The folks at Google have finally publicly revealed their interest in Internet security and now have a blog available for your perusal. What I immediately found of interest is that the claim that one in ten sites contain malware may have been overreported according to the first Google security blog entry. It also seems that Google has been quietly involved in protecting us users from malware and have been doing so for the past year.

Which makes one wonder if Google may be going into the anti-virus and malware protection business? I think we all have some suspicious about the effectiveness and protections provided by the software companies like Symantec and McAfee and just how really effective their protections are. Symantec in particular has been embracing more FUD ever since Vista was released which makes one wonder their real motives. Is it to benefit the consumer or Symantec’s pocket book?

Google describes its efforts as:

Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we’ve been looking for a way to foster discussion on the topic and keep users informed. Thus, we’ve started this blog where we hope to periodically provide updates on recent trends, interesting findings, and efforts related to online security. Among the issues we’ll tackle is malware, which is the subject of our inaugural post.

Malware — surreptitious software capable of stealing sensitive information from your computer — is increasingly spreading over the Web. Visiting a compromised Web server with a vulnerable browser or plugins can result in your system being infected with a whole variety of malware without any interaction on your part. Software installations that leverage exploits are termed “drive-by downloads.” To protect Google’s users from this threat, we started an anti-malware effort about a year ago.

Unfortunately, the scope of the problem has recently been somewhat misreported to suggest that one in 10 Web sites are potentially malicious. To clarify, a sample-based analysis puts the fraction of malicious pages at roughly 0.1%. The analysis described in our paper covers billions of URLs. Using targeted feature extraction and classification, we select a subset of URLs believed to be suspicious for in-depth investigation. So far, we have investigated about 12 million suspicious URLs and found about 1 million that engage in drive-by downloads. In most cases, the web sites that infect your system with malware are not intentionally doing so and are often unaware that their web servers have been compromised.

I would like to applaud Google for its efforts in trying to protect us all from the ravages that malware can create on a infected system and hope it can keep up the good work. I have more confidence in the Google team than in some of the companies that profess protections but who may have a different agenda. Also it seems to me that Google has a lot at stake since they want to maintain consumers confidence in the security of the Internet and have the manpower plus money to eliminate and/or curtail some of the activity of malware infested sites.

Google security blog here.

What do you think?

Comments, as always, welcome.

[tags]google, security, malware,viruses, protections, [/tags]