Google’s malware filter appears to have broken. Not only is this an issue for the most important player in search, but it could have a backlash on your brand, on Google’s brand and looks set to cost the search giant millions of dollars.
Any search on www.google.co.uk is returning every single site with a malware warning:
”This site may harm your computer”
What this screen-shot shows (better version available here) is the Google results beside the AVG Site-Safety ticks. I have also tested against McAfee’s Site Advisor and there can be no doubt that not every single page on the web can have become infected this fast!
This effectively blocks user activity completely. Normally Google offers a simple ‘click here to continue, but for now the only way to browse on is to manually alter the URL in the address bar. Essentially the internet is broken for most UK home users.
How many of your users are going to take the message that your site is considered unsafe by Google away with them this afternoon and what can you do to restore their faith?
Perhaps more importantly, how will Google restore the faith? A lot of users will have switched engines today, how many will not switch back? This is not the first bug Google has presented of late. Last week there was a problem with Google maps which was adding around 170 miles to some drivers’ journeys. Google’s huge advantage over other engines is the trust which its users have in its results. Is there an issue with quality control and should Google be concentrating on its iso9001?
[UPDATE - 15:01] The normal link has returned to the ‘this site may harm your computer’ warning, allowing users to continue to the site, but still your content is being declared badware and your potential customers are being directed to stopbadware.org by one of the world’s most trusted on-line brands.
[UPDATE - 15:12] A little research and I can confirm that this is not a UK only issue. I have reports from Romania, the US, Germany and Australia. I think we can say that this is a bug with the entire malware filter algorithm.
[UPDATE - 15:17] And everything is back to normal – or is it? The malware warnings have been lifted from all results, but I cannot find it anywhere, not even amongst the sort of sites I would expect actual malware to reside on. Certainly I cannot find any amongst the first few hundred results for [Warez], despite the majority tripping my anti-virus and spyware software.
[UPDATE - 15:47] I have been experimenting and the links to the malware pages are now returning a 403 so we might assume that whatever it was that ‘broke the internet’ has had to be disabled for now.
[UPDATE 18:03] Google have reported back on the problem and it seems that human error is to blame. A single / was included in the black list of malware sites and this basically translates to ‘everything’. We see this a lot with robots.txt files (and I have seen an entire UK retail group excluded from the Google index because of this – they only came to us to solve this problem after their exclusion, I hasten to add!). Today we have seen just how easy this sort of mistake is to make, even for Google themselves.
[UPDATE 18:17] The malware warnings appear to be working again now. It may be that the 403 was only being served for pages which had erroneously given a warning, rather than those which deserved one.
[UPDATE 18:30] A response from the bloggers at StopBadware.org has been released, which makes it clear that the human error happened at Google, not at their project. This should be the last update – this is now news that has happened, but it was quite an exciting Saturday afternoon for the geeks amongst us and is reported to have cost Google $2-3million.
Madaise / Judi says:
January 31, 2009
I hope in the long run it doesn’t do any damage – it was a short time this morning that things were really messed up.. probably less than 20 minutes or so… I think it was easy for most people to catch on that there was an issue. I mean, EVERY site was coming up malware warnings. I have images on my searches (firefox plugin) so I was getting an image along with the "warning text".
Manley says:
February 1, 2009
The error started showing up at 14:27 and was globally resolved by 15:25. The way in which the updates are rolled out across data centres means that the longest any individual should have had problems was 40 minutes.
As you say, this is widely reported and a global issue, so I do not foresee a huge amount of fallout for brands, except perhaps for Google. A lot of users will have switched to an alternate search engine yesterday – how many will not switch back will remain to be seen.
This is not the first time that a search engine has had problems with its malware list – Yahoo! (or perhaps McAfee, who provide Yahoo!’s malware lists) had issues back in May of last year and were showing certain Google pages as dangerous.
The StopBadware.org project is a laudable one and I hope that the backlash from Google’s human error hiccough does not have any long term implications for the project as a whole.