Matt Cutts has a blog post entitled Closing the loop on malware where he writes

Suppose you worked at a search engine and someone dropped a high-accuracy way to detect malware on the web in your lap (see this USENIX paper [PDF] for some of the details)? Is it better to start protecting users immediately, or to wait until your solution is perfectly polished for both users and site owners? Remember that the longer you delay, the more users potentially visit malware-laden web pages and get infected themselves.

Google chose to protect users first and then quickly iterate to improve things for site owners. I think that’s the right choice, but it’s still a tough question. Google started flagging sites where we detected malware in August of last year.

When I got home yesterday, my fiancée informed me that her laptop was infected with spyware. I asked how it happened and she mentioned that she’d been searching for sites to pimp her MySpace profile. Since we’d talked in the past about visiting suspicious websites I wondered why she chosen to ignore my advise. Her response? “Google didn’t put the This Site May Harm Your Computer warning on the link so I thought the site was safe. Google failed me.”

I find this interesting on several levels. There’s the fact that this feature is really useful and engenders a sense of trust in Google’s users. Then there’s the palpable sense of betrayal on the user’s part when Google’s “not yet perfectly polished” algorithms for detectings malicious software fails to indicate a bad site. Finally, there’s the observation that instead of blaming Microsoft who produces the operating system and theWeb  browser which were both infected by the spyware, she chose to blame Google who produced the search engine that led to the malicious site instead. Why do you think this is? I have my theories…

Now playing: Hurricane Chris - Ay Bay Bay


Thursday, August 16, 2007 1:53:45 AM (GMT Daylight Time, UTC+01:00)
It's always interesting to see how an "average" user views things. The one time I encountered it, I viewed the Google warning as merely a curiosity, not something I would rely on on a regular basis.
Thursday, August 16, 2007 7:08:29 PM (GMT Daylight Time, UTC+01:00)
google is a piece of shit. their honeymoon is coming to a close.
roddy piper
Thursday, August 16, 2007 8:49:28 PM (GMT Daylight Time, UTC+01:00)
Hi Dare,

Google is doing the right thing. I would do the same if I was Google. My theory on why your sweetheart blamed Google above everyone else is that she is so used to using their services on the internet. Most likely mainly in search, but she probably uses other services (knowingly or unknowingly). She probably sees them as her main "provider of sorts" and therefore responsible for "guidance and protection".

If I may, I would advise that you instal an "always on", "always scanning" total internet security application (suite) like Kaspersky Internet Security which will prevent such "drive-by" infections in the future. I do also remember reading somewhere that IE7 is "hardened" a little in this regard, you might want to use it.

Lastly, best wishes ahead of your wedding.


Friday, August 17, 2007 8:37:13 PM (GMT Daylight Time, UTC+01:00)
Comments are closed.