Well I tried to download chrome yesterday, and you STILL get www.downloadchromenow.com and other spam site adverts at the top of the results, which absolutely serve malware/spyware
Until they sort out their ads it's true, it is a dangerous site
Like the other peer comments, this does not show up for me. I'm afraid there's a good chance you already have some malware (or at least a rogue extension) that is inserting ads into your pages.
I've been testing these kinds of searches every now and again for a few years now (and complaining about it on HN regularly). The malware ads are generally intermittent and won't show all of the time. That doesn't mean they don't exist.
I can assure you that for many years Google has been serving ads that link to malware for search terms like "firefox". I've seen them across different machines, different browsers, different ISPs, different OSs.
The situation with firefox seems better now but only because Mozilla is seemingly buying up all the ads for searches with "firefox" in.
That is a very big assumption that may hold for Browsers but not many other products. And even if illegitimate models are more efficient, a big business can afford a money sink for PR.
They can't just ban the word "Chrome" from AdWords, though. Spammers/malware authors are very good at figuring out what's needed to slip through the automated systems.
They've done this for Skype too. And the funnier thing is when I reported it to Skype, they claimed it was "OK" because it said TOM in the description (Skype's Chinese sponsor). Except the link did not have anything to do with Skype or TOM.
On Google? If I enter "Chrome download" there, I get Google's own page as top result. However if you were to do the same with Bing (such as you probably would if you used Microsoft's browser downloader (Internet Explorer), which has Bing as default) you get the typical spam adverts at the top.
I just repeated your experiment: With my ad blocker disabled, I searched for "google chrome" on DDG. I got two ads above the search results; one was for google.com, and the second was for downloadsem.com, which is distributing a Chrome browser that comes with a lot of browser toolbars. I took screen shots. [1]
Of note is that these ads are powered by, and clicks redirect through, Yahoo.
No, are you trolling? I was hardly the only one on this post who didn't get ads for that search. You are the first person to mention the mobile version of any browser so I did the same search with Chrome on Android using DDG and... Gee, the Google Chrome website is still the first result. The only time I got an ad was with the Canadian version of Bing. Note, I am using the DDG website NOT the app or extension.
It should. Though if search engines were actually held liable for every malware link they place above real results, Google would no longer be a profitable business. Just the fake banks Google puts in search ads alone...
microsoft writes the operating system they are infecting. then people with older computers think their hardware is too slow and buy a new one.
how can they not use vm's and heuristics to click all their ads and see if it infects their own operating system, before approving the ads, and then rechecking them every so many clicks?
Most of the time it's a brief look with a VM that the ad approval process goes thru, and honestly that may not show the malware.
A lot of the time the malware is designed to only show up in certain case scenarios such as date/time, specific version of an OS like Windows XP SP1 but not SP2. Designers come up with the most ludicrous ways of circumventing the Ad approval process, and with hundreds to thousands of new ad's per day there simply isn't an easy way to do all that testing for each single new ad being served, on top of discovering new methods used to skip the checks.
Some networks are truly terrible and just have automation systems but those networks aren't as profitable and are beginning to die out.
With deep learning networks becoming so popular I do often ponder if this type of prevention could be automated slightly better!
Think about Google's conflict of interest: They ship most of the malware consumers get via malicious ads. And then they advertise about Chromebooks having no malware. Google doubly profits off shipping malware to consumers.
Microsoft, at least, has a good incentive to police their malware.
It was on a fresh windows 10 install, so unlikely. Of course, now it isn't happening any more. Either they fixed it, it's intermittent, or I'm misremembering
I've had similar experiences with Bing, which I used inside IE on a fresh Windows install to search for a few programs/drivers (was just to lazy to type in my own search engine).
IIRC when I searched for FF or Chrome, the top 4-5 results were links to third party sites, but when searching for nvidia drivers the official site was the first non-ad result. Definitely seemed suspicious, and also made me realize how much I missed apt.
The difference is any AUR helper worth using tells you to review the pkgbuild. In this case, I can easily see that the deb the script uses is pulled from dl.google.com and that all it does is decompress it and rebuild it as a tar.xz package.
Additionally, the AUR is about as curated as Google Play, and I trust Google Play exceedingly more than random download links on the Internet. You can audit AUR packages via its rating, the number of comments it has, its popularity, and the website enables you to flag packages as malicious, the same way you would flag APKs on Google's service.
Good* for Google to spot their own website being not completely safe! Wonder if they did click on https://www.google.com/webmasters/hacked/ themselves to see how to get Google.com unhacked.... ;-)
* Actually, I think it IS good that there is no 'whitelist' of domains which are surely safe, and that it checks even the company's own main website.
Thanks to this comment, I've been tinkering with the security suite, and thought it would be worth noting that it can also flag a site as insecure due to your extensions. That doesn't look like the case here, but it's nice it flags them.
Google is at the top of SiteTruth's list of major sites currently being exploited by phishing scams. 37 of them right now.[1] This list comes from a join of PhishTank and Open Directory - sites with some reasonable reputation and an active report in PhishTank. At one time, Microsoft and Yahoo were at the top, but they got better.
Any popular free hosting service ends up hosting phishing sites, but Google doesn't aggressively clean them out. Here's Google's oldest phishing site, from 2010.[2] It's an attempt to steal Habbo logins (Habbo is an old virtual world, similar to The Sims.) Lately, phishing via Google Drive is picking up. Phishing sites hosted on Google Spreadsheets have finally disappeared; you can put HTML in a spreadsheet cell and host a site that way. For a long time, Google didn't recognize that this was a way to host a fake site.
At least all the fake sites are under Google's subdomains (sites., drive., etc.) There used to be exploits using "google.com" as an open redirector.
Even, github.com is partially dangerous.
"Dangerous websites have been sending visitors to this website, including: github.com/mgp25, github.com/racaljk, and github.com/100pcrack"
Is that it? I find that searching for almost any movie includes a message at the bottom that at least one result has been removed due to a take down notice.
I think the big problem is that Google does a poor job cleaning up user generated content on their own properties. Google Groups, Google Drive, Feedburner, GoogleSites and Blogspot are continuously used to deliver phishing/malware. It also doesn't help that google sometimes hosts those on it's google.com domain or uses their google.com domain to redirect to those sites.
In all seriousness though, they've got one of the largest public facing systems in the world. Given the surface area and traffic volumes, it's surprising that the don't have more issues than they do.
I really really dislike this. Why does google get to decide which websites are good and which are not. Unless someone subscribes to this service google should do what it does best, search.
One day they decide everyone should be mobile friendly, the next day they decide which sites are bad and which are not, what more?
Every single day, google is giving me more reason to use alternative search engines.
You dislike it just because you dislike it. Your argument is as good (/bad?) as saying "Why does government get to make laws and decide what's good and what's bad?" In any society, we have some basic rules of 'good' and 'bad', and it's totally ok to test a website on those measures. Like a website secretively installing malware on your machine is bad. In a parallel world, that might be a good thing.
> Why does government get to make laws and decide what's good and what's bad?
We do ask this. It's the entire reason we vote in representative democracies. It's absolutely nothing like the question you're replying to.
> In any society, we have some basic rules of 'good' and 'bad', and it's totally ok to test a website on those measures.
The basic rules of societies for what is 'good' and 'bad' about websites is something that you have entirely invented here in order to make an empty, unnecessarily dismissive argument.
Here's my answer: Google decides because our governments have abdicated responsibility for regulation or enforcement. Therefore, the responsibility is taken up by the groups in the best position to exploit it for money.
> We do ask this. It's the entire reason we vote in representative democracies
And you settle with a government which agrees to 'your' version of good and bad. But somehow, Google is not entitled to its opinion even if for trying to possibly make a safer internet.
> you have entirely invented here in order to make an empty, unnecessarily dismissive argument
On the contrary, I'd say you have invented your reasons for why Google is doing it (i.e., 'to exploit it for money') without any evidence. Of course, Google is here for profit, doesn't mean there's an evil motive for everything they do.
Of course, your judgement of good v/s bad is for good, and their judgement of good v/s bad is for bad. ;)
> And you settle with a government which agrees to 'your' version of good and bad.
That's not how voting works. If the government agreed to my version of good or bad, the country would look a lot differently than it does.
> On the contrary, I'd say you have invented your reasons for why Google is doing it (i.e., 'to exploit it for money') without any evidence. Of course, Google is here for profit,
So you agree with me.
> doesn't mean there's an evil motive for everything they do.
No corporation has evil motives. I don't even know what that means. That it's trying to summon demons?
I don't know if you don't understand simple statements or you are pretending not to, to make some weird point. You vote for a government that promises things which are overall 'good' or 'least bad' according to you. And definitely, you have some version of good and bad you categorize people, and things with. Everyone has (if you don't, this discussion has no meaning). Google is doing the same, and there are people who find it very useful.
And I have no interest in explaining to you like 5 what is an evil corporation. Do a Google search.
Nobody is being forced to any attention to their pronouncements. The only reason they are of any relevance is that a lot of people freely choose to use services and software that incorporate them.
The concern is primarily because Google has, to many people, become "the Internet itself" --- it is in a position of immense power to control what the majority of the Internet-using population sees. This isn't quite the same situation as some random white/blacklisting site's opinion.
In Chrome and firefox, if google decides your website isn't up to scratch for some random reason, then visitors will see a big scary red warning and be turned away.
Yes, in theory you could get people to use a browser that doesn't incorporate Google censorship, but that's becoming a big ask.
If your website does become blacklisted by Google, good luck finding out why. They won't tell you, and will instead make you click on a "request review" button a million times while you change things to see if it floats their boat.
Isn't it slightly worrying to have the entity who decides if websites are "safe" or not, also have a monopoly on online advertising? What's to stop them blacklisting sites that use competitors advertising? They could claim that it benefits the users some how, whilst squashing any hint of competition.
Google has become the absolute gatekeeper, and (To me at least) it's a very very sad state of affairs. The www used to be free and open.
Anybody who doesn't like the way Google is publishing this information through its browser is free to choose to use another one. Or to turn it off.
There is naturally a tradeoff between the value of this information for avoiding dangerous sites, and the risk that Google might be abusing the power that goes with its role in publishing it. At the moment users are mostly deciding that the risk is worth it.
If Google becomes obviously abusive then users will have to re-assess that equation. But it's the users' decision to make; not ours.
>At the moment users are mostly deciding that the risk is worth it.
Users aren't making a conscious decision. Browser vendors are making the decision for them. Most people don't change the default settings, especially something that claims to make your browsing "safer".
No we aren't. We are talking about the Google Safe Browsing service. They are different things. One is a web browser, the other is a blacklist that any software can use.
It's used by Firefox, Chrome and Safari. Together those make up a majority of browsers.
> Nobody is being forced to any attention to their pronouncements
Not necessarily true, your website being flagged by Google can get you blocked on multiple browsers. That's enough to destroy your traffic. Granted, I'd say 99% of these are legit flags from JS injections, etc.
Sure, you could use a browser that doesn't do this...but, you won't.
I don't think oolongCat is complaining about the existence of an opinion; it's what they do with it that counts. In the case of search, they demote you. In Chrome, they very nearly block access to your site. If a site really is dangerous, fair enough, but imagine being a false positive and not having much recourse!
Google is at a very influential position these days, everything is Google, and Facebook is trying it's damnest to become like Google.
Google, for the most parts, is the Internet, chrome, gmail, search engine, android, good lord even walking robots! We are lucky that they g+ failed miserably :D
Otherwise we'd not have Internet, we'd have Google, nothing in the world beyond it. Nobody to check it's power, except maybe the EU, but that's their jurisdiction.
I recently bought a macbook pro, whenever I visit google.com using macbook I get a small popup -> visit your privacy setting, no other platform did I ever get that popup. They apparently discriminate it. For work we use US network, and there I regularly see that popup, never on an Indian IP that I got that message. Apparently they think Indian's do not care much about their privacy. Too much for Don't be evil.
You're getting downvoted because you're making an easily falsifiable claim. AWS hosts an absolutely staggering number of websites. Heck - DreamHost has 1.5 million sites. EIG, through a ton of subsidiary brands, hosts millions of sites: https://en.wikipedia.org/wiki/Endurance_International_Group
It may be surprising to those of us who hang out on HN, but Hotmail has over 360 million email customers. Yahoo (okay, okay) has over a quarter of a million. Yandex and QQ have dominant regional market share.
Access? Comcast, Verizon, I'm looking at you, at least in the U.S.
Backbone? Hi, AT&T, L3, NTT, <list of non-Google/Facebook companies>.
Amusing that you have a Macbook pro. I think there might be a $579B company with a huge market share of the mobile market (safari, not Chrome) sitting there.
Facts and actual data talk, not fear and rhetoric. The world has nuance that deserves credit.
This is the reason Steve Jobs hated social networks. had he been on a social network in 1980s telling everyone that "hey PCs are going to be a big deal ten-twenty years later" he'd have been ridiculed, and shown the The Dunning–Kruger effect, yeah know that.
Ultimately everything in life is an opinion, all that matters is we do what we feel is right and in general isn't outright incorrect, just because you people have the ability to downvote comments doesn't make you more informed than I am, especially when you don't understand what i am trying to say or i am not clear at what I say, that doesn't give you the right to be derogatory though, but this is HN and that behaviour is expected.
"at least in the U.S."
and you justify downvoting my thread.
When I said Google is the Internet, and you don't understand it, then I pity that you people have the ability to downvote comments on this site.
Not everyone in the world means literally, when I say GOogle is the Internet that means Google is so powerful a company that 90+% of search market is with them, yes doubleclick I am looking at you, gmail, youtube, android, chromebook, google books, self driving car, a robotic cheetah that runs 200 something km per hour. That is scary.
I am getting downvoted because the people who are downvoting don't understand what I am trying to say. yeah go ahead and downvote this and justify your actions. doesn't make the things I say less than the truth.
Every computer I see has google chrome and google as the default search engine, God knows they did a research I read which tells the gender of the person by the way the keep their phone in their hand, can't cite it here because I am short on time.
Google is scary. The kind of power they have, had it not been for the EU they would have been even more dangerous, thankfully and regretfully EU has authority only in the EU.
Thats an awful description of googles business model, but partly true...