Bing search results are more affected by poisoning than those of other search engines, according to a study by SophosLabs. Search engine poisoning attacks are designed to skew results so that dodgy sites - anything from malware infected websites to payday loan sites - appear prominently in the index of sites related to popular …
There you have it, a more than 30% chance of crap each time you search, the other 70% of results are what Google and Bing want you to see, not what you are searching for.
Google and Bing do it legally though. Or do they?
the other 70% are what Google and Bing want you to see not what you are searching for
Words fail me to describe how stupid you just made yourself look. You've completely failed to understand the entire premise of a search engine.
Stats fail aside he has a point
Many users still naively believe that "search" is supposed to find relevant pages related to your search term, quaint I know.
Unfortunately, when they search for common terms that marketing worms have used the ironically named "Search Engine Optimisation" on or worse google / bung have sold crapwords for the results are page after page of sponsored utter shite.
Try searching for "Product Name review" and you'll get Google Shopping (or the Bung equivalent), endless content copying scam sites (sorry, useful content aggregators who shouldn't all be bombed with agent orange), page after page of generic ecommerce sites with the product out of stock and zero reviews etc. etc. etc. Of course if you fall for the "Google shopping" most of those links will also be to content aggravators who are just another bloody pile of links to somebody, in some other country, who at some point in the past or future might have the product in stock for $3 plus $100,000,000 shipping.
Search engines ceased to be useful for many things quite some time ago, spotting the difference between the external "link poisoning" and that done by the search engine operator is rather hard.
Wow, you /are/ a prissy little know-all. My advice would be to get laid - you'll like yourself more and so be less of a bitch on here.
Re: Empty "Review" pages
It would be nice if Google Bingle, or Yahgle was clever enough to exclude comparison-site pages for products that don't actually contain reviews, but if you add (-first) as a search term, without the brackets, then you should get rid of pages that say "Be the first to review Technika DAP211PT!"
If anyone's reading this because they were looking for that review of the Technika DAP211PT: considering that it's cheap, it's pretty good. But the buttons don't work very well - I stuck narrow pieces of thick tape on the north, souc!th, east, and west lines of the rocker control, to be sure I was pressing on the right place - and I get a background electronIc buzz, but that might be just interference that I get at home. And the supplied earphones are quite dull-sounding. But my hearing is far from perfect... Oh yeah - and there isn't a lanyard hole to wear it around your neck upside down - in order to have it the right way up in your hand. But I have a pack of shoelaces, and carpet tape...
Congrats, man, you made El Reg the #1 result when googling "Technika DAP211PT". All you need now is a YouTube video and a cheapo e-commerce site and you could be in the business of selling the "Technika DAP211PT". Although you might want to ask Technika to improve the quality of their earphones.
Re: Stats fail aside he has a point
endless content copying scam sites (sorry, useful content aggregators who shouldn't all be bombed with agent orange),
Andrej Broder et al. figured out in the late 1990s how to identify near-duplicate WWW documents using sketches of shingles of tokens, so there's no technical reason why a search engine should show all those crap copied-from-Wikipedia pages (for example). But Google is more interested in training us, the users, to redefine our searches by tweaking keywords if we don't get something good in the first 10 hits.
You fail statistics forever
There is nothing in the article that suggests that more than 30% of search results are poisoned.
It's hard to imagine that Bing users have any data worth stealing to be honest.
“Search engine poisoning can be very dangerous for internet users, as they trust the search engine they’re using to filter out malicious links, and in this case it seems to be Bing which is letting internet users down,” said Fraser Howard, principal virus researcher, Sophos.
I don't think people trust a search engine to filter out malicious links. For one thing many, perhaps most, people can't tell the difference between a search engine and a browser. For another, this guy is trying to sell something, so his "filtering" is suspect as well.
Not very convincing.
When looking at the articles you get a bunch of charts and numbers which indicate that Bing is more poisoned than Google. But no where do they share how they got those numbers, all they're sharing is that they merely based the numbers on blocked redirects on their own web appliance.
Not very convincing.
In fact, the author of the article himself also seems to be aware of this: "Of course, this breakdown takes no account of the search engine being used by these customers. Nonetheless, we would expect Google to be the dominant search engine in use, as supported by recent data released by comScore.".
I'd be more impressed with the article if they could actually show us real examples. Search string "x" entered in Google vs. the same string entered in Bing and tten comparing those results. But that's not what this article is about.
In fact; the conclusion of the article isn't even "Bing is less secure than Google", a conclusion they could have easily made if their findings were correct (and provable). Instead they only conclude that: "The bottom line is that we are all guilty of trusting the results we get back, and clicking through without necessarily scrutinizing the URL as closely as we might.".
So; nothing to see here...
Re: Not very convincing.
Yep - and their conclusion even though not specific and avoiding trying to say anything at all is still probably wrong.
He needs to do a study on how many users actually do the behaviour he describes before concluding "we are all guilty of trusting the results we get back" - cos I am not so sure that behaviour is as universal as he suggests. I am sure I am not alone in actually looking at my search results summary before clicking on the link. His assertion that people "trust" search engines is completely without evidence to support it.
This is typical of the lazy crap that security vendors have been peddling ever since Norton first BSODed your Win 98 box
snake! Snake!! SNAKE!!!!
Buy your oil here folks!
Re: snake! Snake!! SNAKE!!!!
The sky is falling in!
Buy your tin hats here!
Google vs Bing or Gmail vs Hotmail
Looking back, this article sort of reminds me of comparisons made between Hotmail and Gmail. For years MS had let Hotmail fester as a massive spam pool while Google has applied a pretty good filtering process all along. Outlook.com appears to be a lot more 'clean' than Hotmail (including MS's many relabeling stunts over the years -- Windows Live Hotmail, MSN Hotmail, etc.) so I wonder if MS will focus on cleaning up Bing also. It's clear that MS is committed to keeping Bing (aka Live Search, Windows Live Search, MSN Search) a viable service, it's dumped a lot of money and resources into Bing even though it has yet to make any kind of profit in a financial/bookkeeping way.
Add a dash of human intelligence...
I was going to suggest that these sorts of problems could be partly addressed by adding improved community-based tools that would help people report the scammers. Then I look at some of the comments (not the one to which I'm replying), and I'm reminded of what Einstein said about human stupidity versus the universe. He wasn't certain that the universe was unbounded... My thesis is basically that most people are good and want to do good things, so if you make it easier for them, you can tilt the scales against the smaller number of bad people who want to do bad things. Unfortunately, when you mix artificial intelligence with natural stupidity, too often the mix comes out sour.
So now I'm not even ready to defend my own thesis, and I wasn't sure how to apply it to the topic of the main article, either... However, since you (Ed Vin in the post to which I AM replying) raised the topic of email, I will offer the obvious suggestion there. Gmail and Hotmail (and even Yahoo if they can survive long enough) should add a REAL anti-spammer tool. Basically it would be like SpamCop on steroids, with multiple rounds of increasingly refined analysis targeting EVERY part of the spammers' infrastructure, EVERY accomplice of the spammers, and helping and protecting EVERY victim of the spammers' chicanery. I still think that breaking their economic models is a good idea. I'm not saying we can convert sociopathic spammers into decent human beings. I'm just saying we can nudge them under less visible rocks.
Why nudge the spammers under rocks?
Better to drop really big rocks on them.
Find the C&C servers, follow the chain of where the Sara comes from and then either smash them with local law enforcement (if applicable) or drop them off the Internet.
Re: Add a dash of human intelligence...
.... by adding improved community-based tools that would help people report the scammers. Problem with internet communities is that the people who have the time or even gives enough of a toss to participate in them, is also the demography that have much, much, more time than sense.
Re: Google vs Bing or Gmail vs Hotmail
Hotmail a festering massive spam pool......
It's beyond me how people / business's etc., keep kicking the consumers in the head, with ABSOLUTE bullshit standards of ethics, monitoring, protection, complaint handling, user checks, etc., etc., etc......
It's been about a decade or more since I used "hotmail" anything - because of the ineptness of the product AND the totally piss poor management of that system - just like Internet Explorer - one bug in that - shoots your entire OS in the head....
Companies run by imbiceils who's only reality check is their bonus, while everything they sell or make is either crap or it's going down hill.
Anyone actually uses it?
Yeah - use it often. Very rarely, I switch to Google if I want to search newsgroups, but I haven't done that in quite a long time.
Google have now messed up newsgroups. They have also wrecked their news page. I now use Bing as the primary search engine to try to reduce the redundancy in the answers. There is now a need for a relevant search site.
I'd guess that windows phone users (all 5 of them) are probably stuck using it, but apart from those it is hard to defend a concious choice of using it. Every single time I try it out it finds nearly nothing of what I am searching for, and spews a lot of unrelated stuff.
"Every single time I try it out it finds nearly nothing of what I am searching for, and spews a lot of unrelated stuff."
That sounds extremely unlikely. I use it daily and almost never don't get what I'm looking for quickly and easily. How could it be that it would be like this for me and others and yet fail you so completely "every single time"?
Like you I use it multiple times each day. I didn't like being reliant on google for everything and found the number of repeated links for seemingly the same content tiresome to trawl through, just page after page of results only a fraction of which contained what I want.
I found that when I went to bing I got a fraction of the matches, but that it invariably included the information I was looking for, which seems a bit at odds with the findings of Sophos, but then to be brutally honest, in my eyes their credibility is ground level in terms of identifying a threat these days ;)
Funny I've never seen this, I know one data point etc, what were they using a machine that was already compromised? still this article smells a bit somehow.
But of course
But of course. After all, this is Microsoft.
You call it Bing; we call it Bung.
Bing which is letting internet users down
Mind you MS is like a child compared to the wizened, wise Google. And the results show it.
People have been trying to game Google for years
And search is Google's bread and butter, versus being a money losing sideline for Microsoft. So it would not be surprising at all if Google is better at combating this gaming than Microsoft is.
Microsoft Windows is the king of targets in terms of malware, so it only makes sense that Bing is targeted. It just goes to show you that Microsoft makes it easy to be a target and why they get the biggest share of it.
Method of measuring could play a role
Since SophosLabs is measuring clickthroughs to poisoned links (and then the redirects) to determine the results, there could be a large social element to the results that are returned - since Bing is the default search engine on IE, and IE is the default browser for most PC's (despite other options being provided, I'd say the majority of businesses/ no-computer savvy users would go with "Microsoft reccomended" options) It could be a reflection of the types of people who are using the different search engine types. It could also be that people who are used to google, when switching to Bing, are not used to how results are displayed, and therefore aren't recognising the malicious websites (although that could be a bit far-fetched).
Just a few things to consider.
Re: Method of measuring could play a role
That was my first thought - people who install Firefox or Opera are going to be a somewhat technically aware (normally), whilst someone who goes with IE may be technically aware or may not be. That would skew averages as I'd say there is a correlation between being technically aware and not falling for bad links.
Re: Method of measuring could play a role
I agree. My father, bless him, doesn't even know what a browser is. To him it's "the internet".
I installed Firefox on his PC when I was working on it once, and afterwards he asked me what "that Mozzarella thing" I installed was. I said it was an alternative browser. He asked what a browser was, I said it was like Internet Explorer that he already used, and he told me he had no idea what I was talking about.
This is why I only Trust and use the "My Web Search" toolbar.
That way no sites work at all.
You get a completely secure internet connection.
It's not an story about buggy web sites.
it's actually marketing to try and sell you a product to comfort you against the FUD the advertisers themselves are trying to rake up.
Just like all the other Virus/Malware/Trojan stories in the past.
Didn't the US just recently throw the book at someone for going a little to far on this?
Bing had malware sites as sponsored pages!
Some time ago (six months, maybe) I was installing some new Windows machines (which I usually don't, because I am a Linux sysadmin) and after installing them I wanted to install "security essentials", so I opened up Explorer, and searched (in Bing, it is the default search engine) for "microsoft security essentials". The first two links (sponsored, I suppose, because they were on some gray or blue background) where for malware sites, the first non sponsored link was for some dodgy download site that puts spyware in every download, and the fourth result was for the right site.
If I run the same search in Firefox (same windows box, same day, just installed Firefox and tried the search on Bing using Firefox) , the sponsored links do not appear at all.
I have confirmed this behaviour for at least four or five times. I don't know if they have fixed it now.
I work in advertising....
...but I really despise the way TV has been destroyed by much longer and more frequent breaks filled with cheaply made ads of little relevance to most people.
The same sort of cynical greed has wrecked the internet.
Remember when Google first appeared, how friends emailed you to tell you about this great new search engine. But recently when my brother looked there for the details of a hotel to stay in near my place he simply could not find it for the blizzard of sponsored rubbish.
Re: Remember when Google first appeared...
I certainly remember what Google once was, and I agree with you that what it has become does not compare favourably.
Give DuckDuckGo a try. I've found it's quite similar to what Google used to be like back in the Altavista/Yahoo days, with loads of useful geek gadgets added on if you click over to their "goodies" page.
Re: Remember when Google first appeared...
Duckduckgo isn't bad but it still has the cotent farm problem and it assumes everyone lives in the US or that you'll remember to type in a country code. Which means they can still tie someone to a location by search queries. So why not let me enable geoip based searcxh if I want?
Whoever can solve the content farm problem will be a bazillionaire. Clearly the problem is too much for the current players.
Bing is a good place to play SEO games
The "market" as it were, is less crowded. There are somewhat fewer people trying to rank for marketing-ready keywords as opposed to Google. If I were a marketer, I would rather "easily" reach 10 million searchers rather than "difficultly" (is that a real word?) fight tons of other marketers for 100 million.
Most of the marketers I know don't play SEO games though, they seem to prefer either direct marketing (email, SMS, or IM) or massive social media campaigns. Trying to rank a landing page just seems like not enough juice for the squeeze these days.
I'm guessing that things will balance out over the next few years; It's hard to believe, but Microsoft seems to have become the lesser evil.
Re: bing costs much more than the LHC
I don't like bing and ms shouldn't try forcing it on people but we do need competiton. Google is losing quality and it's integration of G+ and stuff like that won't get any better if they're the only search engine.
I do use bing for one thing though. Searching for articles critical of google. Funnily enough google can't seem to top Bing in that area. That is another reason we need competiton.
Comments from Sophos eh...
This info from the company that released a worldwide update to their AV product that caused it Quarantine its own program files! I use Bing for all my searches and haven't seen this problem... except for the time I searched for "Payday loans with added malware and images"
1. start here searchlores.org
2. create a search.htm and stick it in your utilities directory, point your editor at it with a batch file script and set all your browser's "HOME" to it. If you have a router you could put it on it's httpd server if you like, I put it right on the box and in the path myself. use what works
3. after a year, of studying searchlores, you will know what motivates corporate search engines.
too bad you've missed the scrolls and the php lab.. bummer, no more insidetheweb forums either, so just use archive.org and download the source code for the scrolls and the engines' .dat files (they're also out of date.)
4. keep in mind there are different kinds of search engines. I might make one myself, and not be motivated by greed, sharing it however means either it's copyable source code, or someone has paid for the bandwidth to make it useable to world + dog. If you find google isn't good enough like I do, I suggest a firefox addon Add to Search Bar 2.0 , now when you visit el reg you can add their search engine and bypass google. (unless of course the website in question outsources their search to google like a lot of these crappy fucking oath breaking scumbags in local city, and state government do, everyone in california state government and local city government ought to be in JAIL for the bs they've done to their websites, from CAFR to Waste it's fraud, theft, corruption, and psychopathic scumbaggery,, but I digress.. If you don't look for errors or information you probaby don't give a fuck anyway as the whole thing is goin off a cliff anyway,, it's the MATH stupid.)
5. So my solution to bing 's "splurch engine" is simple, no frame, iframe, xframe, no java, no flash, no quicktime, no vlc, no you get the idea. I also use a lot of -"this term" or -"thisdomain.com" and that shit helps a little, as do several updated malware site blacklists in your iptables and squid.
6. Remember copernic? They have a freeware version still, it's nice frankly. http://www.copernic.com/en/products/agent/index.html
7. we can write bots to go search for us.
8. The future depends on educated (by experience) webmasters, and ending the fucking trend of using free shit like blogger, myspace and facebook etc. Do you run your own site's search engine and how fucking taxing is it to keep it in tip top shape? I've found this to be a total nightmare sometimes, but I always come up with a solution, and that solution doesn't require fucking bing.com or google.com. If you want them to crawl your site, that's fine, just remember when they fuck up, you're eating their erect hot dogs for breakfast lunch and dinner
I hope everyone disagrees with me, cause I just want to piss everyone off for being such fucking pieces of shit over the years. Thank the ndaa I no longer run any servers, nor am I your webmaster bitch anymore, go pay thousands for 5 pages and 20 MB of webspace you fucking greedy fucks.
When I get too fed up, I use http://www.givemebackmygoogle.com/. I can't find an equivalent for Bing - 'one man's poison is another man's meat' seems to be the Microsoft way to strengthen immunity.
Search numbers are currently 66% Google, 28% Microsoft. The interesting thing is that the attempts to manually improve search (Yahoo, AOL) are not being honoured, as their percentages are dropping.
I was wondering why when I searched for info on Newcastle Football Club I ended up on Wonga.com
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland
- Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
- First Irish boy band U2. Now Apple pushes ANOTHER thing into iPhones, iPods, iPads