Readers and Experts Weigh In on a Site Owner vs. Google

Malware may be the digital equivalent of bedbugs: suddenly ubiquitous, hard to treat and a real menace for those infested. That might explain why a Bits post on Thursday, “One Man’s Fight With Google Over a Security Warning,” stoked such impassioned responses.

One commenter likened Dr. Epstein’s predicament with malware to “a catastrophe in plain sight problem,” like “space junk, fracking, global warming.” He wrote, “The day is fast approaching (or may have already passed) when the problem surmounts any attempt to solve it. There is a point when the utility of the Net is overwhelmed by ubiquitous evil.”

Most commenters thought Dr. Epstein was too quick to shoot the messenger, in this case Google. “You need to stop getting hacked, rather than blame Google for pointing out that you run an insecure and potentially malicious site,” one person wrote. “It may seem unfair,” said another, “but if you are going to run a Web site on the Internet you absolutely must ensure the security and integrity of the content on the site. This is not the responsibility of Google, Yahoo, Yandex, Baidu or any other service.”

Some offered up their own tales of malware attacks, detailing their initial denial (“I thought surely Google must have made a mistake”) to blissful resolution (“It was only after I pored over the raw source code that I found subtle malicious code injected into the site. After removing the code, I put a request through Google’s webmaster tools to re-scan the site, which they did promptly and removed the warning.”)

Google passed along a defense of the company from Niels Provos, principal software engineer on its security team: “In this case, Google’s warning protected users from a very real malware threat. Google uses a technology we call Safe Browsing to help protect millions of people every day from dangerous Web sites that could infect their computers with malware or do other harmful things.” Mr. Provos acknowledged that it could be hard to clean up a hacked site, but said Google offered information and tools to help, as did other sites including StopBadware.org.

Still, some thought Google could afford to do more. “By becoming the big elephant in the Internet tent, Google owes its users the ability to talk to a knowledgeable Google employee in this kind of situation. Will it cost them something? Yes. Can they afford it? Of course, with billions left over,” John V. Kjellman wrote.

Several readers went out of their way to investigate Dr. Epstein’s site themselves. Maxim Weinstein, who runs StopBadware.org, found the site had been compromised and commended Google for protecting Web users. “If Google’s warning didn’t exist, and for users visiting from other popular search engines like Bing or Yahoo, users are automatically redirected” to malicious sites in India, he commented.

Richard M. Smith, an Internet security consultant, e-mailed Dr. Epstein and The New York Times to report he found more than 500 spam pages promoting fake Adobe products on Dr. Epstein’s site. “It’s clear his site has been badly compromised,” Mr. Smith said by phone. “Cleaning up these problems is not an easy thing to do. I can sympathize with his frustrations but the real story here is that Web site owners, who often aren’t tech-savvy, are too quick to blame the messenger.”

Article source: http://bits.blogs.nytimes.com/2012/01/06/readers-and-experts-weigh-in-on-a-site-owner-vs-google/

View full post on National Cyber Security » Virus/Malware/Worms