Recently, Google Webmaster Central Blog republished a post from the Google Online Security Blog highlighting that Google is taking a step in protecting you from malware by warning you in listings (image on the right).
You may be familiar with this type of warning, Yahoo! has been using a beta product from McAfee (SearchScan) to highlight potentially harmful websites in search engine listings.
Sounds great, Google and Yahoo! are trying to help keep you computer clean by warning us before we click on a website listing and find out that our personal information has been comprised, right?
Google even goes into it further and let’s webmasters know why they decided to put the label on the listing and offers some advice:
Advance warning
I often hear webmasters asking Google for advance warning before a malware label is put on their website. When the label is applied, Google usually emails the website owners and then posts a warning in Google’s Webmaster Tools. But no warning is given ahead of time – before the label is applied – so a webmaster can’t quickly clean up the site before a warning is applied.But, look at the situation from the user’s point of view. As a user, I’d be pretty annoyed if Google sent me to a site it knew was dangerous. Even a short delay would expose some users to that risk, and it doesn’t seem justified. I know it’s frustrating for a webmaster to see a malware label on their website. But, ultimately, protecting users against malware makes the Internet a safer place and everyone benefits, both webmasters and users.
Google’s Webmaster Tools has started a test to provide warnings to webmasters that their server software may be vulnerable. Responding to that warning and updating server software can prevent your website from being compromised with malware. The best way to avoid a malware label is to never have any malware on the site!
WTF
“As a user, I’d be pretty annoyed if Google sent me to a site it knew was dangerous.” – Really?
Why would anyone leave a listing for a website that may have malware at all? Google and Yahoo are both trying to take the “good citizen of the Internet” approach, but if they really were, they wouldn’t allow anyone to take that last step. Really, if you know there is a sign that says “Thin Ice” and someone is walking towards it, wouldn’t you stop someone from walking out on the ice? They have a further opportunity to put up a fence in this circumstance.
It isn’t the right of a website owner to be in the index of any search engine, so the idea that they can’t exclude someone is out the window. Lord knows that they exclude websites for other reasons, so why wouldn’t they here?
Am I really off base here? Please let me know… Here is a quick poll to voice your concern, or feel free to post in the comments.
Related Posts >>
- Been Lookin’ for More?
- Next Step in Universal Search
- What Does College Football have in Common with SERPs?
- A Note on Wikipedia – The Social Encyclopedia
- SEO: The Online Triathlon
{ 1 trackback }
{ 12 comments… read them below or add one }
Hi Stephen – that’s a good question
. We generally think that malware is something that should be very visible and we know that it usually gets fixed as soon as someone notices. Assuming a big site got malware, do you think it would get noticed & fixed as quickly if we just removed the site from the search results? I think the malware label really helps to make it obvious to everyone, including the webmasters. We want to send those sites traffic, so we want them to fix it ASAP, and we’ll remove the label as soon as we see that things are back in order.
This blog post may explain Google’s reasoning: http://oliverfisher.blogspot.com/2008/11/kick-them-all-out.html
@JohnMu: John, thanks for the comment.
Taking your assumption in this case, wouldn’t the absence of traffic from Google get your attention? I think that notifying a website owner shouldn’t be a requirement of any search engine, but if you are looking for insight from the likes of Google, set up a webmaster tools account and be notified. I think that if Google and Yahoo were trying to be realistic and looking out for the user, they wouldn’t include the listing, or at the least, not allow a user to click through.
> or at the least, not allow a user to click through.
Google doesn’t allow the user to click through. Clicking on the result on the serp page will lead to a warning interstitial page. If the user really wants to proceed to the site (which I don’t recommend), they can type the url into the browser manually. Of course, FF3 and Chrome provide further protection by also using Google’s malware blacklist – even for manually typed urls.
@Oliver Fisher: Oliver, thank you for your comment.
I absolutely understand your point, however, two caveats, first if the website owner is proactive, they would be maintaining their website (but malware still happens) and second, if malware is found on their site, they should want it to be removed so they can address the issue.
It’s like being sick, if you have a cold and are in an office, go home, get rest and get better, but as long as you are out in the population, you risk infecting others and that isn’t being a good member of your community, certainly not providing a positive environment for your visitors.
Think like a user, not a webmaster. Let’s suppose Google removed all malware sites from serps. If a user was at a site yesterday, they may use Google to search for the site to visit again today. But if the site has malware, it doesn’t appear in search results. The user knows the site exists so they’ll find some other way to get to it – browser history, for instance. Because Google didn’t tell them about the malware on the site, the user may inadvertently expose themselves.
By leaving the site in serps with a malware warning attached, Google gives users important information while protecting them.
I totally understand your point of view and removing malware infected sites from serps is a legitimate course of action. Personally, I’m glad that Google erred on the site of transparency though.
Interesting … if the site knows of the malware label in webmaster tools, then it can be fixed by the site owner within say 30 days. If the site owner has time to react, then it makes sense to remove them from the index after some time has passed. The alternative is to ban the site completely, removing it from all paid and organic listings.
@Oliver Fisher: Oliver, thanks for the follow up, and I see your point, however, if a website has made an impression the likelihood that the user will go back to a search engine to find what has already been found is lowered.
The idea of leaving them in the SERPs and warning the user will more likely lead that user to not go back to the warned site because it isn’t worth the risk. Transparency is important, but I think that safety, rather than transparency is much more important to users in general.
@Sean: Thanks for the comment.
You make a great point. If a website owner is non-responsive then they don’t belong in the rankings because they failed to attend to the needs of their users by offering a quality resource without the risk of loss. I still feel that they best place for a website with malware is not in SERPs.
I wonder how a webmaster should handle the negativity that would come with your listings showing you have malware? As long as it takes for users to remove it from their computers, I doubt it.
I’ve noticed that Google does not do the warning sign in their search results for the entire website but for certain pages within the website if they show up as results in their search engine. It’s great that they are doing warnings about malware but dislike the fact that they let you access the site through another page on their site. I do feel that people should be \entitled\ to a written warning if Google plans to show this type of comment, even if it’s after the site starts showing the warning. I don’t think Google should ban any site, since the malware may have mistakenly been made part of the site. Benefit of the doubt. Anyone else have more opinions?
I have no issues in removing harmful sites and spyware. Google is a private business, it is not the only way to access the internet and they can choose to protect their image by removing harmful websites.
i think they should just ban the sites that contain malware etc… some people don’t understand even the most obvious warnings and click without realising the consequences…