Google Malware Warning: Big Help or Big Brother?

It’s been in place since August of last year, but it only seems to be attracting attention now. Unless you actively surf for free music, you might not even have seen it yet. It’s Google’s new malware warning, and it’s a good thing – or is it?

I hadn’t heard of this myself until about mid-February, which just goes to show how tame my search habits are. I first saw it discussed on SEO Chat’s own forums, where one of the members mentioned a search term that would show sites with that warning. Here’s a screen shot (cropped to fit) so you can see what I mean:

As you can see, under the first result is a link with the words “This site may harm your computer.” Click on that link (not the regular one for the result) and you arrive at a Google Web Search Help Center page. It explains that the warning appears with results that Google has identified “as sites that may install malicious software on your computer.” It goes on to give examples of such software, warn that such software is often installed without a user’s knowledge or permission, and includes several links for the user who wants more information or is concerned that malware is already installed on his or her computer.

Google is all for being proactive. In addition to those two links, the search engine includes a link to follow if you want information about reporting a web site that may have violated its Webmaster Guidelines. Finally, there is a link for administrators who believe their site has been identified by mistake. I’ll go into more details about these in just a moment. 

{mospagebreak title=Taking the Dare}

So what happens if you decide you want to check out the web site anyway? Clicking on the link for the top result of the search I performed took me to this lovely page:


I’d like to point out that the only live links on this warning take you to the StopBadware site and the previous page of search results, respectively. You can cut and paste the URL that Google says you can continue to “at your own risk,” but Google refuses to link to it. Think about that for a minute: Google is actually refusing to take you to the web site that its own algorithms determined was the most relevant in the search results for a particular keyword.

If you’re like me, once you get over that bit of a shock, you’re probably wondering who StopBadware is and why you’re seeing stuff about them (after double checking to make sure Google doesn’t somehow mistakenly think your site distributes malware). According to their FAQ, StopBadware is a “Neighborhood Watch” campaign aimed at fighting badware. “We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and become a focal point for developing collaborative, community-minded approaches to stopping badware.”

StopBadware is backed by Harvard Law’s Berkman Center for Internet & Society, Oxford University’s Oxford Internet Institute, and other non-profit organizations as well as corporations such as Google, Lenovo, and Sun. It has been in existence for less than a year. Visitors to StopBadware can submit reports on websites that have installed malware on their computers. StopBadware’s site includes guidelines that clearly define what badware is. Be warned, the guidelines read a little bit like legalese.

So, you’ve visited a web site that has installed badware on your computer and you want to report it to StopBadware. The page you use for reporting your experience is very simple; you don’t even have to fill in your name, just the name of the web site or URL where you found the application. You also have to tell them about the malware you encountered and what kind of effect it had (did it make your computer run slowly? Bombard you with pop-ups? Change your preferences when you didn’t request it?). You can include your email address and/or ask StopBadware to follow up with you. You can even be put on a list to receive StopBadware announcements. All of that is optional, however.

{mospagebreak title=A Little Investigating}

StopBadware then investigates the website and issues a report. Incidentally, StopBadware also receives reports from Google. If you wonder what StopBadware has to say about a website you want to go to, you can search its clearinghouse. didn’t turn up in StopBadware’s clearinghouse, but here’s an example of a page that Google determined has malware and StopBadware put in its database:


Apologies for the size reduction and the cropping; you can see the full-size version here. This is a generic web page that StopBadware created for pages reported by Google. When they’ve followed up on an investigation, their report looks like this (again, cropped and shrunk to fit):


Again, if you want to see the full-size version, you can point your browser at this link

StopBadware’s FAQ is interesting for anyone worried about what effect Google’s warnings will have on their web visitors. It emphasizes that Google’s investigation is independent from what StopBadware discovers. It also points out that nothing is stopping users from typing in or cutting and pasting the URL of a web site into their address bars, so Google isn’t actually blocking visitors. Additionally, “note that the URLs from the Google process that are sent to us by Google are posted on the site without any review, research, or editing by us.”  

You’re probably wondering if it’s possible for someone to falsely report your site to Google or StopBadware to have a warning placed in the search results for your site. StopBadware insists that it isn’t. “Google does not post warning pages merely in response to reports from the public but only after, and as a result of, its own testing of the site.” Additionally, “any sites that are reported to us by users are researched before any action is taken. We don not make public the sites that have been reported to us by users unless and until our research staff has checked for badware and verified the presence of badware or links to badware on the site.”

What should be scary for site owners is that their sites can often contain links to badware without their knowledge. This can happen if the site contains advertising provided by a third party, or if the site’s host server has been hacked. You can submit a request for review to StopBadware, and they seem willing to help show requesters what they need to do to clean up their sites and provide some education as to preventing the problem in the future. 

{mospagebreak title=Is it Really Working?}

CIO News ran a story in early January that seemed to indicate these “false alarms” are a lot more common than Google and StopBadware would have you believe. “We have no bad software or installs or anything that would indicate a need to ban people from viewing our site,” wrote Matt Blatchley, who works for the Greenbush Southeast Kansas Education Service Center, in a posting to Google Groups. You can get to that web site now from Google without any warning, but it took a while to get rid of that warning. After you submit your site for review to StopBadware, an automated email says it will reply within 10 business days.

Blatchley explains that he received a response from StopBadware “after about 7 days of us waiting without a response other than an automated email, leaving us completely in the dark.” Was the blacklisting legitimate? “In the most recent response from StopBadWare they managed to find a few instances from 2005 when someone had used a JavaScript snippet to be added to some html files in one specific directory on a sub-domain and not the main website. It was a link that attempted to redirect the user to another machine, whose link no longer worked.”

The problem has since been fixed, but Blatchley’s real issue is in the way it was done: no notification from Google or StopBadware prior to the act. They were given “no opportunity to ask questions or make adjustments, they just blacklisted us without warning and without a link to the site from the interstitial page,” leaving them wondering why this had happened, Blatchley notes. “Very unprofessional!”

The Greenbush Southeast Kansas Education Service Center is not the only one who objects to Google’s high-handedness, especially to getting flagged without prior warning. CIO News quoted one user writing on behalf of Kukars Infotech, an IT services business in Rajasthan, India. “They [Google] are the king of the Internet. If they rank our website on top, then they can even humiliate us."

Other users think this is a sign of Google getting out of control. One SEO Chat forum member wondered if “big brother Google” was on a rampage: “[Is] Google at last donning a big brother role in a more conspicuous way? IMO Google is definitely going crazy.”

At this point, though, these people are in the minority. Posters to more than one forum have said that they’re glad Google is trying to make web surfing safer. Meanwhile, Phil Harton posted in the Google Webmaster Central blog that Google has added badware alerts to Google webmaster tools. “You can see on the Diagnostic Summary tab if your site has been determined to distribute badware and can access information to help you correct this,” Harton explains.

This is somewhat reassuring at least. Badware is a truly unpleasant surprise, whether you’re unwittingly receiving it or distributing it. Let’s hope that Google and StopBadware start responding a bit more quickly to review requests, though; getting tarred with this kind of brush can be very demanding on your time and resources.

[gp-comments width="770" linklove="off" ]