Google's Transparency Report: Insights, not security solutions

Google has bolstered its increasingly important Transparency Report with a new section that documents the number of malware and compromised websites detected by the firm as well as the volume of Safe Browsing warnings fed to users through the Chrome, Firefox, and Safari web browsers.

From this it is possible to see that in the first week of June alone, Google detected around 42,000 sites hosting malware, 23,000 phishing websites and in the week of June 16 issued 88 million Safe Browsing warnings to its user base.

Those Safe Browsing Automated defenses built into browsers have become a major front line for stopping malware, arguably more important than that offered by traditional antivirus software. However, not everyone is convinced they are a one-stop solution to the problem of malware and phishing websites.

Safe Browsing's contribution

As for Safe Browsing, Google has gradually expanded its scope since its appearance in 2006, adding automatic blocking for malware downloads as recently as January this year.

browsers

Although the tens of millions of Safe Browsing warnings recorded by the Transparency Report every week sound vast, the company admits they underestimate the number of sites detected because not all users opt into monitoring.

Google's Chrome currently uses version 2 of the Safe Browsing API, while Apple's Safari and Mozilla's Firefox were was still using version 1 for a test run by NSS Labs in May. This found that both versions of the API were still bested by Internet Explorer 10's SmartScreen equivalent, but that version 1 was significantly inferior to version 2 in this respect.

Microsoft's apparent superiority was attributed to the reputation system that supplies data on which sites to block.

Threats spotted

According to Google, the malware element of system works by scanning a subset of indexed websites once per day, running any software encountered in a virtual machine to test infection.

The company divides the activity it finds into two categories, attacks sites (those hosting malware or phishing) and compromised sites (those that lead to secondary sites hosting malware). Sites deemed malevolent are added to Google's blacklist within half an hour while compromised sites are re-checked in case they are subsequently cleaned by their owners.

"Sharing this information also aligns well with our Transparency Report, which already gives information about government requests for user data, government requests to remove content, and current disruptions to our services," said Google software engineer Lucas Ballard.

Google's release of the data is potentially significant for an industry that has historically depended almost entirely for its malware statistics on individual security companies reporting what their customers are seeing.

"Internet users need to reflect on their own actions rather than resting on their laurels in the belief that the exposure of threats alone will keep them safe," said ESET UK's technical director, Mark James. "Running antivirus software alone doesn't necessarily mean it's possible to visit websites indiscriminately believing all malicious code will be detected. New attack methods are constantly in development."

Subscribe to the Security Watch Newsletter

Comments