacked urls. So I think Google’s response to this issue balances the needs of users and webmasters pretty well. I hope that helps give a little more context and historical background. Certainly I’ve seen emails from both sides of this issue, but I think Google strikes a pretty good balance. Update: I forgot to mention that once you have all this historical background, then you’ll enjoy reading the USENIX paper “Ghost in the Browser” by Niels Provos and several other Googlers. It’s got a lot of useful information for people interested in malware.
Matt Cutts: Gadgets, Google, and SEO
Normally I like Nick Carr a lot, but the headline on his most recent article (”Google preparing to police web”) didn’t strike me as accurate. If Nick needs some background on how Google handles urls that potentially spread malware, maybe other people would benefit as well. I dropped a comment on Nick’s post that I’ll echo here, with minor edits and more hyperlinks: (Disclosure: I’m a software engineer at Google.) Nick, I normally love your posts, but your headline (”Google preparing to police web”) isn’t very accurate, because we’ve been tackling malware for quite a while. Here’s some historical context. Almost exactly a year ago, Google and other search engines were raked over the coals for exactly the opposite reason: allowing users to get infected with malware from search engine results. See Matt Cutts: Gadgets, Google, and SEO » SiteAdvisor Study for more background. At the time, we were already anticipating the issue and had added “Don’t create pages that install viruses, trojans, or other badware.” to our webmaster guidelines. Google’s response when we believed malware was present was to warn the user via an interstitial when they clicked on a search result that might infect their computer. See Matt Cutts: Gadgets, Google, and SEO » Info about malware warnings and how to appeal them for an example post about this process and how to appeal it if you have removed the malware or believe there was an error. Users liked the malware protection a lot, so we added some annotation to listings for sites that could potentially infect a machine. See Google Operating System: Google Flags Pages that Install Malicious Software for more info. Of course, it’s important to help regular webmasters who might have been hacked and not even know that they were infecting their users. To that effect, we added sample urls with suspected malware to our webmaster console. See Matt Cutts: Gadgets, Google, and SEO » Got malware? Google will help you find it. for more details. I’ve highlighted Niels Provos‘ fantastic work on my blog before, but Provos also provides free tools at SpyBye: Finding Malware to help webmasters scan their own sites for malware. All in all, I think Google does a pretty good job of protecting users from getting infected, while at the same time providing tools that assist webmasters in detecting and correcting hacked urls that could spread malware. Certainly compared to other search engines I think we provide more notice to users about potential malware urls, and we provide more info to webmasters about potentially hacked urls. So I think Google’s response to this issue balances the needs of users and webmasters pretty well. I hope that helps give a little more context and historical background. Certainly I’ve seen emails from both sides of this issue, but I think Google strikes a pretty good balance. Update: I forgot to mention that once you have all this historical background, then you’ll enjoy reading the USENIX paper “Ghost in the Browser” by Niels Provos and several other Googlers. It’s got a lot of useful information for people interested in malware.
