Google flags entire Web as 'malware'

Google flags entire Web as 'malware'

Summary: UPDATE: Google explains, blaming "human error."A major hiccup at Google this morning caused the entire Internet to be flagged as malware.

SHARE:
24

UPDATE: Google explains, blaming "human error."

A major hiccup at Google this morning caused the entire Internet to be flagged as malware.

The problem appears to be centered around the Google Safe Browsing API -- even that returned a "This site may harm your computer" warning (see screenshot below) -- the security diagnostics service that powers Firefox's malware blocking service.

There has been no official word from Google yet but the blogosphere and Twittersphere is abuzz with screenshots and complaints from unhappy Web surfers. (See Techmeme discussion).

For a short period during the hiccup, Firefox was blocking access to Web sites with the standard "This is an attack site!" warning.

With all the damaged reputations from this episode, how soon before we see a high-level warning about the dangers of the Google monoculture?

Topics: Google, Browser, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

24 comments
Log in or register to join the discussion
  • Google Giggles!!!

    http://evilfingers.blogspot.com/2009/01/google-is-malicious.html
    EvilFingers
  • RE: Google flags entire Web as

    i'm trying to recall anything of this order of of magnitude affecting millions of users worldwide that Microsoft did.

    uhm, aside from releasing Vista, the only other thing coming to mind was Slammer, the SQL Server worm. The subtle difference was that Slammer was written by non-MS party and exploited a hole in the server software (and it did it real quick). it was a serious security hole, but the exploit code was someone else's.

    in case of Google, we have an in-house written "feature", apparently tested "well enough". no wonder Google has mostly everything in beta. you can always blame an product that is never released and eternally in a limbo of testing (what does it say about methodology of internal project management? target delivery date must mean the day when the whole team gets free pizza delivery for lunch).

    i wonder how they will explain that "major hiccup". the quality assurance team got dehydrated? ;-) one thing for sure, this mini-disaster and hurried releasing patches for serious security holes in their flagship Web browser will not make them more credible as a business partner and prove that, well, Google isn't as perfect like we thought.

    As of at least a few minutes ago, the search engine company quickly turned off the paranoid and horribly implemented feature that should never seen the light of a production server.

    Let's wait for official explanation (example: "it was a planned test of our new bullet-proof hacker defense API", or "it was a human error" <- that one is unlikely, it would admit Google makes mistakes, though everything being in Beta per creator's license agreement has the right to malfunction).

    oh, well. it was fun this morning seeing how the leading search engine suddenly turned into the worlds most powerful firewall. we need more snafus like this in 2009 to brighten the grim economic outlook and generate a few ROTFL laughs.
    the_fiddler_on_the_roof
    • Not so fast ...

      <font color=grey><em>"i'm trying to recall anything of this order of of magnitude <strong>affecting millions of users worldwide</strong> that Microsoft did."</em></font><br>
      <a href="http://www.google.com/search?q=wga+outage&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:unofficial&client=firefox-a" target="_blank">WGA outage</a>?<br>
      Is Google your friend too?<br>
      <br>
      ^o^<br>

      n0neXn0ne
      • "message has been deleted"

        interesting.

        must have been some good feedback. apparently after filtering out all vulgarisms and fire there was nothing left but whitespaces, exclamation marks, and dots.

        anyway Google is back online, "and nothing else matters" (to quote lyrics from a song of a metal band that alienated its internet fans deeper and quicker than any other musical band).

        have a great day :-)
        the_fiddler_on_the_roof
      • MS Did Something Else, Too.

        Windows Me.

        'nuff said.
        dumptux
  • RE: Google flags entire Web as

    I was wondering what the hell was going on?
    It is ok now.
    MoeFugger
  • RE: Google flags entire Web as

    i feel compelled to add a clarification about betas: while MS beta software has been typicaly so incredibly buggy over the last 10 years that instead of releasing subsequent betas (Beta 9 anyone?), they started changing build nomenclature to Release Candidates (progressing through 1, 2 and sometimes 3 iterations before going RTM), and even recently 500MB updates for MS SharePoint were christened "Infrastructure Update" instead of Service Pack 2. My thinking is there is internal policy that prohibits releasing more than 1 Service Pack per product per year, so whoever has the ungrateful job of publishing such gargantuan updates, must prove own creativity with coming up with a new bizarre term. They no longer release Alphas. Betas took over what everyone used to call Alpha builds, and Release Candidate took over what was more stable build known as Beta. The amount of chaos it introduces on MS Technet in terms of downloading patches (depending on if you used Beta, RC, or RTM, or RTM + SP1 etc.) is undescribable. Recently they started forcing users to give them email address, to which they will send a message with a link to a password protected .zip file, including that password in the email. For products as complex as SharePoint, Project Server, PerformancePoint Server and Portfolio Server, this is the dumbest possible strategy to deliver fixes to users as quickly as possible. Plus you yourself must find out the sequence of applying fixes. it's a mess that no one at MS seems to have a grip on, and no one cares how difficult it is to patch a server using their implementation. in terms of brainless implementations of functionality for end users, MS Technet and patch system functioning steals hours of my time to research KBs and get the right patches (imagine requesting fixes and getting 24 emails, each with download link to a .zip and its own password).

    on the other hand, i wholeheartedly and honestly admint any beta Web product from Google I ever used (though never utilizing 100% of its functonality) was extremely stable.

    if Google had this "this site can harm your computer" feature online even for a full week, it would not make me more furious about MS patch management for end users and IT pros. it would only cause a small inconvenience, because i always use Google to find a specific patch/KB article on MS site, because MS's search technology and helpfulness of the MS patch website is worth less than the famous chair lobbied towards people knowing search technoogy and leaving MS for Google, knowing well that MS search is dead meat (you never get the result you want as the 1st link, contrary to Google) and by the way learning informal company departure procedures.

    Let's face it and sum up in two points:

    - MS has search technology, but has no "find" technology. in this area innovation has been dead for more than a decade.
    Massive and effective search implementations for terabytes of content (SharePoint, Search Server, other), deployed to client sites are usually done by MS "instant response team" consisting of field-hardened MS consultants; you can't do this yourself by using multi-thousand pages of offical documentation.

    - MS has been losing a grip on patch management of ultra-complex server software (versions for 32- and 64-bit platform, multi-language) and their "search technology" will pull them down.
    Questions about specific problems and patches are answered on MSDN forums by MS employees in a way that is either formulaic ("here, i'll copy and paste some official documentation", equivalent to "did you power-cycle your cable modem?") or simply not-applicable answer, proving they don't even know their own products well. They're smart people, just unhelpful or confused, or both. Sometimes the solution can be found only on some obscure and outdated blogs from MS MVPs or other MS technology enthusiasts, of course finding them using Google. At least Google employs Web usability testing; MS only presents online surveys to which i can say over and over: your site is useless like during 10 prior online surveys, couldn't find what i was looking for, get a clue at long last. Your KB system will tumble in 2-3 years. you may have made record sales on SharePoint licenses, but guess who will be patching them and who will tell the CIOs (and then CEOs) why the custom application broke after deploying the patch.
    In the past i've had the "pleasure" of administering Sun Solaris and Linux servers, and it was much easier than with MS patching now, so no one can't call me a MS fanatic. i like working with solutions that get the job done most reliably and quickly, no matter what the brand is. MS is not such a solution provider now. Even MS sales guys who conned my CIO into buying 3rd party package months ago, now go out empty handed because the IT staff implementing the package b*tched so much and so loudly, the CIO got the message.

    the final thought is: i (and perhaps thousands of other it pros) wouldn't be able to effectively manage patching MS servers if Google did not exist. we'd be browsing through heaps of KB articles for patches for products that are not pushed via WSUS. competition, if it results in better products, is always welcome. Windows Vista and MS Ribbon are not.
    the_fiddler_on_the_roof
    • rm -R /*

      OOPS!

      "the URL of ?/? was mistakenly checked in as a value to the file and ?/? expands to all URLs."

      and it took over an hour to notice that all 29-billion-plus websites were now "suspicious"?

      just about as bright as
      login root
      rm -R /*

      "Computers will do what you tell them to do, very fast. Unfortunately, this may or may not be what you really wanted them to do."

      ;-)
      oldbaritone
      • Except that

        rm -R /* would actually interrupt service, and take more then a few minutes to undo.

        ;)
        AzuMao
    • What a load of Clap Trap

      For goodness sake we are talking about Google you are weird Google cocked up YES thats "Google"....got it now? GOOGLE!
      Richard Turpin
  • Wow

    almost makes the joke I made in another topic about Goggle flipping a switch and turning off the internet not so far off, as long as you're using Google. Seemingly, they just want their users to stay off it, way better.
    Boot_Agnostic
  • Get a life Ryan

    It was bug/glitch... get over it. As if everything works perfectly in your world.
    croberts
    • Wake up on the wrong side of the...

      ...tampon today, didja? He's simply reporting something. What's YOUR problem?
      MGP2
    • Talk about fanatics...

      He's just reporting something that affects the general public. It's not about attacking your "can't do anything wrong" Google or your "malware proof Firefox".
      transposeIT
      • Since when did the "general public" even use that feature? o_O

        [b] [/b]
        AzuMao
    • I completely agree

      I would be less harsh on Ryan, however, although
      he could have mentioned this as well:

      All that happened was something wrongly flagged
      as dangerous. Google wasn't suddenly useless,
      the links were still there. All one had to do
      was copy the relevant bit in the address bar.

      An hour later, everything was back to normal.
      The people who got angry over this need their
      heads examined.
      Bart B. Van Bockstaele
    • You've got it wrong, croberts.

      Ryan's articles are sarcastic in nature. Didn't you figure that out yet? It should have been pretty obvious if you'd read more then one of them.
      AzuMao
  • RE: Google flags entire Web as

    Google screws up? Just consider this one of many that the company has under its belt. Maybe if they told their employees to work more instead of sitting around playing with office toys all day they wouldn't look like an incompetent company. More and more people are riding themselves of Google for stuff like this.
    Loverock Davidson
  • Well, I can't say that I am surprised

    Considering that every so often I go to a website that I have been going to for MONTHS in Firefox, only to have it post a warning saying "This site might contain malware!" and after getting into the site and checking things, I have to click the button that tells Mozilla "Hey idiots! No malware on this site that I can find!"
    Lerianis
  • Message has been deleted.

    jaiderbertoli007