In this post, we've collected some highlights from the past five years of our Safe Browsing efforts, aimed at keeping people safe online. See the Security Blog for the full details and more visuals. -Ed.
Five years ago, we launched Safe Browsing, an initiative designed to keep people safe from malicious content online. Our primary goal was to safeguard Google's search results against malware (software capable of taking control of your computer) and phishing (fraudulent websites that entice users to give up their personal information). We also wanted to help educate webmasters on how to protect their own sites.
Malware and phishing are still big problems online, but our Safe Browsing team has labored continuously to adapt to the rising challenges of new threats. We've also developed an infrastructure that automatically detects harmful content around the globe.
Here’s a look at the highlights from our efforts over the past five years:
Malware and phishing aren’t completely solvable problems because threats continue to evolve, but our technologies and processes do, too.
Online commerce sites are still favorite phishing targets because phishers are motivated by money. Some tried-and-true phishing methods are still used, but attacks are also getting more creative and sophisticated. Attacks are faster, with phishers sometimes remaining online for less than an hour to try to avoid detection. They’re also more geographically dispersed and are getting more targeted.
Malware authors often compromise legitimate sites to deliver content from a malicious attack site or to redirect to an attack site. These attack sites will often deliver "drive-by downloads" to visitors, which launch and run malware programs on their computers without their knowledge. To try to avoid detection, these attack sites adopt several techniques, such as rapidly changing their Internet location with free web hosting services and auto-generated domain names. Although less common than drive-by downloads, we’re also seeing more malware authors bypassing software vulnerabilities altogether and instead employing methods to try to trick users into installing malicious software—for example, fake anti-virus software.
Our system is designed to protect users at high volumes, but people still need to take steps to keep their computers safe. Ignoring a malware problem is never a good idea—if one of our warnings pop up, you should never click through to the suspicious site. Webmasters can help protect their visitors by signing up for malware warnings at Google Webmaster Tools. These warnings are free and will help us inform them if we find suspicious code on their sites. Finally, everyone can help make our system better. You can opt-in to send additional data to our team that helps us expand the coverage of Safe Browsing.
Some of our recent work to counter new forms of abuse includes:
It’s a good feeling to know that we’re making the web more secure and directly protecting people from harm—whether they’re our users or not. We continue to invest heavily in the Safe Browsing team so we can defend against current and future security threats.