Suppose you worked at a search engine and someone dropped a high-accuracy way to detect malware on the web in your lap (see this USENIX paper [PDF] for some of the details)? Is it better to start protecting users immediately, or to wait until your solution is perfectly polished for both users and site owners? Remember that the longer you delay, the more users potentially visit malware-laden web pages and get infected themselves.
Google chose to protect users first and then quickly iterate to improve things for site owners. I think that’s the right choice, but it’s still a tough question. Google started flagging sites where we detected malware in August of last year. This February, the webmaster console team and Google’s anti-malware team took a big step toward closing the loop for webmasters:
– The webmaster console started listing example urls with suspected/detected malware.
– Google began attempting to email site owners when we detected malware.
– New: Request a malware review from Google and we’ll evaluate your site.
– New: Check the status of your review.
* If we feel the site is still harmful, we’ll provide an updated list of remaining dangerous URLs
* If we’ve determined the site to be clean, you can expect removal of malware messages in the near future (usually within 24 hours).
I like that Google will keep updating the list of dangerous URLs for a site, and that they’re working to remove malware warnings even faster when sites clean up malware. That will help site owners diagnose their problems and get them fixed faster. What’s just as exciting to me is that while I have written about malware unofficially in the past, Google has ramped up official posts about malware on Google’s online security blog.
I’m glad that the Google’s anti-malware team has been doing all this stuff to alert site owners if they’re hosting malware. I don’t think it generates any money for Google (if anything, it costs machine resources and engineer cycles to tackle malware), but it does improve the web as malware gets taken down faster. I guess there could be an indirect effect as people trust the web more and maybe surf more, which is good for everybody.