Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Google Demonstrates Risk of Filtering Systems

Over the weekend it has been hard to avoid the news that Google inadvertently marked the whole Internet as dangerous and "may harm your computer", at least that was what search results were returning. What had happened, according to Google, was that the filtering list being used to identify which sites are malicious had accidentally included a wildcard operator. The inclusion of the '/' entry meant that, with the system Google has implemented, all URLs on the web were inadvertently identified as malicious.

There was initial confusion about where the error had been introduced, with initial reporting suggesting that it had originated with stopbadware.org, which is the non-profit that Google works with to build their list of potentially malicious sites. While both Google and StopBadware have issued statements, there is still some ambiguity as to where the error was introduced. The consensus is that it was introduced at Google, and the sharing of information with StopBadware was just the normal data exchange.

Many people have for the first time seen the problems that can happen when over-reliance on filtering systems breaks down. It doesn't matter whether the systems are proactive or reactive in their performance, similar problems plague both types. This recent case shows what can happen when a simple human error occurs, but there is criticism of the technologies that operate these systems.

Even after the systems were repaired (total exposure was about an hour in the worst cases), there were still false positives that littered the system. If sites like BitDefender.com are listed as malicious, even temporarily, then how can the full system be trusted to be accurate on an unknown site?

Probably the best way to approach it is to treat the Internet and malicious site identification systems like Antivirus applications. Most of the time, they will work as advertised, helping identify the most common malicious sites, but there will always be a lag between when malicious data challenges users, and when detection picks it up. There will also always be a defined and present risk of false positives, otherwise innocent sites and data misidentified as malicious. Use of these systems is recommended, with the caveat that nothing can trump common sense and careful Internet use. At the end of the day, even a trusted, trustworthy site can be compromised in a heartbeat, so users should always apply caution on the Internet.

2 February 2009

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.