One More Reason Not To Blindly Trust What A Computer Tells You

from the this-site-is-sooooooo-dangeorus dept

Mon, Feb 2nd 2009 1:32am — Mike Masnick

By now, you've probably heard the news that Google had a bit of a "glitch" this past weekend, whereby it warned people that every single site in existence (including Google) was rated as potentially dangerous and could put malware on your computer. It lasted for about an hour Saturday morning, causing amused chatter around the web. But, of course, it does highlight one key issue: whenever we end up with various "automated" warning systems, we tend to start believing what the systems tell us -- even when we know they're fallible. It's something worth remembering -- not to say that computer models are bad, just that we almost always underestimate how much weight people put on them once they're in place, no matter how much we intuitively understand that it's just a model.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: computers, malware, trust
Companies: google

23 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

priyankeshu, 2 Feb 2009 @ 1:45am

people took it too seriously
i think people took it very too much seriously
[ link to this | view in chronology ]
- ehrichweiss, 2 Feb 2009 @ 10:31am
  
  Re: people took it too seriously
  I want a show of hands. Who googled "google"? I did and took a screenshot for future enjoyment.
  [ link to this | view in chronology ]
Anonymous Coward, 2 Feb 2009 @ 2:42am

Getting a warning about a harmless sight isn't going to be damaging.
NOT getting a warning about a harmful sight is.
How does this all add up then?
[ link to this | view in chronology ]
- Wayne, 2 Feb 2009 @ 2:45am
  
  Re:
  This demonstrates that the information provided was not accurate. Maybe next time it will tell you all sites are not dangerous even if they are and you'll get it then.
  [ link to this | view in chronology ]
- hegemon13, 2 Feb 2009 @ 6:16am
  
  Re:
  "Getting a warning about a harmless sight isn't going to be damaging."
  
  Not to you, no. But, to the site, it can be devastating. When Google itself is not on the list, they are not nearly as quick to respond, either.
  
  Take, for example, Gamepark Holdings, makers of the GP2x handheld game console. The company markets to a niche, enthusiast group of homebrew/emulator fans. They market purely online and via word-of-mouth. Several months ago, their site got listed with Google as potentially harmful for no known reason. It was a mistake. However, Google left it that way for OVER A MONTH. Just imagine if you are a company who has little brand recognition and whose primary sales portal is your own website. Suddenly, everyone who tries to get there is told they're going to get malware if they go to your site. That not only damages sales for that month, but permanently destroys credibility with a lot of potential customers.
  
  So, yeah, a false positive can be extremely harmful if you think beyond your own selfish interests.
  [ link to this | view in chronology ]
Anonymous Coward, 2 Feb 2009 @ 3:57am

"How does this all add up then?"

Stuff happens, plan for the worst, expect the best, and learn to cope.
[ link to this | view in chronology ]
Twinrova, 2 Feb 2009 @ 4:32am

Another reason why Firefox is great!
If the page were seriously bad, Firefox puts up a warning message, so the Google thing is rather useless to me.

In fact, I didn't even know the message existed until this news came out.
[ link to this | view in chronology ]
- Washii, 2 Feb 2009 @ 11:13am
  
  Re: Another reason why Firefox is great!
  Except that, Firefox? It uses the same list!
  [ link to this | view in chronology ]
barfooinc.net, 2 Feb 2009 @ 4:38am

Not a (brief) shining moment in corporate responsibility...
The glitch was at least a little disturbing considering google.com's strong self-assumption of expertise in all matters search related. I was also disturbed by google.com's brief attempt at finger-pointing elsewhere to the 3rd party non-profit (stopbadware.org) as the root cause of the problem.
[ link to this | view in chronology ]
Norm, 2 Feb 2009 @ 5:41am

Are we still in danger?
....peeking over keyboard....
[ link to this | view in chronology ]
James, 2 Feb 2009 @ 6:17am

more than just a warning
The glitch was more than just a warning it wouldn’t let you open the page even when you tried to bypass the warning and open the page anyway. So I just feel back to good old Yahoo.
[ link to this | view in chronology ]
Xyro TR1 (profile), 2 Feb 2009 @ 6:19am

Huh...
I thought this was caused by human error? As in, someone put a " / " into the blocked sites list, and effectively blocked every website? I don't see how this was automated.

Google also did something worth noting, which was admitting the mistake, as well as admitting that they were the cause (and not their malware filtering company). It's rare that companies do that...
[ link to this | view in chronology ]
- Anonymous Coward, 2 Feb 2009 @ 7:47am
  
  Re: Huh...
  I agree, the story clearly states it was a human error, not a 'glitch'.
  
  It is better though, for google to blame it on an anonymous employee than to undermine the reputation for reliability of their systems/practices.
  [ link to this | view in chronology ]
Dave, 2 Feb 2009 @ 6:39am

Firefox uses Google's data
Another point to mention is that if a site is listed as potentially dangerous by Google, it will give you a big warning when you try to browse to that site in Firefox.

So if you have a corporate website and it gets hacked, Google will effectively shut down your site with no warning.

Plus the fastest way you can get past it is to log in to webmaster tools and have the site rechecked. Could take a day or longer.

Whatever happened to tech support??
[ link to this | view in chronology ]
sniperdoc (profile), 2 Feb 2009 @ 6:40am

Ummm no.. not infallible...
Interesting that the author writes
"whenever we end up with various 'automated' warning systems, we tend to start believing what the systems tell us -- even when we know they're fallible."

It's not the system that was fallible. It was a user programming error. It's humans that are fallible (despite what the Pope may believe). Computers just do what they're told. They do not make decisions without user input.
[ link to this | view in chronology ]
long island girl, 2 Feb 2009 @ 6:45am

be smart...
as an internet surfer, i don't directly or easily believe on such news most especially if it comes from an unreliable website.. It should have been on the headlines already or we should have been warned if it was really true.
[ link to this | view in chronology ]
Anonymous Coward, 2 Feb 2009 @ 7:16am

If this was Microsoft that messed this up I'm sure the comments would be full of neckbeards laughing at their blunder. But it was only google...no big deal!
[ link to this | view in chronology ]
JustMe, 2 Feb 2009 @ 7:32am

#13 & thoughts....
"i don't directly or easily believe on such news most especially if it comes from an unreliable website.. It should have been on the headlines already or we should have been warned if it was really true."

Are you saying you would disregard a malware warning if you hadn't seen or heard about the suite being hacked in the news?
If so, that's a REALLY bad practice. A site can be hacked to include malicious code at any time and you might be among the first people to hit it.
It;s also highly unlikely a single hacked site would make headlines and there is several hours delay between hacked and reported.

Or are you saying you wouldn't believe Google's malware warning?
In which case disregard my above comment :-P

Either way I tend to look at such warnings as more of a "Proceed with Caution" sort of sign.
As a tech I have a ton of "infected" files on my home PC that my anti virus would love to sanitize. I'm not about to let that happen (as it would destroy perfectly good software I need for work) but I still run my anti virus to makes sure I;m not legitimately infected.

I would still browse such a site if I saw that kind of waning I would just be a bit more careful about it.

Just my $0.02
[ link to this | view in chronology ]
DaveP, 2 Feb 2009 @ 7:42am

It wasn't just a warning, it flat out refused to let you go to the site... you had manually type the address, and if it was of any length Google didn't give you enough of it to do so.
[ link to this | view in chronology ]
Anonymous Coward, 2 Feb 2009 @ 11:51am

It was rather annoying as I was reformatting a computer that had just been infected with malware...so when I reformatted and reinstalled and got this message...arrrgggghhhh...I was very frustrated and fearing a larger malware spread through my entire network...ohhh...that would have been bad....oh that would have been bad....
[ link to this | view in chronology ]
Anonymous Coward, 2 Feb 2009 @ 4:11pm

I think the "automated warning system" in this article is about the end-user, not Google itself. In other words, Google's users are relying on the warnings to be there and be accurate, not whether or not the malware URL update is updated automatically or not.
What this does point out is that as computers and the Internet become less of a tool and more of an appliance (the assumption being that tools require some amount of skill or knowledge to operate efficiently) anything that inconveniences any quantity of non-technical users it going to be newsworthy.
[ link to this | view in chronology ]
alex, 3 Feb 2009 @ 6:51am

hysteria
It was a 45 minute glitch, and it caused a huge panic... And of course what followed was the usual hysteria by all the hunt-for-pageviews online publications...

http://the-anti-google-baloney.blogspot.com/2009/02/45-hysteria.html
[ link to this | view in chronology ]
fishbane, 3 Feb 2009 @ 12:10pm

Funny
And to think, our current economic meltdown was driven mostly by automated systems and too credulous humans.

This is the way the world will end, not with a bang, but a perl script.
[ link to this | view in chronology ]