This week, Google marked a security milestone: five years since it launched its safe browsing effort. The goal is still the same: to protect people from malicious content on the internet, said Niels Provos from the Google security team. He said in a blog post that it is also finding out about 9,500 new malicious websites every day and it is flagging 12-14 million search queries every day.
Provos said: “By protecting internet users, webmasters, ISPs and Google over the years, we've built up a steadily more sophisticated understanding of web-based malware and phishing. These aren't completely solvable problems because threats continue to evolve, but our technologies and processes do, too.”
For malware, Google saw a major spike in 2009, with more than 300,000 sites detected, and in 2010 saw the most amount of attack sites discovered on a monthly basis, with over 12,000 websites detected late in the year. The most amount of phishing sites detected was in 2012, with more than 300,000 sites discovered on a monthly basis.
Google is in a prime place to spot these threats, as I assume it scans its results as they are categorised and is able to add the flags for infected sites as appropriate. Although one conversation I had recently suggested that Google was happy to add the flags for an infected site, but not so happy to remove them again once that site was ‘clean'.
Looking forward, Provos said that a rapidly changing threat landscape has been counteracted by Google's effort to make the web more secure and protect users from harm, and that this ‘has been a great source of motivation for everyone on the safe browsing team'.
“We are also happy that our free data feed has become the de facto base of comparison for academic research in this space,” Provos said.
“As we look forward, Google continues to invest heavily in the safe browsing team, enabling us to counter newer forms of abuse. In particular, our team supplied the technology underpinning these recent efforts: Instantaneous phishing detection and download protection within the Chrome browser; Chrome extension malware scanning and Android application protection.”
I often don't consider the security side of Google. Yes there are the security implications of the various social networks that it has launched and Android, and as for Gmail, well there was Aurora.
When I saw the first announcement about Jelly Bean, or Android 5.0, I thought perhaps this is an appropriate time for Google to boast about its successes. After all it has a monopoly of the market share for some other areas, so why not make security the next stage for success?
Google isn't the only large IT company to recognise the importance of security. At the start of this year Microsoft marked ten years since its Trustworthy Computing division began.