If you were walking into a shop and got robbed, would you immediately assume that it was the shop’s fault or the robber’s? What if you visited a Website and immediately got hit with malware? The two situations are essentially the same, but in the latter case, most people would blame the venue rather than the attacker. In the online world, however, Google’s Safe Browsing service is pointing fingers at the attack venue, not the assailant.
On most small Websites, a third-party ad network delivers the ads. The site itself has no idea what the ad is or where it originated -- the ad network is supposed to handle that information. But bad ads still slip into ad networks and the site loses its reputation. If you were visiting a site for the first time and it gave you a virus, would you go back? Obviously not.
Google has been running its Safe Browsing program for a while now. If Google crawls a Website that tries to deliver a malware payload, it marks the site as dangerous and notes some of the particulars of the attempted attack, including URL vectors and whatnot. Browsers like Firefox and Chrome pay attention to Google’s ratings of particular sites and throw up warning pages before the site loads. To be sure, this protects some users from the malware.
Say you run a small Website that served some malware-laden ads delivered through a third-party ad network. Google then brands you as a malware/virus site. Suddenly your pageviews drop through the floor and your users head elsewhere.
Meanwhile, you can find neither hide from or find a malware on your site since it only exists if and when certain ads are served ! Its quite annoying if you ask me. You read Google’s diagnostic page for your site until your eyes bleed, but you still can’t find any malware on your site. So you submit the site for a review (which requires you to sign up for Google Webmaster Tools) and hope you can clear up the issue.
Google takes anywhere from 16 to 48 hours to review your site. If Google happens to get the same malware-injecting ad, you lose the review. If Google doesn’t detect malware, it will (probably) pull down the warning pages and your traffic will (probably) pick back up.
If you’re running a legitimate site, Google’s well-meaning Safe Browsing service bears an unfortunate resemblance to a protection racket. Google is hanging around the entrance to your business and warning people to stay away because a robber was lurking around the corner the other day. Want me to go away, buddy? Then sign up for Google Webmaster Tools and I’ll think about it. Another technique in which Google locks you in with their technology !
Google’s Safe Browsing is a good idea, but it needs improvement: Make it platform-specific and reduce the review time to an hour or so. It will be exponentially better for everyone.
|