Google’s Transparency Report: Insights, not security solutions

Google’s Transparency Report: Insights, not security solutions

 Google has bolstered its increasingly important Transparency Report with a new section that documents the number of malware and compromised websites
detected by the firm as well as the volume of Safe Browsing warnings
fed to users through the Chrome, Firefox, and Safari web browsers.

From this it is possible to see that in the first week of June alone, Google detected
around 42,000 sites hosting malware, 23,000 phishing websites and in
the week of June 16 issued 88 million Safe Browsing warnings to its user
base.

Those Safe Browsing Automated defenses built into browsers have become a
major front line for stopping malware, arguably more important than
that offered by traditional antivirus software. However, not everyone is
convinced they are a one-stop solution to the problem of malware and
phishing websites.

Safe Browsing’s contribution

As for Safe Browsing, Google has gradually expanded its scope since its appearance in 2006, adding automatic blocking for malware downloads as recently as January this year.

browsers

Although the tens of millions of Safe Browsing warnings recorded by the
Transparency Report every week sound vast, the company admits they
underestimate the number of sites detected because not all users opt
into monitoring.

Google’s Chrome currently uses version 2 of the Safe Browsing API, while
Apple’s Safari and Mozilla’s Firefox were was still using version 1 for a test run by NSS Labs in May.
This found that both versions of the API were still bested by Internet
Explorer 10’s SmartScreen equivalent, but that version 1 was
significantly inferior to version 2 in this respect.

Microsoft’s apparent superiority was attributed to the reputation system that supplies data on which sites to block.

Threats spotted

According to Google, the malware element of system works by scanning a
subset of indexed websites once per day, running any software
encountered in a virtual machine to test infection.

The company divides the activity it finds into two categories, attacks
sites (those hosting malware or phishing) and compromised sites (those
that lead to secondary sites hosting malware). Sites deemed malevolent
are added to Google’s blacklist within half an hour while compromised
sites are re-checked in case they are subsequently cleaned by their
owners.

“Sharing this information also aligns well with our Transparency Report,
which already gives information about government requests for user
data, government requests to remove content, and current disruptions to
our services,” said Google software engineer Lucas Ballard.

Google’s release of the data
is potentially significant for an industry that has historically
depended almost entirely for its malware statistics on individual
security companies reporting what their customers are seeing.

“Internet users need to reflect on their own actions rather than resting
on their laurels in the belief that the exposure of threats alone will
keep them safe,” said ESET UK’s technical director, Mark James. “Running
antivirus software alone doesn’t necessarily mean it’s possible to
visit websites indiscriminately believing all malicious code will be
detected. New attack methods are constantly in development.” 

Tags:

Add a Comment