For those web masters or indeed visitors out there that are not aware, StopBadWare.org is a site that lists sites that contain malware. This article doesn't discuss how they malware got there, but more the way that Google lists them in its index.
StopBadware.org is a "Neighborhood Watch" campaign aimed at fighting badware. We will seek to provide reliable, objective information about downloadable applications in order to help consumers to make better choices about what they download on to their computers. We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and to become a focal point for developing collaborative, community-minded approaches to stopping badware.
When a site is listed in Google as having badware on it, a warning is displayed similar to the following:
The contentious part of the above warning is the "This site may harm your computer".
When you click on the link within the Google index to a badware infected site, Google actually displays an information page telling you why you should not visit the site. (Note: I have purposely masked the name of the site above in order to protect the web site owner from being mentioned, the reasons why are discussed below).
If you want to see a warning for yourself, just go to the StopBadware.org site. In the search box, enter ".co.uk" for the search term.
Copy the 'domain name part' part of it but do not include the TLD and enter it in a Google search box. (So if the domain was www.example-alien-web-design.co.uk, search for "example alien web design" not "example-alien-web-design.co.uk".
This 'should' display a list of search results which will have the warning displayed.
Then click the search result to see the warning page.
My personal thought is that Google should just temporarily remove the site listing from the index rather than apply a label against that site.
You have to ask why Google apply that label and prevent 'its' users from clicking on that link within it's index.
I can only guess at the following:
Google do have a right to stop users from visiting those sites infected, as potentially one could argue that they could be held responsible for forwarding its users to a site which ultimately costs the visitor time/money or both.
The problem is, that web masters feel that the label Google applies next to their entry in the index causes damage to the reputation of that web site as well as a loss of income.
So why does Google apply a label?
Some have argued that it is the quickest method to ensure that the web master contacts them and the problem sorted.
(Sticking a big red flag next to your site does tend to bring it to your attention rather quickly when your users start complaining to you, OR, as should be happening, a good web master will find this out when he does his daily/weekly check).
I would rather Google remove the entry from the index altogether, not stick a "label" against the entry. You can't visit the site from the link in the index anyway (without a spot of cutting and pasting - at least you can't in Firefox with my setup).You could say the link in the index is non-functional, so why bother putting it there in the first place?
Removing the infected site from the index achieves both points from above.
The removal or placement into the "malware" index would be temporary. Rather than display a warning, it doesn't display anything. No harder to code than it is at present.
Any decent web master will be monitoring his PR and his SERP placement. Suddenly dropping off the main Google index should be pretty obvious to them.
And if his visitors complain that they are not finding the web site in the index, that too should draw the web masters attention to a possible problem.
Google will still be trying to contact the web master and the web master should also be encouraged to join Webmaster central (http://www.google.com/webmasters/) to keep an eye on their site anyway...
So there would be a large percentage of your visitors that could potentially be damaged or effected by malware.
What damage would be done to your reputation IF, one of your users blogger on a popular forum that they went to www.example.com and they got hacked. That www.example.com has no protection, or www.example.com has bad security. Or they blame www.example.com for them installing the malware on their computers (regardless of the fact that www.example.com had NO knowledge of the exploit in the first place).
At least an entry in the Google index as at present is temporary and will be removed once Google are assured that the malware has been removed.
An entry on a web site would be within the index for a lot longer (if not ever).
And that's if there was just one entry on one blog. What you would do if your sites name was spread around the web by a disgruntled visitor (who was infected as a result of visiting your www.example.com)
There is no argument that the web master purposely allowed their site to become infected.
A web master of a major site earning major money will be running a much more secure system than a small time web hosting company (on a dedicated server or a shared web hosted account). They are less likely to be the victim of an attack.
So it could appear that Google are against the smaller web hosts and web masters since you won't find big web sites listed. That is simply not the case.
It is just the simple fact that the smaller web site, web host or web master is more vulnerable to attack since they cannot or do not spend money on massive security defenses against malware attacks.
A web master has a responsibility to protect the visitors to their site. (Whether they rely upon the web host to do this , or whether they takes charge is another matter for discussion).
Google have the same responsibility to it's users. They have chosen to protect their users by displaying a warning and not giving a clickable link to the infected web site.
I'd like to hear from Google as to why they chose the method they did, and for them to state why they don't just remove the link temporarily from the index.
Posted by Chris Wright at July 30, 2007 8:31 PM
TrackBack URL for this entry: