I don't think 1 in 10 of the pages I visit are infected - but then again, I pretty much stick to my web-based mail programs, CNN and eBay. I wish this article had mentioned what kind of content most of the infected pages contained - betcha it's porn, games and MySpace-type stuff. In any case, always best to keep the anti-virus software updated!

The pages analyzed were selected specifically, *not* as a random sample, from several billion web pages that exhibited suspicious behavior.

Yes, 10% of the 4.5 million (450,000) analyzed in detail were bogus, but a more accurate statistic is: >2G/450K, or about 0.02% (or less) of the web pages Google sampled.

Maybe the title should be "1 in 10 sites designed to exploit the billions of holes in Internet Explorer".

I've been using Opera for 6 years and refuse point-blank to ever use IE, subsequent scans with Ad-aware and other malware detectors regularly find sod-all.

Just one of the benefits of using a program thats designed to just render HTML and that, instead of being a door onto your whole system.

1. Stop using Internet Explorer

2. Stop using javascript and flash, except maybe on very trusted sites (would you let just anyone run arbitrary code on your machine?)

4. Don't ever download plugins from whence you know not where they came.

4. Stop using Internet Explorer (worth mentioning twice)

5. Stop using Windows

6. Install Linux or get a Mac

...it would not be difficult to write something so that when you visit a website the code is downloaded into an area where it can be scanned using the same criteria that the google researchers used. Maybe the google toolbar could put itself between the browser and the webserver to do this very task.

I agree with Joe K! When viruses and malware are 99.9999% Windows/Internet Explorer related security issues, why are they not called as such? Why tie the whole industry to the appalling security reputation of Microsoft? Neither Linux nor OSX nor any browser apart from Explorer have problems, (or anything like the number of problems) ... so why is a generic term like "malware" misapplied in this case? Windows is garbage, the use of the word "malware" simply covers this fact up.

"Results 1 - 10 of about 450,000 for malware [definition]. (0.04 seconds)"

450,000 dangerous pages of 4.5 million suspicious pages of some billions of normal pages. Now tell me, just how many unique IPs are there in these results? I'd be willing to bet not many, and I bet the majority come from only a few, specific countries...

Now maybe if Google did something productive with this information, like building an IP black list that ISPs could use to screen traffic to known dangerous servers, but I can't see that happening any time soon given their opinion on the "grand will of the interweb".

Google is full of shit, granted half of the Internet is Porn sites and many have incidious multiple pop-ups and cascading windows or even some with bogus installers with spyware or worse (who's stupid enought to click on those .exe files?); but 1 in 10 is pure bullshit.

UNLESS you include the Malware like the obnoxious INTEL doggy ads on THE REGISTER that slow down your surfing and the equally horendious Flash Drop Windows that fill Yahoo home pages!!

If so, than THE REGISTER is a huge purveyor of MALWARE!

>>UNLESS you include the Malware like the obnoxious INTEL doggy ads<<

I found that flash ads seriously slowed downloading, and in some cases, if I loaded up too many pages, caused my browser (firefox) to crash. And the ads that seem to resize without asking were highly distracting.

I then installed a plug-in called FlashBlock. No more worries. And somehow I think the advertisers benefit as well - I know I'm not going to buy anything from a company with annoying 'look-at-me' ads, unless I am forced to. Now that I don't see them, they are more likely to get my custom.

The cool thing about flashblock is you can still play the flash files if you want to, they just don't load and play automatically. So sites like You-Tube are still useable.

1. Get Firefox

2. Install AdBlock Plus

3. Install NoScript

4. Stop clicking on adverts.

5. Stop running as Adminstrator

Or...

1. Install Linux with Firefox

2. Install AdBlock Plus

3. Install NoScript.

4. Relax

ofc I have Firefox and Adblocker, but I don’t spose Google would be kind enough to point out pages it knows to be mal? I have stumbleupon installed and I see lots of additional info when I search Goog.

A skull and cross bones icon next to the URL will do me fine. IANAL tho, but I know one who says you cant do that even if you know the URL is mal. There must be solution in my rant somewhere that adds value to Stumble and deflects liability to the person who thumbs up the skull and cross bones ;0?

Maybe its time for users/surfers to acknowledge download executable or other potentially dangerous file formats download

same way as Vista does when user starts application.

We are using Gfi WebMonitor4 which on gateway detects payload hidden in http and asks user for interaction if executable is detected.

Administrator on gateway can select which file types and sites are OK same way as firewalls are enabling ports.

Vista’s problem is that approving is not customizable so attacker can copycat it and trick user to click on such approval but I guess this would be tackled

when first such exploits will be found in future.

IMHO this without any AV will catch ~60% of all web based exploits ... wouldn't catch 0 day exploits, which contain malicious payload directly in exploit

Hey but my comment is biased so take it with care ;)

The simple way to get Google to block these pages is to move to China, here they will block "harmful content" at the request of the government. So move to beijing and petition the government to protect you from harm from the nasty people on the internet. Instantly google will block these blighters from getting anywhere near your pirated version of windows and you can continue downloading spiderman 3

Mercy me, you've really outdone yourselves this time.

http://www.foobar.org/blog/why-one-in-ten-web-pages-are-not-laced-with-malware

Useless article.

Without providing some examples of these sites so we verify for ourselves, the article is useless.