Google is a lot of things to a lot of people, but until I read a blog post today by Niels Provos of the Google security team, I had no idea how they were protecting all of us from malware and phishing expeditions by the bad guys. 

The full blog is definitely worth a read, but here are a few things noting of what Provos rightly praises as the company’s five year and counting efforts to mitigate the risks of a bad experience. Google says they:

• Protect 600 million users through built-in protection for Chrome, Firefox, and Safari, where they show several million warnings every day to Internet users.
• Find about 9,500 new malicious websites every day.
• Find approximately 12-14 million Google Search queries per day showing the Google red warning.
• Provide malware warnings for about 300 thousand downloads per day through the download protection service for Chrome.
• Send thousands of notifications daily to webmasters viaWebmaster Tools, and their partnership with StopBadware.org helps webmasters who can't sign up or need additional help.
• Send thousands of notifications daily to Internet Service Providers (ISPs) & CERTs to help them keep their networks clean.

A series of graphs show the history of protection provided. Below is just one that shows the number of phishing sites discovered monthly that is a bit frightening given the fact that phishing is typically aimed at e-commerce sites like PayPal. 

 Provos also points out that phishers are:

• Faster - Many phishing webpages (URLs) remain online for less than an hour in an attempt to avoid detection.
• More diverse - Targeted “spear phishing” attacks have become increasingly common. Additionally, phishing attacks are now targeting companies, banks, and merchants globally (Chart 2).
• Used to distribute malware - Phishing sites commonly use the look and feel of popular sites and social networks to trick users into installing malware. For example, these rogue sites may ask to install a binary or browser extension to enable certain fake content.

The good news is the Google Safe Browsing team know the enemy and appear to be on their game. Provos notes that not only are there clear metrics for measuring the impact of the team’s efforts, but the company’s free data feed has become the de facto base of comparison for academic research in the space. The message here is that there is safety in numbers.

Looking ahead there is also cause for peace of mind. Google is committed to continuing to invest in the Safe Browsing team to keep up with the bad actors. Provos says this includes getting the technology needed for recent efforts which include:

·         Instantaneous phishing detection and download protection within the Chrome browser

·         Chrome extension malware scanning

·         Android application protection

As noted at the top, this is a case of who knew? What I can say as a devoted Chrome and Andorid user is that I appreciate the efforts – past and promised – as well as the insights.