Google has started warning people when search results could potentially lead them to malicious code.
The search giant is using data from the Stop Badware Coalition to flag sites that are potentially host to malicious software. Google, along with Sun and Chinese PC maker Lenovo, announced support for the group in January.
People who attempt to go to a Web site that has been identified as risky by the coalition are taken to a warning page.
"Warning — the site you are about to visit may harm your computer!" the page states in bold type, then suggesting users can "learn more about malware and how to protect yourself at StopBadware.org".
The interrupt page suggests that users can try returning to the search page and choosing a different result, trying another search, or they can continue to the potentially malicious site.
"We're not going to say don't do it," said John Palfrey, a professor at the Harvard Law School and one of the driving forces behind the effort. "What we want to do is basically give people some more information about what might happen to their computer."
Harvard has teamed with Oxford University to provide much of the manpower for the coalition's Web-monitoring effort. People can report sites that have malicious code on them, and then a human being checks the report before any sites are flagged, Palfrey said.
Palfrey likens the effort to a Neighbourhood Watch programme. Sites in question are not removed from search engines, but the idea is that users are warned of potential problems. Although the Stop Badware Coalition has been working closely with Google, Palfrey said he would like to see other search engines tap its watch list as well.
"We very much encourage other search engines to join and use the data in the same way," he said. "We're quite open."
A Google representative was not immediately available for comment.
Stopbadware.org is one of a number of coalitions aiming to stop the spread of malicious code. Initially, the group was focused on identifying bad programs, but not necessarily on working on which sites distributed the code.
"The initial idea was to say that law in the ordinary sense of the word has not been doing a good job with these highly distributed problems — spyware or viruses or spam," Palfrey said.
Talkback
Police, police, police. I suppose that will be the theme of the 21st Century. Bloody hell..
Too many companies are making good money from malware and as a result, it is an ever-present threat, which the industry as a whole is now coming to accept. In the corporate world, businesses need to react by increasing levels of protection and tightly control what people do on their corporate network.
Because it is often impossible to recognise Spyware, a way to get around it is to define what activities users can specifically do on their system and regulate anything else outside of this, for example, endpoint peripherals. Unfortunately, if you were to employ such a mentality on your PC at home, you would be restricted to a very small set of activities. Consequently, the home user market is destined for an eternity of malware infection, so should make regular efforts to scan their systems to ensure malware hasn’t taken hold. Information is invaluable; users in both corporate and consumer circles need to do their best to protect it.
Until this gets resolved, it would appear that anyone who clicks the "I'm Feeling Lucky" google search button is probably waaay ~under-informed~ about just how "Lucky" it might be to go straight to the first site returned by any given search -- "Lucky" probably isn't the right word.
Some significant "Ooops" potential here...
So who should this "Umm... hey, anybody AWAKE over there??" suggestion be forwarded to?