A peek into Google’s anti-malware operation

Google goes to great lengths to secure its users from threats lurking on the Web, because a half-hearted effort would soon drive them out of business.

But, during his presentation at the SecTOR security conference in Toronto, Google security researcher Fabrice Jaubert revealed that sometimes even seemingly good methods are thwarted by careless users.

Take the warning page that Google presents to users when they try to access a website that is likely to harm their system as an example. It used to be that it contained a button which allowed them to proceed to the page and, surprisingly enough, 95 percent of the users would do just that – despite the warning.

So the company changed it, and now users must copy-past the URL of the offending page directly into the browser’s address bar if they want to access it – an extra step that hopefully allows their better judgement to kick in.

According to eSecurityPlanet, Jaubert says that Google distinguishes three kinds of malicious sites: phishing, spamming, and those serving malware. Phishing and spamming sites are usually removed from Google’s index, but only some types of malware sites receive the same treatment.

A likely reason behind this decision is that lately the criminals seem to prefer compromising legitimate websites instead of creating their own distribution pages in order to peddle their wares – as confirmed by Jaubert.

To find these sites, Google uses a massive number of virtual machines running unpatched Windows and Internet Explorer browser and out-of-date plug-ins, with which they visit potentially malicious websites. They also use the Firefox browser for testing, but Jaubert notes that new malware is usually first detected for IE, because it is still the most widely-used browser.

Using the data received with this type of testing and coupling it with data gathered by its site crawling mechanism, conclusions on whether a site is potentially malicious or not are reached and this knowledge is fed into a number of Google tools developed to help users (Safe Browsing API) and administrators (Google Webmasters, Safe Browsing Alerts for Network Administrators) avoid malware risks.