Bing delivers five times more malware than Google, but should you care?

Bing search supposedly serves up more malware sites than Google, but isn't browser security performance a more important measure of security?
Written by Liam Tung, Contributing Writer on

Microsoft's search engine Bing delivers five times as many websites hosting malware in its search results than Google, according to German antivirus testing company AV-Test.

AV-Test claims to have evaluated a number of searches on search engines including Google, Bing, Russian search engine Yandex, start-up Blekko, peer to peer search engine Faroo, Ask Jeeves' Teoma and China's local search giant Baidu over the 18 months to February this year.

Of the 40 million websites delivered by the search engines, AV-Test found they harboured 5,000 "potential pieces of malware", according to the report's author Markus Selinger.

"Google achieved the best results in the study, followed by Bing. Attention must, however, be drawn to the fact that Bing delivered five times as many websites containing malware as Google during the study," Selinger notes.

The 10.9 million searches using Google delivered 272 malware infected websites, while the 10.9 million Bing searches returned 1,285. The 13.6 million searches on Yandex resulted in 3,330 malware infected sites.

AV-Test's CTO Maik Morgenstern told ZDNet the sources it used to determine search terms in the study were Twitter Trends, Google Trends and BBC News Headlines.

"One example from 2013-04-01 was 'Baseball Tonight' which we got from the Worldwide Twitter Trend. Other examples from 2013-04-02 are 'Everybody Loves Chadwick' (Worldwide Twitter Trends) and 'Javier Prado' (Peru Twitter Trends) or from 2013-04-03 'Malaysia PM set for general election' (BBC News). In most cases we only have one or two hits per search words," said Morgenstern.

Morgenstern said it used three main methods to test whether a website was malicious:

1. AV-Test multiscanning system: We used 36 different antivirus products to check whether they flagged the website content as malicious or suspicious (this could have been executable files or Javascript or HTML, eg containing exploits)

2. AV-Test dynamic analysis system: We checked the website content for certain attributes that are suspicious. If those occurred we fed the website to our dynamic analysis system to look for malicious behavior (eg due to the use of exploits)

3. External malware databases: Furthermore we checked whether the URLs were already known in external malware databases, such as Malwaredomainlist or Zeustracker.

The checks 1 and 3 were repeated after one day and after seven days.

We didn't use Symantec's (or any others vendor) website malware scanner, just the regular antivirus scanning part (see 1).

But how important are the statistics - should search users be worried? The amount of websites served in search results that carried malware was only 0.012 percent of the total tested. And, despite the millions of searches carried out, it's a relatively small sample of search engines' traffic - Selinger points out that Google alone deals with two to three billion search requests per day.

As the search giants alter their algorithms to thwart the malware spreaders, the malware spreaders up their own game, and the report does point to search engine optimisation techniques that malware distributors used to reach potential victims and ensure their sites are in the top ten search results delivered by Bing or Google.

And an equally important factor to consider in Microsoft and Google's comparative online safety record is how well browsers detect and warn uses against visiting malware and phishing sites.

Google's own Safe Browsing tool also has an API that extends the service to Chrome, Firefox and Safari. Microsoft introduced its own SmartScreen Application Reputation in Internet Explorer in 2009. The services use reputation-based methods to determine whether a site is hosting malware or is a phishing site and flag to users when a site is suspicious.   

NSS Labs regularly runs browser phishing tests comparing the performance of Safari, Chrome, Firefox and IE, with the latest test running the browsers against 2,300 phishing URLs.

Although the three non-Microsoft browsers all used Google's SafeBrowsing API, Firefox performed the best for alerting users to "zero hour" phishing sites. Over time, all browsers detected around 90 percent of the sample suspicious URLs.

Editorial standards