What To Do When Google Tells People Your Website Is Dangerous?

from the spectrum-of-evil dept

Just about a year ago, we wrote about a bunch of academics at Harvard and Oxford who were going to take on all kind of malware with a new service called Stopbadware.org, which was supposed to call out sites and applications that had malware included. Of course, the big problem with any such service is coming up with a reasonable definition of what “badware” is. Set the definition too loose, and you end up bringing down perfectly legitimate sites. Set it too strict, and the system is useless. It would appear that the StopBadware folks haven’t quite figured it all out yet — and it’s made even worse by the fact that Google is apparently relying on them for warning people to stay away from certain sites. Someone anonymous submitted to us the story of one website that lost a ton of traffic after Google took the Stopbadware rating on their site, and placed any search results that linked to it with the following warning: “Warning – visiting this web site may harm your computer!” Now, we have little sympathy for sites that get pissed off at Google for bad rankings, but having Google actively state that your site might harm their computer seems to take things to another level. You would think that someone at either Stopbadware or Google would at least first make some sort of effort to confirm the potential harm. Apparently, instead, it just took a random complaint from someone to get the site in question on the list. The site owners were given no chance to prevent the listing. In fact, the only thing that the site owners could do was appeal to Stopbadware after they were already on the list, which is apparently a 10 day process. Of course, there was also the alternative: they posted about it on their blog, generating a bunch of interest, which convinced either Google or Stopbadware to fix the problem a bit more quickly. It’s nice that Google and Stopbadware ware so interested in preventing people from accessing dangerous sites, but it would seem like they need a better process of ensuring the sites in question are actually dangerous before putting them on the list.


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “What To Do When Google Tells People Your Website Is Dangerous?”

Subscribe: RSS Leave a comment
59 Comments
The infamous Joe says:

Malware blues

I’ve run into this on my internet travels, and I seem to recall a way to continue. (because I did, I’m such a rebel) πŸ™‚

I have to agree that is seems too easy to get a site on the list, but no matter where you draw the line, there will be blurry areas.. the question is, would you rather a safe site be blocked, or an unsafe one be allowed?

So, how long until business start reporting their competition? πŸ™‚

Anonymous Coward says:

Re: Malware blues

In my opinion it is much better, in the broad scope of things, to allow the possibility of bad sites over the possibility of screwing legitimate ones.

The internet is all about freedom of information and if we start censorship of any kind it should only harm those sites that fall into the obvious range. It is in nobody’s interest if we start sniping because in the long run we will all lose out on the freedom the internet has allowed.

Seems like a no brainer to me. Your question should be rephrased from, “would you rather a safe site be blocked, or an unsafe one be allowed?” to “is it a good idea to block those sites which are known harmful sites, even if the risk of a few being overlooked exists?” Pretty simple really, some harmful sites blocked is better than none and all harmful sites blocked with guaranteed casualties isn’t good.

That being said, in my humble opinion, I think censorship of the internet in any way goes against everything it stands for and everything freedom of speech stands for. We take chances and risks every day and this is no exception. The internet is as life, if you don’t want to get fucked up the ass then educate yourself or shut up and enjoy it. In the long run, it’s just digital information and anyone dumb enough to lose everything (what? no backups?) just might need to learn that lesson once so they stop being an ignorant fool.

Matt says:

grr

Ya…that is annoying (Not having a continue link)

Either way, I think site owners should submit their sites to be checked and if its OK show a green sign next to the search result, if its bad then show a red sign, and if it hasn’t been checked yet show a yellow…Also, maybe some sort of thing where people can rate the site as good or bad.

But Google not (easily) allowing access to the site is kind of ridiculous.

Sanguine Dream says:

Why with all the speculation?

Why is it that these businesses are so wrapped up in trying to lable sites good or bad? For a little bit of good press right? Why not instead of trying to form a way to block sites why not just give a litsting of what is on the site that could be considered dangerous? That would address comment #3’s question of businesses turning on its competitors.

Example:
Microsoft reports Linux to Google. MS would have to come up with an actual reason why linux.com (or whatever it is) should be blocked.

People are so hyped up about trying to create a magic bullet cure all these days.

Anonymous Coward says:

I’m with Google and Stopbadware. This is a situation that definitely requires people to err on the side of caution. If there is ANY CHANCE that visiting a website might damage my computer, I would like to be alerted and I don’t care if a random site here or there loses a little bit of traffic occasionally to get it done.

Tracy Allen says:

Re: losing a "little bit of traffic"

You sain “I don’t care if a random site here or there loses a little bit of traffic occasionally to get it done.”

You are mistaken.

Sites that are erroneously listed on these types of “lists” lose 65-85% of daily traffic immediately.

It is not a “little bit” or “occassionally”. These warnings don’t just pop up “every once in a while”.

These types of sites, like McAfee’s SiteAdvisor (horrid “list” generated by unqualified people who are not tested, certified or screened to “review”) should not be allowed to do what they are doing.

They are ruining legitimate businesses by using their software to block sites from getting to customers. THEY are worse than viruses!

And any of YOUR competitors can sign up to be a “reviewer” and give you a big fat red WARNING dot so they’ll drive your traffic away just for spite. Who needs to hack? Just go be a reviewer for a virus software company that has millions of users!

Sammy says:

Anonymous: Merchant sites

When you get tired of the merchant sites that pop up on google you can do as I do, start going elsewhere. There’s always a new search engine, or one retooling, that you can use instead. I tried Google, I liked Google, and I finally made it my default and used it exclusively. Google’s search results are too full of spam now, and too commercial, and I’m finding them less and less relevent… so I use other engines more each day and soon Google will be irrelevant (to me).

Wolff000 says:

Not Easy

There is no real way for any bad site filter to work on the whole web. It would be next to impossible to filter all bad sites or even check all the reports of bad sites. The best thing to do is blocking any and every bad site that gets reported but instead of blocking completely just have a precede at caution with an explanation why the site is “bad”. It is the only plausible solution. To those that think each and every site should be verified you must not have ever run a successful comapny that made money. it would take lots of people searching through vast amounts of data to filter correctly. This would cost a huge amount of money not just for payroll but, the facility is is in, power consumption, PCs, servers, and the list goes on and on. you could easily spend millins on something like this and still not filter half the bad stuff out there on top of that you have no sourvce of income. Unless you can convince people to pay for your filtering which is a huge task in itself.

Brandon Rusnak (user link) says:

StopBadware not as good as SiteAdvisor

On my PC I use a tool called SiteAdvisor (http://www.siteadvisor.com) that conveniently tells me if the website I am currently on contains spam, spyware and/or viruses/exploits. Although it is offered by McAfee, it is free and the site reports that it offers are very detailed and mostly accurate. Here’s the site report for techdirt.com:

http://www.siteadvisor.com/sites/techdirt.com?ref=safe&aff_id=0

It would be nice if this technology was integrated into the major search engines and/or they had a partnership w/ SiteAdvisor.

Then again there have been a few cases where I have disagreed with SiteAdvisor about a website’s rating or status and there is no possible way of blocking every known piece of malware on the net, even with sites like SiteAdvisor and SptoBadware. I applaud Google for trying to stop spyware, however, if they did indeed report the site because it was messing with search ratings and indeed was benign then Google can chalk up one more exception to their “Don’t be evil” ideals.

BMR777

misanthropic humanist says:

search not censor

This is what happens when you make yourself the neighborhood policeman, you can’t please everyone and the moment you screw up then everyone points the finger at you and shouts “injustice!”.

The other point I would make is that they are actually exacerbating the real problem(s), stupid users with unsecured machines, poor quality insecure software and malicious site owners. They are throwing themselves into a 3 way tangle that they can’t possibly hope to help with, and will get all the stick for it.

“I would rather they do their due diligence before marking any site as dangerous.”

Do they have any obligation to diligence? Is labellig a site “may be dangerous” troublesome for them? Sergey Brin may be a child molester. Say it often enough and people will start to beleive it is true. Keep on saying it and even when it’s proven he is not a nonce, a great number of people will still believe it. Is that slander, or libel? A fat bloke in the pub told me Sergey Brin may be a child molester – I trust his opinion, he predicted the Arsenal-Liverpool game spot on, so what due diligence have I exercised before repeating that?

The only way to continue is to copy and paste the URL into your address bar.”

That’s wrong imo. As other posters say they can warn, but they should not block. Although of course, Google are under no obligation to even include a site in the first place.

“When you get tired of the merchant sites that pop up on google you can do as I do, start going elsewhere.”

Clusty works very well imho. It is good for broad searches where you want to fan out related concepts from a semantic web from just one keyword – for example “Hoover” … then pick politics or vacuum cleaners. Also, Ask was once very lame compared to Google, but they seem to have caught up and improved enormously in recent months – the natural language like interpretation of questions is occasionally good.

Google are starting to show signs of over-reaching themselves at the expense of their core values – search.

Scottitude (user link) says:

Brandon beat me to it; SiteAdvisor is an excellent choice for anyone concerned about malicious content.

Nothing’s infallible but McAfee seems to have put considerable thought into the mechanics and, most importantly, does not disable the links, just gives you “fair warning” so you can proceed (or not) as you choose.

What’s more, anyone willing to register can leave comments relating to the warning level and effectively alter the initial designation.

There’s a right way and a wrong way to do everything and in this case, Google and Stopbadware.org have clearly chosen the wrong way.

dinkster9 says:

law suit ahead?

no one has mentioned it (not even in the article) but my god, doesn’t this have law suit written all over it. I mean, plain and simple what google did is libel. sure Google is allowed to post anything they want, but falsely posting and basically accusing a site of being bad (when i’ll assume it wasn’t) and killing their traffic is actually measurable and would be easy to sue for. Google is an internet porthole search engine, you better believe that if they started blocking or hindering ebay they would get a lawsuit.

mcho (user link) says:

It'll get worse...

…because IE7 will introduce a built-in “badware” notification as pointed out by this WJS article:

http://online.wsj.com/public/article/SB116649577602354120-5U4Afb0JPeyiOy1H_j3fVTUmfG8_20071218.html?mod=rss_free

I think, overall, services like this will be beneficial to the home users, but it could be mis-used to financially benefit service sponsors (yet the current systems seem to be fair to businesses of all sizes).

weebit (user link) says:

badware

For years many have been looking for a system that works. It is not fool proof, but I do not find it any worse than your anti spam software that labels a legit email as spam when it’s not. The service that siteadvisor and stopbadware provides is good, even though it does have flaws. The main concern I have had over the years trying to teach computer, is the fact that many think just because the website is online it is provided by a pro. As you know this is not the case, a child or grandma can slap a page together. So can a person out to do harm to your computer. Many websites are not listed at the BBB, or have the online “ok” or “well known” as the most popular websites have. To judge a website by it’s cover is a hard task to do when just about anyone can slap a nice neat website together, and slap a few bad downloads on it, and put enticing words on the page.

Keeping up with the bad sites is hard to do. They are constantly changing domain names, and doing their best to hide their evil content. Or make it look so enticing that even your own family member could fall prey.

I will still advise new computer users to use this type of plugin or search engine, and set rules up to only visit the websites that get a good rating. People have too much money tied into their computers, and software, and they would be ludicrous to guess at the content being safe or not. A few negative reviews will not change my mine on this. I feel the risk is low on missing a good website, but todays Internet the risk is high you will visit a bad website.

The ones falsely accused of bad content can have it reversed, they only have to prove their website is clean of badware, spam, and legit business wise. This is not asking too much of any legit business online. I myself don’t feel intimidated by this method, and I don’t believe any legit website will be either.

I personally think it may be a added boost for some websites, that people were weary to do business at.

Jeff says:

LMAO!

True comedy, regarding the post:

“If there is ANY CHANCE that visiting a website might damage my computer, I would like to be alerted”

ANY CHANCE? OK, here’s your alert. Anytime you visit *ANY* site on the Internet, or even if you’re not visiting sites but your computer is just connected, there’s a chance, no matter how slim, that your computer might be damaged.

Heck, for that matter, even when it’s off, and plugged in, even on a power strip, there’s a VERY VERY VERY remote chance that a bolt of lightning will hit your building with sufficient force to fry through the walls, with enough amps and volts to fry through and around any surge protection system you use, and cook your computer’s CPU to the point where the board is charcoal.

But it’s still a chance. So anytime you surf from that computer, expect a series of warnings and random OK boxes telling you that your computer could be damaged at any moment.

weebit says:

Google

I do have one beef though with Google. They don’t show popups on their searches, but they do allow malicious websites to advertise. I understand they want to make money. But nothing can convince me they are worried about your security 100% if they are allowing these websites to advertise with them. If your going to preach it, then set a good example too.

Fco Aloy says:

stopbadware.org

When a complaint from anybody can cause the badware message to appear on a Google search, it’s an invitation for abuse. I just had my website gone over by SiteAdvisor and was found to be clean. Yet and still, I’ve been listed on the stopbadware database.

I can just about guarantee this will get way out of hand because there are no controls in place to insure safe websites. Heck, your competitor can put you on the list at whim…they take any complaint and act upon it..how fair is that?

No sir, stopbadware in its present form will not last past a good formal – and legal – complaint. (meaning: somebody will sue for damages and win)

chuck says:

StopBadware and Google = Gitmo of the Internet

I’m hoping a class action lawsuit will stop these self-appointed Gods in their tracks. Of course StopBadware.org has been created by Harvard Law School so they are not defenseless wimps, but they are so in the wrong but not providing a speedy appeals process.

They had the nerve to say they were behind because of the holiday break. When you shut down someone’s livelihood for weeks, you can’t go off partying like Paris Hilton!

chuck says:

StopBadware and Google = Gitmo of the Internet

I’m hoping a class action lawsuit will stop these self-appointed Gods in their tracks. Of course StopBadware.org has been created by Harvard Law School so they are not defenseless wimps, but they are so in the wrong but not providing a speedy appeals process.

They had the nerve to say they were behind because of the holiday break. When you shut down someone’s livelihood for weeks, you can’t go off partying like Paris Hilton!

Richard Stokes (user link) says:

Google blacklists anti-spyware site

Google just blacklisted us. We were the original antispyware review site. We have hundreds of pages of content and have helped probably over a million people at this point with their spyware-related computer problems.

Yet today, I see the message that Google claims we are “hosting or distributing badware”. Read all the gory details here:

Google bans antispyware site

I think your thoughts about lawsuits are going to come to fruition much quicker than you may have thought. I have already consulted my attorney. I could definitely use the publicity after the damage they’ve caused me.

Jamie Neylon (user link) says:

This is Criminal

I run a small family owned auto repair shop in Ann Arbor. I reley on my websight a our main source of advertising. A few months back the we noticed a drop off in phone calls. Then a customer pointed out the problem with our websight. Our web sight may have been poorly written with Publisher, but was clean and had no bad links to anything harmful. Our business is suffering as a result, my name that I have spent over 20 years making is getting slandered and tarnished. I am not a believer in lawsuits solving problems, but where is the line to sign up for this one. What if the phone company decided to block you phone because there were too many calls going out on you line, you must be soliciting ??? Can these clowns do this????? oh wait they already are!!

Anyone have any advice for this problem please contact me jneylon3@hotmail.com
Thank You

Jamie Neylon

MoneyFanClub (user link) says:

Re: www.etatvasoft.com

I guess there isn’t much you can do.

This is the reply from Google:
Our guidelines are that it’s safer to err on the side of caution with malware. Reincluding a site when we are not entirely confident the site is clean could hurt our users. Also, it takes quite a long time to do a malware reinclusion because checking a site for malware tends to be fairly difficult.

Benedict Wick
Online Money Making forum

mark worsey (user link) says:

Google are playing God with peoples lives

I built a site for my client she was very happy with it, few weeks later she called me up because GOD-oogle had placed a warning on the site and so no one could access the site.

I later found out after hours of investigation on my part that my hosting provider and i’ll shame them mdwebhosting.com.au (AKA crap) had their FTP compromised and someone had put some code on the site.(it happened to loads of other sites as well)

anyway. Google banned it straight away; what would have been nice is a message from them stating you have 24 hours to rectify the problem or we will place a warning- now that would have been better but no Google blacklisted it straightaway, now I have to insert codes, get things verified and I am waiting for them to remove the warning its now been over 4 bloody weeks date 27/02/08

A questions is can I sue Google/MD webhosting for loss of income as its not my fault that the MD servers were compromised! Google are now costing my client business as she relies on the net to generate leads for her to sing at venues

on top of this my cleint had a adword campaign which was stopped and i had a email from google stating you have malware so they ahve stopped the campign as mentioned I removed anything i found inserted their code and verified it- they said its fine now and re-released the adword campaign- now here is the point.

WHY HAVE THEY RELEASED THE ADWORD CAMPAIGN STRAIGHT TO THE SITE BUT NOT RELEASED THE ORGANIC SEARCH LISTING TO THEIR SITE

I’LL TELL YOU- BECAUSE THEY ARE MAKING MONEY ON THE ADWORD CAMPAIGN- its not rocket science people Google suck big time.

I could scream

mark worsey (user link) says:

Google are playing God with peoples lives

I built a site for my client she was very happy with it, few weeks later she called me up because GOD-oogle had placed a warning on the site and so no one could access the site.

I later found out after hours of investigation on my part that my hosting provider and i’ll shame them mdwebhosting.com.au (AKA crap) had their FTP compromised and someone had put some code on the site.(it happened to loads of other sites as well)

anyway. Google banned it straight away; what would have been nice is a message from them stating you have 24 hours to rectify the problem or we will place a warning- now that would have been better but no Google blacklisted it straightaway, now I have to insert codes, get things verified and I am waiting for them to remove the warning its now been over 4 bloody weeks date 27/02/08

A questions is can I sue Google/MD webhosting for loss of income as its not my fault that the MD servers were compromised! Google are now costing my client business as she relies on the net to generate leads for her to sing at venues

on top of this my cleint had a adword campaign which was stopped and i had a email from google stating you have malware so they ahve stopped the campign as mentioned I removed anything i found inserted their code and verified it- they said its fine now and re-released the adword campaign- now here is the point.

WHY HAVE THEY RELEASED THE ADWORD CAMPAIGN STRAIGHT TO THE SITE BUT NOT RELEASED THE ORGANIC SEARCH LISTING TO THEIR SITE

I’LL TELL YOU- BECAUSE THEY ARE MAKING MONEY ON THE ADWORD CAMPAIGN- its not rocket science people Google suck big time.

I could scream

Julian (user link) says:

SiteAdvisor defames Tech-Pro.net

It’s not just Google but Yahoo! and other search engines that are telling people who have McAfee SiteAdvisor installed that my website hosts malware. This is potentially even more damaging now that Yahoo! is using SiteAdvisor ratings to warn all users of its search engine of potentially bad sites.

The problem is that SiteAdvisor has blacklisted my site based on three downloads (actually the same file, which it downloaded three times) which it claims to contain malware. This is actually a false positive, as I have verified at VirusTotal. See my blog for the full details. Unfortunately unless you are a big company that employs some threatening lawyers it appears impossible to get McAfee to act quickly to remove the defamation.

I am all in favour of cleaning up the net so that ordinary users can surf and download in confidence, but when site ratings are given based on flawed automated tests and small companies are driven out of business by a mistake in a bit of software, something has to be done.

James Pereira (user link) says:

false positive on my website

My blog site has been blocked for weeks and maybe even months, and over a week ago I sent three or four website review requests, emailed the head of PR for stopbadware.org, emailed what board members and partners I could find, and called Google HQ and left a voicemail on some random person’s VMB (this was yesterday) asking them to get a hold of whoever is in charge of malware detection or whatever and tell them to get a hold of me. I haven’t heard a single thing yet, and there isn’t any malware on my site, nor do I link to any, and I screen all comments on my blog entries. The page in particular that Google claims has malware is a blog entry with no comments in which I describe a dream I had that had Stephen Colbert in it. This is really fucked up because nobody’s going to click that tiny link in the bottom right-hand part of the page to continue if Google is claiming there’s malware on my site, and it gives my site a bad reputation! Is there a class-action lawsuit in the works? I would be into it.

Mike says:

I don’t know if I am alone or crazy, but I have seen this warning before and I am certain it outright blocks me access to certain webpages. There is no way to cancel or go past the warning. I mean, I have my own antivirus an anti-malware programs installed, and I have common sense. I don’t need ANY service outright denying me access to a webpage, especially one I have been to before and know to be safe…Unbelievable.

StopStopBadware says:

Stop Badware stops only certain badware...

I don’t think it’s a coincidence that Google and Stopbadware stops anything coming from certain companies that would otherwise compete with them for advertising dollars. Even less surprising is that if you search Google for any negative mentions of StopBadware…well, you don’t get any (maybe one or two). Probably because they’re blocking out such results automatically. Search the same exact string on Altavista and you get tons of results.

David R Broughton (user link) says:

I just discovered my website has been called dangerous for years

I have been wondering why I get no visitors. I compose and publish music. I have personal interests I share on my website. I’m an ex-cult member and perhaps they have the means and motive to be behind it. But whoever it is that is telling whoever it is to have a pop up telling any number of potential visitors not to go to my website because it is dangerous…??? I certainly would like to know why and why any accusation is not investigated and me told about it. I just gave a friend a link to my website for images about activity in a virtual world. Her browser said my site was dangerous and would damage her computer. When she chose to ignore the warning, she was sill prevented from opening the page. What is this? Is Big Brother watching me? What is the deal here? No wonder I have wasted years editing my website to no benefit. Can anyone on your site please tell me if there is anything I can do. This gives new meaning to loss of Internet Freedom. It now effects me personally.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop Β»