[olug] Google Safebrowsing Interpretation? Can't malware status be more black-n-white?
irish.masms at gmail.com
Tue Jul 5 02:27:32 UTC 2011
Hey Rob, WOT rates both those web sites in red (as in bad).
On Sat, Jul 2, 2011 at 8:26 PM, Rob Townley <rob.townley at gmail.com> wrote:
> i needed to review our list of blocked domain names. One of the
> domains that i have blacklisted in the past is openx.net.
> It claims to be an open source advertising platform.
> It is also the name of an autonomous network.
> Sometimes, i have problems interpreting what Google safebrowsing says
> about a site because the information often seems to be contradictory.
> More likely it is nuanced and really means "Yes, there was malicious
> software on this site, but since it requires user consent, it is not a
> suspicious website even though we found suspicious content today and
> was known to have infected other domains in the last 90 days."
> i have found many similar safebrowsing analyses and i am sure that
> some of these sites had nothing to do with advertising. So in the
> past, i thought maybe it is a bug in their system because i know
> Google went to tremendous lengths to analyze websites. Google
> recognized that Anti-virus software would just not keep up. Google
> developed and runs an automated virtual machine infrastructure that
> would analyze precisely what files changed by visiting each website.
> Since openx.net is _supposedly_ an advertising platform which _may_
> feed Google coffers, is that why Google is reluctant to say it is not
> suspicious? i doubt that Google would jeopardize its long term
> income in this way.
> Or is Google's safebrowsing initiative still in its infancy and this
> is simply a bug?
> Am i being too simplistic? Yes, i routinely find suspicious activity
> but do not have the time to really determine if it is malicious.
> Regardless, automated pass/no-pass systems are needed to keep us safe
> and i thought this was the idea of the 90 day period and for rebuttals
> by the website owners. It would be impossible for a sysop to read
> through the analysis of thousands of websites to determine whether
> each one should be reachable at this time, but from my experience,
> that is what i would have to do.
More information about the OLUG