Google Considered Harmful... by Google!
If you use Google’s Safe Browsing Tool to monitor the security of the websites you use, you might be surprised to find that typing ‘google.com’ into the status checker returns a current status of ‘partially dangerous’.
Reddit users noted
that Google has been flagging itself as unsafe since yesterday (Tuesday 19/04) morning. The Safe Browsing tool, which is a part of Google’s own online Transparency Report
, explains ‘partially dangerous’ as meaning that ‘some pages on google.com contain deceptive content right now’. It further explains that ‘some pages on this website install malware on visitors’ computers’ and ‘attackers on this site might try to trick you to download software or steal your information’. In addition, the warning states that ‘some pages on this website redirect visitors to dangerous websites that install malware on visitors’ computers’, and also that ‘dangerous websites have been sending visitors to this website’.
The tool reassures users ‘not to panic’, as it is likely an isolated incident of a user posting ‘bad’ content on a website which is usually safe. The tool re-crawls websites regularly to check whether the bad content has been ‘cleaned up’, and once it finds that the website is once more secure and malware-free it will reclassify the website as safe.
According to the Washington Post
, Google was unavailable for comment last night, but it is probably safe to assume that the warning is unlikely to mean that Google is unsafe to visit: instead, it more likely suggests that some users have used Google services to host or link to something nefarious, and the safe browsing tool has simply flagged the whole domain as a potential problem in response.
Other popular websites built for the most part on user-generated content are also flagged as potentially dangerous: Tumblr.com, a microblogging platform, Github.com, a code-sharing website, and Wordpress.com, a blogging site. Confusingly, Facebook.com returns no warnings, but while a search for Instagram.com returns a ‘not dangerous’ result, it does warn that Instagram.com occasionally sends visitors to the ‘dangerous’ website ‘facebook.com/connect’. It’s also a little odd that when one adds ‘www’ to the beginning of most flagged sites, the site becomes ‘not dangerous’.
Interestingly, in the time it took to write this article, the Safe Browsing tool requalified ‘google.com’ as ‘not dangerous’… but the ‘site safety details’ listed still refer to all the same risks of malware installation and dangerous redirects, bar one which seems to have been rectified. Is it safe or isn’t it?
It’s also a little odd that the new result states that ‘Safe Browsing has not recently seen malicious content on google.com’, when just this morning it was being flagged as ‘potentially dangerous’… Is this morning no longer considered ‘recent’?
, who specialises in professional services within the ICT sector, thinks the whole thing has been quite the joke. “It’s always amusing when something like this happens – Google warning people not to use its own service. I think it’s great – they’re not above flagging themselves with their own safety tool! Nice to see that they don’t hide their own bad results when it happens! It probably highlights a need for a bit of an update to the way the tool assesses websites: most sites have some sort of relation to a scam, whether the entire site is a great big trap or it’s simply a comment with a dodgy link on a blog post, and if it’s simply flagging every website with any relation to a malicious bit of software or a scam, before long every site on the net will be flagged as dangerous and the tool will be useless.”
CBSbutler's ICT team leader, Alex Froude
, extols the virtues of using a little common sense in situations like this. “It’s obviously very important for internet users to be proactive in their protection of their systems, and Google’s Safe Browsing tool is a good way to check websites you’re not sure about. However, it’s also important for users to use their common sense – sometimes an automated tool like Google’s is going to flag up something that it perceives as dangerous or malicious, when it’s actually just different to what the tool is used to. It’s yet another example of how the automation of a process never completely cuts out the human element – we still need to keep an eye on things to make sure it’s all working as it should.”