Thursday, April 17, 2008

Working together to fight malware


We recently began a series of posts related to online security that focus on how we secure information (with posts like these) and how you can protect yourself online. Here's the latest in the series.- Ed.

As part of this ongoing security series, we'd like to talk a little about malware. The term malware, derived from "malicious software," refers to any software specifically designed to harm your computer or the software it's running.

Malware can be added to your computer, with or without your knowledge, in a number of ways -- usually when you visit a website containing malware or when you download seemingly innocent software. It can then slow down your system, send fake emails from your email account, steal sensitive information like credit card numbers or passwords from your computer, and more.

The conventional wisdom was that you could avoid malware by learning to spot sites that were created with the sole purpose of spreading it, and by staying away from other sites that might be risky. But recent research from Google suggests that an increasing number of malware attacks are taking place on sites you'd normally regard as safe or legitimate, but have actually been compromised.

Google works closely with the security community to identify malware on the web and then share that information more broadly. We've set up a number of automated systems to scour our index for potentially dangerous sites, and we add a label to those that appear to be a vehicle for malware. If you're searching on Google and click on a link that we've flagged, a warning page will appear before you move forward.

We also notify webmasters if we discover that a site is no longer secure and provide a method for webmasters that clean up their sites to request a review. And starting soon, we'll be providing more detail on sites that appear to be spreading malware, so users have a better sense of why we have flagged a given site and webmasters can more easily identify and correct issues on their sites.

All this stems directly from our security philosophy: We believe that if we all work together to identify threats and stamp them out, we can make the web a safer place for everyone. Of course, we can't catch everything, so our users play a crucial part of this effort too. Below are a few tips that can help you reduce your chances of being affected by malware:
  • Use anti-virus software. Most anti-virus software is specifically designed to find and remove harmful software on your computer. Be sure you have anti-virus software installed on your computer (you can get a free trial through Google Pack if you don't), keep it current, and use it to run frequent full-system checks.
  • Make sure your operating system and browser are up to date. Attackers typically target vulnerabilities in your operating system (OS) and your browser to install malware on your computer. OS and browser providers frequently release updates to close those vulnerabilities. Enable automatic updates for both your browser and your OS, and check for alerts to ensure you have the latest and greatest protection.
  • Be careful about what you download. While Google and everyone else in the online community is working hard to identify harmful sites, new sources of malware are emerging all the time. Whenever you're prompted to download an email attachment, install a plug-in, or download an unfamiliar piece of software, take a moment to think it through. You won't always be able to identify a risky download, but if you practice some reasonable caution, you'll be able to reduce that risk.
If you come across a potentially dangerous site that hasn't already been flagged, please report it. To learn more about malware and how to protect yourself, check out StopBadware.org's help page.

No comments:

Post a Comment