Bing delivers five times more malware than Google, but should you care?

Bing delivers five times more malware than Google, but should you care?

Summary: Bing search supposedly serves up more malware sites than Google, but isn't browser security performance a more important measure of security?


Microsoft's search engine Bing delivers five times as many websites hosting malware in its search results than Google, according to German antivirus testing company AV-Test.

AV-Test claims to have evaluated a number of searches on search engines including Google, Bing, Russian search engine Yandex, start-up Blekko, peer to peer search engine Faroo, Ask Jeeves' Teoma and China's local search giant Baidu over the 18 months to February this year.

Of the 40 million websites delivered by the search engines, AV-Test found they harboured 5,000 "potential pieces of malware", according to the report's author Markus Selinger.

"Google achieved the best results in the study, followed by Bing. Attention must, however, be drawn to the fact that Bing delivered five times as many websites containing malware as Google during the study," Selinger notes.

The 10.9 million searches using Google delivered 272 malware infected websites, while the 10.9 million Bing searches returned 1,285. The 13.6 million searches on Yandex resulted in 3,330 malware infected sites.

AV-Test's CTO Maik Morgenstern told ZDNet the sources it used to determine search terms in the study were Twitter Trends, Google Trends and BBC News Headlines.

"One example from 2013-04-01 was 'Baseball Tonight' which we got from the Worldwide Twitter Trend. Other examples from 2013-04-02 are 'Everybody Loves Chadwick' (Worldwide Twitter Trends) and 'Javier Prado' (Peru Twitter Trends) or from 2013-04-03 'Malaysia PM set for general election' (BBC News). In most cases we only have one or two hits per search words," said Morgenstern.

Morgenstern said it used three main methods to test whether a website was malicious:

1. AV-Test multiscanning system: We used 36 different antivirus products to check whether they flagged the website content as malicious or suspicious (this could have been executable files or Javascript or HTML, eg containing exploits)

2. AV-Test dynamic analysis system: We checked the website content for certain attributes that are suspicious. If those occurred we fed the website to our dynamic analysis system to look for malicious behavior (eg due to the use of exploits)

3. External malware databases: Furthermore we checked whether the URLs were already known in external malware databases, such as Malwaredomainlist or Zeustracker.

The checks 1 and 3 were repeated after one day and after seven days.

We didn't use Symantec's (or any others vendor) website malware scanner, just the regular antivirus scanning part (see 1).

But how important are the statistics - should search users be worried? The amount of websites served in search results that carried malware was only 0.012 percent of the total tested. And, despite the millions of searches carried out, it's a relatively small sample of search engines' traffic - Selinger points out that Google alone deals with two to three billion search requests per day.

As the search giants alter their algorithms to thwart the malware spreaders, the malware spreaders up their own game, and the report does point to search engine optimisation techniques that malware distributors used to reach potential victims and ensure their sites are in the top ten search results delivered by Bing or Google.

And an equally important factor to consider in Microsoft and Google's comparative online safety record is how well browsers detect and warn uses against visiting malware and phishing sites.

Google's own Safe Browsing tool also has an API that extends the service to Chrome, Firefox and Safari. Microsoft introduced its own SmartScreen Application Reputation in Internet Explorer in 2009. The services use reputation-based methods to determine whether a site is hosting malware or is a phishing site and flag to users when a site is suspicious.   

NSS Labs regularly runs browser phishing tests comparing the performance of Safari, Chrome, Firefox and IE, with the latest test running the browsers against 2,300 phishing URLs.

Although the three non-Microsoft browsers all used Google's SafeBrowsing API, Firefox performed the best for alerting users to "zero hour" phishing sites. Over time, all browsers detected around 90 percent of the sample suspicious URLs.

Topics: Security, Google, Malware, Microsoft

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not this one factor, but overall?

    No, this one factor alone is not very important when considering which search engine to use. But it does indicate that Google's servers are much more mature in how it works. I find it provides much better results and details.
    The Bing it on challenge is a ruse. If you watch the commercials, every time it shows someone picking a side, they pick the side with the pictures. Because the challenge is rigged. Bing's side gives you actual bing results whereas the Google side has removed the image results, removes the data cards on the right side, removes the instant page preview that you can get, removes the ability to search within a page, removes the instant results you can get by searching for calculations or definitions. It basically turns Google into what it was 15 years ago and compares that with Bing 2013... well of course bing would win that war.. maybe.
    • I disagree

      I took the challenge and did not care about pictures. The test results were very close and both sides provided good results. It made me realize that for a lot of searches BING is just as good as Google possibly pbetter (depending on topic). For my technical searches I did choose google more often than BING but for News,/Social I preferred BING.

      I use them both
      Burger Meister
      • Similar results.....

        Because Bing has been caught using Google results......
        linux for me
  • From time to time I give a chance to Bing

    But unfortunately is way behind Google. This study is just another sign of how inferior Bing is... not that relevant I must say.
    Maybe MS is just serving android malware so they can brag about it in the scroogled campaign :-) ...
    • Explain with an example if you dare

      To prove your point that Bing is behind Google.
      • Here you go...
      • Many examples

        ask unit conversions to Bing, about the weather in some place, or what time it's in Beijing.
        Search for Cyprus, Bing is unaware of the trouble going there. Google mix almost always informative pics with many search results, ...
        The list of things that Google search do better is huge.
        • What a non-sense

          Try those things you listed side by side and Bing gives better results....
          • Try searching on any windows error.

            Side by side and you will see how much Microsoft sucks the bing one.
          • Post the error code.

            Otherwise you don't have a point.
          • How much...

            Is Microsoft paying you? Or are you just a regular employee?
          • I've tried

            ... did you?!
          • You are wrong again

            But I'll give you the chance to prove me wrong.... if not, we will all learn where is the non sense :-P
      • Bing...

        Bing is a hundred miles behind Google kid, and no matter how much Microsoft pays you, that's not about to change.
        • Google is a hundred miles ahead in sucking privacy

          • Agreed... Google is worse at sucking privacy.

            But Google offers much better search results... By a huge margin.
          • Another non sense

            Post facts
  • AV test is propaganda - No scientific method were used

    No scientific method were used for the test and how on earth these stupid things get headlines.

    So its pretty evident the only intent and purpose is this 'study' is to throw mud at Bing.
    • Don't like the premise...

      attack the messenger. Nice.
    • and the only intent of any scroogled campaign

      is to throw mud at google, yet you support MS with every last breath... which is why no one cares what you say... yet you still post on here... so what exactly is your point?