Google: Our harsh malware warnings actually do work

Google has run the numbers on warning people off hijacked websites and says the data supports its seemingly “punitive" measure that publicly shames website operators before telling them of a breach.

Malvertising seems to be the most popular way of infecting computers these days, but actually hacking a website to spread malware remains a sizeable threat for end-users.

Google doesn’t want people to stop using search due to the risk of stumbling on malware. Equally it doesn’t want to stress the people who run sites that its users rely on Google to find.

Yet hundreds of thousands of websites built on WordPress, Joomla, and Drupal are co-opted to spread malware each year, often through exploit kits that dragnet for computers to be recruited into a network of controlled machines.

Google can't stop websites from becoming infected but it can cut down on the time it takes to remediate a vulnerability that exposes site visitors to malware by informing operators of a compromise.

The question that Google asks in a new paper is which method of notification is best and the results suggest that registering with Google's Search Console, which allows it to send notifications directly to a website operator, is the quickest way of getting operators to fix flaws.

If a website has been hijacked, Google has three ways of informing its operator. Full page browser warnings for end-users -- called "interstitials" -- in Chrome, Firefox and Safari, triggered by Google's Safe Browsing technology. There is also Search Quality, which alert Google Search users to potentially compromised sites in results. The third is emailing an operator, either using WHOIS contact information or information for those who've registered with Search Console.

As Google highlights, user-centric warnings can come across as "punitive" to a website operator whose site has been shamed before they’ve had a chance to remediate the flaw that allowed it to be compromised in the first instance.

But based on the results of an assessment of 760,935 websites that Google deemed had been hijacked over a year from July 2014, the web would be less secure without the interstitials.

“We observe that direct communication with webmasters increases the likelihood of cleanup by over 50% and reduces infection lengths by at least 62%. Absent this open channel for communication, we find browser interstitials—while intended to alert visitors to potentially harmful content—correlate with faster remediation,” the researchers wrote.

In other words, Google’s system, harsh as it may seem, does produce positive results and is even more effective when website operators register with its Search Console.

Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.

Start Survey NOW

Join the CSO newsletter!

Error: Please check your email address.

Tags malvertisingWordpresssearch enginesafaridrupalmalwarechromeFirefoxmalware detectionJoomla!Googlewhoisbrowser

More about GoogleVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts