New malware is released on the Internet every 30 seconds according to McAfee research, and the problems it causes threaten the very health of the online environment. Much of this malware is distributed through search results. Some is disseminated through the millions of legitimate websites that have been infected – including .gov, .edu, .org, and .net sites. Other malware is distributed via the millions of deliberately malicious websites whose express purpose is to dump malware onto hapless consumers’ devices.
Tackling the malware scourge are dozens of security software companies and law enforcement agencies. Enduring the most pain are consumers and companies doing business online. Who’s not at the table?
Search engine companies – the very companies that enable the dissemination of most malware today – are notably absent in this battle. Why have Google, Microsoft, Yahoo, and other search companies. failed to step up to their role and responsibility in blocking malicious sites?
Without using a tool that flags harmful sites (in this graphic, it’s McAfee Site Advisor, but there are several options) consumers have no way of knowing that the first sponsored link is harmful.
Defining ‘malicious’ is not an impossible task. Malicious is a matter of definition along a sliding scale, and it can be argued where the line should be drawn. Fine, argue about it – then set a standard.
Identifying malicious sites is not an impossible task; dozens of companies flag and block malicious or infected sites. Though search engines can’t guarantee to catch every single malicious/compromised site, they could dramatically reduce the likelihood that consumers and companies would be infected – and dramatically reduce the revenue of organized crime groups promulgating this crap.
Blocking malicious sites is not a freedom of speech issue. Search engines are owned by companies with policies, and they can write those policies however they see fit. Freedom of speech does not apply in a company-owned environment, whether you’re standing in Disneyland or using a search engine. Companies have the right to set their standards for what they display, accept, monitor, or block.
- One policy option could be that the search engine will not knowingly display sites that have been shown to be malicious or are currently infected.
- Alternatively, search engines could have a policy that provides consumers choice – for example, giving an option for consumers to choose between “only show sites believed to be free of malware” vs. “show me all sites, but highlight ones with known risks”.
Identifying and blocking malicious sites should not be a financial issue. Identifying malicious sites isn’t inordinately expensive – or the free services available for consumers would not exist. Blocking malicious sites that want to get top placement as sponsored links does represent a loss of revenue– but is this revenue from criminal or malicious entities worth facilitating the exploitation of consumers?
In fact, search engine companies should be able to make a good business out of notifying legitimate companies, organizations, etc. that their sites are infected.
Search engines, step up to social responsibility
The major search engine companies need to step up to their social responsibility rather than simply abetting the circulation of malware. These engines are the ideal chokepoint – if malicious sites aren’t displayed in search results, or are clearly marked as malicious – consumers and companies alike won’t fall victim.
Consumers, hold companies accountable
If you want a safer online experience, you need to demand a safer online experience from the companies you use. Change doesn’t happen overnight, but change is much less likely to occur when consumers aren’t demanding it.
YOU have the power to change the level of risk search engines expose you, and your family, to – let your search engine provider know you want protection today.