Safe Browsing—protecting web users for five years and counting

In this post, we've collected some highlights from the past five years of our Safe Browsing efforts, aimed at keeping people safe online. See the Security Blog for the full details and more visuals. -Ed.

Five years ago, we launched Safe Browsing, an initiative designed to keep people safe from malicious content online. Our primary goal was to safeguard Google's search results against malware (software capable of taking control of your computer) and phishing (fraudulent websites that entice users to give up their personal information). We also wanted to help educate webmasters on how to protect their own sites.

Malware and phishing are still big problems online, but our Safe Browsing team has labored continuously to adapt to the rising challenges of new threats. We've also developed an infrastructure that automatically detects harmful content around the globe.

Here’s a look at the highlights from our efforts over the past five years:

• We protect 600 million users through built-in protection for Chrome, Firefox and Safari, where we show several million security warnings every day to Internet users. When we detect malware or phishing, we trigger a red warning screen that discourages clicking through to the website. Our free and public Safe Browsing API allows other organizations to keep their users safe by using the data we’ve compiled.
• We find about 9,500 new malicious websites every day and show warnings to protect users. These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing. Our detection techniques are highly accurate—we have had only a handful of false positives.
• Approximately 12-14 million Google Search queries per day warn users about current malware threats, and we provide malware warnings for about 300 thousand downloads per day through our download protection service for Chrome.
• We send thousands of notifications daily to webmasters. When webmasters sign up for Webmaster Tools we give them the option to receive warning notices if we find something malicious on their site.

Malware and phishing aren’t completely solvable problems because threats continue to evolve, but our technologies and processes do, too.

Phishing and malware trends
Online commerce sites are still favorite phishing targets because phishers are motivated by money. Some tried-and-true phishing methods are still used, but attacks are also getting more creative and sophisticated. Attacks are faster, with phishers sometimes remaining online for less than an hour to try to avoid detection. They’re also more geographically dispersed and are getting more targeted.

Malware authors often compromise legitimate sites to deliver content from a malicious attack site or to redirect to an attack site. These attack sites will often deliver "drive-by downloads" to visitors, which launch and run malware programs on their computers without their knowledge. To try to avoid detection, these attack sites adopt several techniques, such as rapidly changing their Internet location with free web hosting services and auto-generated domain names. Although less common than drive-by downloads, we’re also seeing more malware authors bypassing software vulnerabilities altogether and instead employing methods to try to trick users into installing malicious software—for example, fake anti-virus software.

How you can help prevent malware and phishing
Our system is designed to protect users at high volumes, but people still need to take steps to keep their computers safe. Ignoring a malware problem is never a good idea—if one of our warnings pop up, you should never click through to the suspicious site. Webmasters can help protect their visitors by signing up for malware warnings at Google Webmaster Tools. These warnings are free and will help us inform them if we find suspicious code on their sites. Finally, everyone can help make our system better. You can opt-in to send additional data to our team that helps us expand the coverage of Safe Browsing.

Looking forward
Some of our recent work to counter new forms of abuse includes:

• Instantaneous phishing detection and download protection within the Chrome browser
• Chrome extension malware scanning
• Android application protection

It’s a good feeling to know that we’re making the web more secure and directly protecting people from harm—whether they’re our users or not. We continue to invest heavily in the Safe Browsing team so we can defend against current and future security threats.

Posted by Niels Provos, Security Team

Tech tips that are Good to Know

Does this person sound familiar? He can’t be bothered to type a password into his phone every time he wants to play a game of Angry Birds. When he does need a password, maybe for his email or bank website, he chooses one that’s easy to remember like his sister’s name—and he uses the same one for each website he visits. For him, cookies come from the bakery, IP addresses are the locations of Intellectual Property and a correct Google search result is basically magic.

Most of us know someone like this. Technology can be confusing, and the industry often fails to explain clearly enough why digital literacy matters. So today in the U.S. we’re kicking off Good to Know, our biggest-ever consumer education campaign focused on making the web a safer, more comfortable place. Our ad campaign, which we introduced in the U.K. and Germany last fall, offers privacy and security tips: Use 2-step verification! Remember to lock your computer when you step away! Make sure your connection to a website is secure! It also explains some of the building blocks of the web like cookies and IP addresses. Keep an eye out for the ads in newspapers and magazines, online and in New York and Washington, D.C. subway stations.



The campaign and Good to Know website build on our commitment to keeping people safe online. We’ve created resources like privacy videos, the Google Security Center, the Family Safety Center and Teach Parents Tech to help you develop strong privacy and security habits. We design for privacy, building tools like Google Dashboard, Me on the Web, the Ads Preferences Manager and Google+ Circles—with more on the way.

We encourage you to take a few minutes to check out the Good to Know site, watch some of the videos, and be on the lookout for ads in your favorite newspaper or website. We hope you’ll learn something new about how to protect yourself online—tips that are always good to know!

Update Jan 17: Updated to include more background about Good to Know.

Posted by Alma Whitten, Director of Privacy, Product and Engineering

Making search more secure

We’ve worked hard over the past few years to increase our services’ use of an encryption protocol called SSL, as well as encouraging the industry to adopt stronger security standards. For example, we made SSL the default setting in Gmail in January 2010 and introduced an encrypted search service located at https://encrypted.google.com four months later. Other prominent web companies have also added SSL support in recent months.

As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users. Over the next few weeks, many of you will find yourselves redirected to https://www.google.com (note the extra “s”) when you’re signed in to your Google Account. This change encrypts your search queries and Google’s results page. This is especially important when you’re using an unsecured Internet connection, such as a WiFi hotspot in an Internet cafe. You can also navigate to https://www.google.com directly if you’re signed out or if you don’t have a Google Account.

What does this mean for sites that receive clicks from Google search results? When you search from https://www.google.com, websites you visit from our organic search listings will still know that you came from Google, but won't receive information about each individual query. They can also receive an aggregated list of the top 1,000 search queries that drove traffic to their site for each of the past 30 days through Google Webmaster Tools. This information helps webmasters keep more accurate statistics about their user traffic. If you choose to click on an ad appearing on our search results page, your browser will continue to send the relevant query over the network to enable advertisers to measure the effectiveness of their campaigns and to improve the ads and offers they present to you.

As we continue to add more support for SSL across our products and services, we hope to see similar action from other websites. That’s why our researchers publish information about SSL and provide advice to help facilitate broader use of the protocol. We hope that today’s move to increase the privacy and security of your web searches is only the next step in a broader industry effort to employ SSL encryption more widely and effectively.

Posted by Evelyn Kao, Product Manager

National Cyber Security Awareness Month 2011: Our Shared Responsibility

(Cross-posted on the Public Policy Blog)

On the Internet, as with the offline world, the choices we make often have an impact on others. The links we share and the sites we visit can affect our security and sometimes introduce risk for people we know. Given how quickly our collective use of technology is evolving, it’s useful to periodically remind ourselves of practices that can help us achieve a more secure and enjoyable online experience.

This month, Google once again joins the National Cyber Security Alliance (NCSA), government agencies, corporations, schools and non-profit organizations in recognizing National Cyber Security Awareness Month. It’s a time for us to offer education that increases online security for everyone.

It’s fitting that the theme of this year’s Cyber Security Awareness Month is “Our Shared Responsibility.” With ever-increasing ways to access the web and share information, we need to focus on keeping our activities secure. In that spirit, and to help kick off Cyber Security Awareness Month, we’re introducing a new Google Security Center. The Security Center is full of practical tips and information to help people stay safe online, from choosing a secure password to using 2-step verification and avoiding phishing sites and malware.

We also continue to develop products and services that help people protect their information online. Examples that have stood out so far this year include the Chromebook, 2-step verification in 40 languages, and Chrome browser warnings for malicious downloads and out-of-date plugins, among others. We develop free products and tools such as DOM Snitch, a Chrome extension that helps developers identify insecure code.

We recognize the importance of security education and are committed to helping make your online experience both exciting and safe to use. We all have a responsibility to take steps to protect ourselves and together develop a culture of security. We encourage everyone to Stop. Think. Connect.

Posted by Eric Davis, Public Policy Manager, Security

2-step verification: stay safe around the world in 40 languages

(Cross-posted on the Online Security Blog)

Earlier this year, we introduced a security feature called 2-step verification that helps protect your Google Account from threats like password compromise and identity theft. By entering a one-time verification code from your phone after you type your password, you can make it much tougher for an unauthorized person to gain access to your account.

People have told us how much they like the feature, which is why we're thrilled to offer 2-step verification in 40 languages and in more than 150 countries. There’s never been a better time to set it up: Examples in the news of password theft and data breaches constantly remind us to stay on our toes and take advantage of tools to properly secure our valuable online information. Email, social networking and other online accounts still get compromised today, but 2-step verification cuts those risks significantly.

We recommend investing some time in keeping your information safe by watching our 2-step verification video to learn how to quickly increase your Google Account’s resistance to common problems like reused passwords and malware and phishing scams. Wherever you are in the world, sign up for 2-step verification and help keep yourself one step ahead of the bad guys.

To learn more about online safety tips and resources, visit our ongoing security blog series, and review a couple of simple tips and tricks for online security. Also, watch our video about five easy ways to help you stay safe and secure as you browse.

Update on 12/1/11: We recently made 2-step verification available for users in even more places, including Iran, Japan, Liberia, Myanmar (Burma), Sudan and Syria. This enhanced security feature for Google Accounts is now available in more than 175 countries.

Posted by Nishit Shah, Product Manager, Google Security

Using data to protect people from malware

(Cross-posted on the Google Online Security Blog)

The Internet brings remarkable benefits to society. Unfortunately, some people use it for harm and their own gain at the expense of others. We believe in the power of the web and information, and we work every day to detect potential abuse of our services and ward off attacks.

As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or “malware.” As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results:

This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called “proxies.” We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.

We hope to use the knowledge we’ve gathered to assist as many people as possible. In case our notice doesn’t reach everyone directly, you can run a system scan on your computer yourself by following the steps in our Help Center article.

Update July 20, 2011: We've seen a few common questions we thought we'd address here:

• The malware appears to have gotten onto users' computers from one of roughly a hundred variants of fake antivirus, or "fake AV" software that has been in circulation for a while. We aren't aware of a common name for the malware.
• We believe a couple million machines are affected by this malware.
• We've heard from a number of you that you're thinking about the potential for an attacker to copy our notice and attempt to point users to a dangerous site instead. It's a good security practice to be cautious about the links you click, so the spirit of those comments is spot-on. We thought about this, too, which is why the notice appears only at the top of our search results page. Falsifying the message on this page would require prior compromise of that computer, so the notice is not a risk to additional users.
• In the meantime, we've been able to successfully warn hundreds of thousands of users that their computer is infected. These are people who otherwise may never have known.

Posted by Damian Menscher, Security Engineer