Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

why doesn't IE use Google's malware warnings?

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 07-16-2009
Bennett Haselton
 

Posts: n/a
why doesn't IE use Google's malware warnings?
When you visit a site in Firefox, it sends a query to
safebrowsing.clients.google.com asking if the site is safe. Then if
it gets back a response saying that Google has the site on its list
of malware-infected sites, Firefox displays a warning saying the site
has been infected with malware, before giving you the option to
proceed to the page.

Internet Explorer could protect a lot of users from malware infection
by using the Google feed as well. Does anyone know of any public
statements from either Google or Microsoft, as to why they don't do
this? Does Google let anybody use the
safebrowsing.clients.google.com feed who wants to, and it's
Microsoft's choice not to have their browser query it as well? Or
would Google for some reason not want IE to query their database the
way Firefox does, unless Microsoft paid them a fee or something?

In terms of protecting people from malware, this seems like really
low-hanging fruit to pick, given that the system has already been
implemented for Firefox.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-16-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: why doesn't IE use Google's malware warnings?
You may be interested in...

SmartScreen Filter | Internet Explorer 8 Security:
http://www.microsoft.com/security/fi...artscreen.aspx

IE8 Security Part III: SmartScreen® Filter:
http://blogs.msdn.com/ie/archive/200...en-filter.aspx

IE8 Security Part IX - Anti-Malware protection with IE8's SmartScreen
Filter:
http://blogs.msdn.com/ie/archive/200...en-filter.aspx
--
~PA Bear


Bennett Haselton wrote:
> When you visit a site in Firefox, it sends a query to
> safebrowsing.clients.google.com asking if the site is safe. Then if
> it gets back a response saying that Google has the site on its list
> of malware-infected sites, Firefox displays a warning saying the site
> has been infected with malware, before giving you the option to
> proceed to the page.
>
> Internet Explorer could protect a lot of users from malware infection
> by using the Google feed as well. Does anyone know of any public
> statements from either Google or Microsoft, as to why they don't do
> this? Does Google let anybody use the
> safebrowsing.clients.google.com feed who wants to, and it's
> Microsoft's choice not to have their browser query it as well? Or
> would Google for some reason not want IE to query their database the
> way Firefox does, unless Microsoft paid them a fee or something?
>
> In terms of protecting people from malware, this seems like really
> low-hanging fruit to pick, given that the system has already been
> implemented for Firefox.


Reply With Quote
  #3 (permalink)  
Old 07-16-2009
Daniel Crichton
 

Posts: n/a
Re: why doesn't IE use Google's malware warnings?
Bennett wrote on Wed, 15 Jul 2009 17:31:45 -0700 (PDT):

> When you visit a site in Firefox, it sends a query to
> safebrowsing.clients.google.com asking if the site is safe. Then if it
> gets back a response saying that Google has the site on its list of
> malware-infected sites, Firefox displays a warning saying the site has
> been infected with malware, before giving you the option to proceed to
> the page.


> Internet Explorer could protect a lot of users from malware infection
> by using the Google feed as well. Does anyone know of any public
> statements from either Google or Microsoft, as to why they don't do
> this? Does Google let anybody use the safebrowsing.clients.google.com
> feed who wants to, and it's
> Microsoft's choice not to have their browser query it as well? Or
> would Google for some reason not want IE to query their database the
> way Firefox does, unless Microsoft paid them a fee or something?


> In terms of protecting people from malware, this seems like really
> low-hanging fruit to pick, given that the system has already been
> implemented for Firefox.


I'm happy IE doesn't do this - these sorts of things slow down the browser.
I disabled the Google SafeBrowsing in FF3 as it's enabled by default. Here's
a post about why this might not be a good idea to have on:

http://www.freshbot.com/archives/200...ing-the-tiger/

And as PA Bear has pointed out, IE has it's own filtering system called
SmartScreen. MS probably don't use the Google API because they already have
their own equivalent system, and this also cuts out any reliance on Google.

If you really want this in IE, you can write your own BHO - and searching
Google for Google SafeBrowsing IE will bring up a few links to an article
that includes source code with the basic framework for this: http://www.josefcobonnin.com/post/20...-explorer.aspx

--
Dan


Reply With Quote
  #4 (permalink)  
Old 07-16-2009
Bennett Haselton
 

Posts: n/a
Re: why doesn't IE use Google's malware warnings?
On Jul 16, 6:49*am, "Daniel Crichton" <msn...@worldofspack.com> wrote:
> Bennett wrote *on Wed, 15 Jul 2009 17:31:45 -0700 (PDT):
>
>
>
>
>
> > When you visit a site in Firefox, it sends a query to
> > safebrowsing.clients.google.com asking if the site is safe. *Then if it
> > gets back a response saying that Google has the site on its list of
> > malware-infected sites, Firefox displays a warning saying the site has
> > been infected with malware, before giving you the option to proceed to
> > the page.
> > Internet Explorer could protect a lot of users from malware infection
> > by using the Google feed as well. *Does anyone know of any public
> > statements from either Google or Microsoft, as to why they don't do
> > this? *Does Google let anybody use the safebrowsing.clients.google.com
> > feed who wants to, and it's
> > Microsoft's choice not to have their browser query it as well? *Or
> > would Google for some reason not want IE to query their database the
> > way Firefox does, unless Microsoft paid them a fee or something?
> > In terms of protecting people from malware, this seems like really
> > low-hanging fruit to pick, given that the system has already been
> > implemented for Firefox.

>
> I'm happy IE doesn't do this - these sorts of things slow down the browser.
> I disabled the Google SafeBrowsing in FF3 as it's enabled by default. Here's
> a post about why this might not be a good idea to have on:
>
> http://www.freshbot.com/archives/200...-browsing-slow...
>
> And as PA Bear has pointed out, IE has it's own filtering system called
> SmartScreen. MS probably don't use the Google API because they already have
> their own equivalent system, and this also cuts out any reliance on Google.
>
> If you really want this in IE, you can write your own BHO - and searching
> Google for Google SafeBrowsing IE will bring up a few links to an article
> that includes source code with the basic framework for this:http://www.josefcobonnin.com/post/20...e-Browsing-API...
>
> --
> Dan- Hide quoted text -
>
> - Show quoted text -


I understand that IE has SmartScreen, but what I'm asking is: If
you're going to do malware checking, why not query both databases at
once? (Since I have found at least some malware-infected sites that
were on the Google list but not on the SmartScreen list.)

Obviously anyone who feels it's slowing down browsing too much, can
turn it off. But if you have it on at all, why not check both? (And
check them both in parallel, obviously, so the resulting delay would
be equal to the greater of the two response times from the two
databases, not the sum of the response times.)

If you absolutely, absolutely wanted to make sure that nobody would be
even the *slightest* bit worse off as a result of IE querying the
Google database -- so that nobody's Web requests take even a tenth of
a second longer -- you could always tell IE that as soon as the
response from SmartScreen comes back, stop waiting for a response from
the Google database. Then if the Google response comes back first,
you'll have that, and possibly it might be the one that saves you from
being infected. And if the SmartScreen result comes back first, you
can immediately stop waiting for Google, and at least you'll be no
worse off than you would have been without it.

Bennett
Reply With Quote
  #5 (permalink)  
Old 07-17-2009
VanguardLH
 

Posts: n/a
Re: why doesn't IE use Google's malware warnings?
Bennett Haselton wrote:

> When you visit a site in Firefox, it sends a query to
> safebrowsing.clients.google.com asking if the site is safe. Then if
> it gets back a response saying that Google has the site on its list
> of malware-infected sites, Firefox displays a warning saying the site
> has been infected with malware, before giving you the option to
> proceed to the page.
>
> Internet Explorer could protect a lot of users from malware infection
> by using the Google feed as well. Does anyone know of any public
> statements from either Google or Microsoft, as to why they don't do
> this? Does Google let anybody use the
> safebrowsing.clients.google.com feed who wants to, and it's
> Microsoft's choice not to have their browser query it as well? Or
> would Google for some reason not want IE to query their database the
> way Firefox does, unless Microsoft paid them a fee or something?
>
> In terms of protecting people from malware, this seems like really
> low-hanging fruit to pick, given that the system has already been
> implemented for Firefox.


You actually trust Google's classification of what is malware? I tried
visiting a site that was *discussing* some malware and gave some links
to exploit examples (which you had to follow instructions to make them
actually usable) which Google then claimed was a malware/malicious site.
Turned out it wasn't the obfuscated code but some wording on the site
that triggered Google to mark it "bad". Stupid.

You've never heard of false positives in anti-virus, anti-malware, and
other security-related software? So just how are you going to "fix" a
mis-classification by Google? I double Google handles pages that employ
dynamic code obfuscation (http://www.finjan.com/Content.aspx?id=1456),
so Google not saying it is a bad site does NOT make it a clean site.

So you have some false positives. And you have false negatives (which,
I suspect, is so prevalent that Google not alerting on a site saying
nothing about the safety of that site).

Because Google uses in interstitial page to display its alert (see
http://en.wikipedia.org/wiki/Interstitial_webpage), it may not be seen
by a user of a popup blocker. Some popup blockers eliminate intersitial
pages (http://www.popupcop.com/help/help7_o...erstitial.html)
because they are predominately used by spammy sites (although I have
seen some login pages go bouncing through interstitial pages to complete
the login).

Unlike lookups done in parallel for a search engine, like when you do a
Google search, where the search results are shown immediately while the
malware lookup is done in parallel and updates the search list when the
lookup data becomes available, sticking in an interstitial page before
you get to the web site's page will ALWAYS slow you access to that web
page, plus you're are adding even more statistics to Google regarding
where users are navigating (yes, they help protect you against
*possibly* infected sites but they're also tracking all this surfing,
too). Say you were to install Google's Toolbar (don't argue about
whether you would or not since the point is not about installing the
Toolbar but how you might configure it). Would you actually enable
their Page Ranking feature that reports to them your navigation habits?
Well, if you disabled it there, why are you willing to give all that
same information via another route?

By the way, Google gets their "bad" site list from StopBadware
(http://www.stopbadware.org/). According to their web site's home page,
they had 333,276 sites reported as "bad". Does that really sound like a
lot of bad sites to you? As of February 2007, the Netcraft Web Server
Survey found 108,810,358 distinct websites and in June 2009 they
reported 238,027,855 sites. So about one-tenth of one percent (0.14%)
of those sites are listed as "bad" by StopBadware. So why would such a
service even exist if it lists so damn few sites as bad? Also remember
that any such ranking by Google is based on whenever it last crawled
across a web site so the ranking is old. It doesn't reflect the state
of the site NOW. A clean site might be infected now but not when Google
checked it. An infected site might now be clean (from webmaster
reports, it appears to take 2 weeks before the submission to reclassify
their site is even seen at Google and it takes over a month before they
can get reclassified from bad to good or from falsely accused to good).

Web sites are increasing at a rate far faster than these services can
rate them regarding their safety. Plus any such ranking is old. Users
of McAfee's SiteAdvisor already are aware of how old are those rankings.
Google doesn't seem to be any faster at keeping updated on just the site
they have ranked. Rather than rely on some antiquated list full of
errors (false positives/negatives) and which cover only a very tiny
number of web sites out there, seems you want to use something that
interrogates the web page NOW.

Avast and other anti-virus+anti-malware programs have their web
"shields" or "guards" to interrogate the content of web pages as they
are NOW when downloaded into your web browser. Finjan has their toolbar
to scan pages for malicious content but their free version only works
with search engine results which means they are useless when you
actually visit the web page unless you pay for their commercial products
that sit upstream of your host. Online Armor (paid version only)
includes their DNS spoof checking to make sure you end up where you
think you went to prevent phishing you to a fake site.

The lists can't keep up with the rate of sites showing up. You need to
know about the site as it exists now, not what it was back a week, a
month, or longer.
Reply With Quote
  #6 (permalink)  
Old 07-18-2009
Reinder de Boer
 

Posts: n/a
Re: why doesn't IE use Google's malware warnings?
That's interesting - if I do that suggested host file modification, the
suggested website
http://www.freshbot.com/archives/200...ing-the-tiger/
no longer can be found [404 error] when clicking on this link.




"Daniel Crichton" <msnews@worldofspack.com> wrote in message
news:OdaH1whBKHA.1336@TK2MSFTNGP05.phx.gbl...
> Bennett wrote on Wed, 15 Jul 2009 17:31:45 -0700 (PDT):
>
>> When you visit a site in Firefox, it sends a query to
>> safebrowsing.clients.google.com asking if the site is safe. Then if it
>> gets back a response saying that Google has the site on its list of
>> malware-infected sites, Firefox displays a warning saying the site has
>> been infected with malware, before giving you the option to proceed to
>> the page.

>
>> Internet Explorer could protect a lot of users from malware infection
>> by using the Google feed as well. Does anyone know of any public
>> statements from either Google or Microsoft, as to why they don't do
>> this? Does Google let anybody use the safebrowsing.clients.google.com
>> feed who wants to, and it's
>> Microsoft's choice not to have their browser query it as well? Or
>> would Google for some reason not want IE to query their database the
>> way Firefox does, unless Microsoft paid them a fee or something?

>
>> In terms of protecting people from malware, this seems like really
>> low-hanging fruit to pick, given that the system has already been
>> implemented for Firefox.

>
> I'm happy IE doesn't do this - these sorts of things slow down the
> browser. I disabled the Google SafeBrowsing in FF3 as it's enabled by
> default. Here's a post about why this might not be a good idea to have on:
>
> http://www.freshbot.com/archives/200...ing-the-tiger/
>
> And as PA Bear has pointed out, IE has it's own filtering system called
> SmartScreen. MS probably don't use the Google API because they already
> have their own equivalent system, and this also cuts out any reliance on
> Google.
>
> If you really want this in IE, you can write your own BHO - and searching
> Google for Google SafeBrowsing IE will bring up a few links to an article
> that includes source code with the basic framework for this:
> http://www.josefcobonnin.com/post/20...-explorer.aspx
>
> --
> Dan
>


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft’s Live Search adds malware warnings ... atlast ! WinVistaClub WinVistaClub Blog 0 12-05-2008 14:10
Microsoft's Live Search (finally) adds malware warnings Steve Security News 0 12-03-2008 18:50
Google's Research on Malware Distribution Steve General Technology News 0 02-19-2008 20:50
Google's Research on Malware Distribution Steve General Technology News 0 02-18-2008 01:20
Despite security firm warnings, it's business as usual for malware writers Steve Security News 0 11-21-2007 02:40




All times are GMT +1. The time now is 05:02.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120