Every large Internet company has an online security team in place, and Google is no different. Now the search engine giant is going public. Yesterday, Google launched its new online security blog. The blog will post news on its little-known antimalware team, which, it turns out, has been in existence for about a year.
In its initial post, Google clarifies its now-famous one-in-10-Web-sites-are-malicious statement, derived from a presentation Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu gave at last month's Hotbots 2007. Provos says the figure that is quoted in the media should be 0.1 percent (less than 1 percent) since the analysis used in the paper, "The Ghost in the Browser" (in PDF), covers several billion Web sites. From that number, presenters selected a subgroup of 12 million, of which 1 million were found to be engaging in drive-by downloads of malicious code. There's also a colorful map in today's post showing which countries are responsible for hosting compromised Web sites and distribution servers (the U.S. and China both appear bright red, with Canada and Russia coming in a close second on each map).
Given that malware on the Internet is a huge problem, Google has been quietly evaluating Web sites on its own. Frequent users of the search engine may have seen statements under site names indicating that Google suspects a given site may be harmful to your PC.
This is curious, since major security vendors Symantec, Trend Micro, and McAfee currently offer products that overlay online search results with similar warnings. ZDNet blogger Ryan Naraine wonders whether Google is planning to go up against these vendors or perhaps purchase an existing security vendor. Predictably, Google declined to speculate on its future plans.