Security threats Toolkit

Google launches malware warnings

Ina Fried CNET News.com

Published: 07 Aug 2006 09:40 BST

Google has started warning people when search results could potentially lead them to malicious code.

The search giant is using data from the Stop Badware Coalition to flag sites that are potentially host to malicious software. Google, along with Sun and Chinese PC maker Lenovo, announced support for the group in January.

People who attempt to go to a Web site that has been identified as risky by the coalition are taken to a warning page.

"Warning — the site you are about to visit may harm your computer!" the page states in bold type, then suggesting users can "learn more about malware and how to protect yourself at StopBadware.org".

The interrupt page suggests that users can try returning to the search page and choosing a different result, trying another search, or they can continue to the potentially malicious site.

"We're not going to say don't do it," said John Palfrey, a professor at the Harvard Law School and one of the driving forces behind the effort. "What we want to do is basically give people some more information about what might happen to their computer."

Harvard has teamed with Oxford University to provide much of the manpower for the coalition's Web-monitoring effort. People can report sites that have malicious code on them, and then a human being checks the report before any sites are flagged, Palfrey said.

Palfrey likens the effort to a Neighbourhood Watch programme. Sites in question are not removed from search engines, but the idea is that users are warned of potential problems. Although the Stop Badware Coalition has been working closely with Google, Palfrey said he would like to see other search engines tap its watch list as well.

"We very much encourage other search engines to join and use the data in the same way," he said. "We're quite open."

A Google representative was not immediately available for comment.

Stopbadware.org is one of a number of coalitions aiming to stop the spread of malicious code. Initially, the group was focused on identifying bad programs, but not necessarily on working on which sites distributed the code.

"The initial idea was to say that law in the ordinary sense of the word has not been doing a good job with these highly distributed problems — spyware or viruses or spam," Palfrey said.