back to article Google mistakes entire web for malware

A human error at Google caused its main search engine to briefly identify every site on the web as a potentially malicious destination that represented a threat to end users, the company said. Starting early Saturday morning California time, the world's largest search engine flagged each search result with the warning: "This …

COMMENTS

This topic is closed for new posts.
  1. Ollie

    Booo

    Oh come on, I sent the newsdesk this like 30 mins ago, no props for me ? :p

  2. evilbobthebob
    Go

    StopBadware

    Is down. As of 15:38 GMT. Google uses this for malware checking...so as it's down, all pages defaulted to infected status, I presume.

  3. Big Al
    Go

    I for one...

    ... welcome the fact that our Googloid overlords are finally taking a zero-tolerance approach to website safety!

  4. Yves Maurer

    Yep

    Aha, I was not the only one who sent an email in ;-)

  5. Ideala2

    Statistics.

    While i admit it's not my most attractive trait...

    I'd love to know how the internet was affected in those few minutes. Was there a sudden drop in site visits? did Amazon, mybook, facespace, BoBe and the like go silent?

    It would probably be quite a significant drop in visits as even i, tech savvy as i am, google more often than i type the TLDs.

  6. Pete

    not wrong - just ahead of their time

    The power of "may".

    Not "will" or "does" or "won't" or "cannot" - there's no such thing as certainty, especially where lawyers are concerned (as they wouldn't make any money then). So everything contains an element of doubt: "might", "may", "could".

    So the statement that Google puts out; "This site may harm your computer" cannot be denied. Yes it's unhelpful, tells nothing about the degree of risk and merely increased the levels of doubt and paranoia, but wrong? No.

    Personally, I'd like to see this sort of disclaimer on everything. Something along the lines of: "this product is not guaranteed safe under every circumstance", or maybe better: "you might die after handling this item". if it reduces the worth of all the (already worthless) warnings, caveats and disclaimers we see every day, then people might, just have to start thinking for themselves and apply what little common-sense they have to assessing the degree of risk, and whether it justifies the potential gain.

    Caveat emptor!

  7. jon
    Paris Hilton

    My my

    My what a big ego you have Ollie! I sent this in an hour ago. No tip for me! I think such an epic fail as this will have been sent to Registeroids many times :)

  8. Pascal Brunot
    Thumb Down

    Same in Italy

    Since yesterday all sites are blocked... although it seems fixed right now

  9. Rik Ryall
    Thumb Up

    Muppetware more like

    Pleased it wasn't just me that was !Googling for some additional info about this an hour ago.

    "Ohnoes! The intarwebs are broked!"

    Praise be to ElReg RSS feeds...

    Rik.

  10. Jaap Stoel

    Google could be technically wrong

    Since every site that you download means work for your computer it increases wear and tear to visit websites. Arugably this is harmful to your computer.

    So more accurately would be this website WILL harm your computer.

  11. Eddy Ito Silver badge

    How fortunate

    Really, a simple switch of the engine in the search bar makes the whole web space safe again regardless of "The Goog's" fail.

  12. Alan W. Rateliff, II
    Paris Hilton

    Google likes Monty Python

    During this time I entered "Monty Python" as a search and a large majority of MP sites were not shown as being harmful.

    Draw your own conclusions.

    Paris, mostly harmful.

  13. jake Silver badge

    Single source.

    That's what happens when you single source. When it breaks, everyone's DOA.

    Now ask me why I use Metacrawler and avoid direct use of Google.

    While I'm at it, does "cloud computing" still look like a good idea?

  14. The Veiled Prawn

    Gone for a /

    http://googleblog.blogspot.com/2009/01/this-site-may-harm-your-computer-on.html

    You would've thought they check for something like this. Good to know that my cheesecode is world-class too!

  15. Thomas Baker
    Alert

    Interestingly enough...

    It didn't affect IE. Well not for me and anyone else I've seen who posted on various forums. I have Opera, Firefox and Safari and it affected all of them but at the very same time not IE. Strange...

    It's long since fixed now though. Perhaps someone forgot to do some testing at Google?

    Unlike them.

    I thought it was a prelude to the end of the world, perhaps a giant hack from China...but then I do have a propensity for melodrama.

    Warning: This site may harm your computer.

  16. dblack

    malware = google

    A search for 'google' also revealed that the Google sites (google.ca etc.) were under suspicion...

  17. Destroy All Monsters Silver badge
    Alert

    Speaking of which

    ...did anyone else get one of those warnings along the lines that the Googeloïd Search Engine *might* have consented to give you one more result for your query (which was concerning a problem with a SATA drive, in case you were wondering) but *as* that page was listed in a the IWF blocking list, Googeloïd sadly *cannot* show the corresponding link in its search results (even though I am not even using Google from the UK). It then proceeds to give you a link to a vanilla protest page at chillingeffects.org.

  18. James
    Paris Hilton

    Is this why

    worldwide traffic to the BBC news site is 93% below normal? - as of time of posting

  19. Manley
    IT Angle

    A simple / in the black list

    Google has come back with a response to this: http://blog.lbi-netrank.co.uk/google-malware-filter-broken/ It rather looks as though someone might have made a bit of a whoopsie!

  20. Pete Spicer
    Coat

    It wasn't what it appears to be...

    If anyone clicked on the "Safe Browsing" diagnostic page, they would have seen a 502 server error, suggesting that every site is classified as unsafe by default and the diagnostic tool overrides that.

    So it's not that everything was flagged as potentially dangerous, it was that everything was not marked as 'known to be safe'.

    I did a search for "Microsoft" and take a screenshot, seemed most appropriate to me... *gets coat*

  21. Anonymous Coward
    Anonymous Coward

    Even G makes mistakes

    I got growled at for saying "That's bollocks!" in earshot of a small child when searching for Wordpress themes earlier and getting everything listed as malware. Even G makes mistakes. The Big G is, of course, Jesus Christ himself, Ian Gillan. Until Google sings Child In Time like Ian Gillan then it will remain just G.

  22. Roger Greenhalgh

    An erroneous wildcard : Google explains all

    Well, such is the devastating power of the wildcard...

    Google has provided an official explanation...

    http://googleblog.blogspot.com/2009/01/this-site-may-harm-your-computer-on.html

    It seems that their update file of malware-suspected sites contained a wildcard typo, a "/" that effectively meant "everything"! Human error, easily overlooked, I guess....

  23. Adrian Waterworth
    Joke

    Spotted here too.

    It was actually fixed while I was in the middle of typing my "Hey guys, your malware checker is borked" email to Google HQ.

    I mean, I know that the Googloids are hellbent on taking over the entire world for their own nefarious purposes, but I didn't know that they had already developed mind-reading to that degree. It was a bit spooky from where I was sitting I can tell you!

    Funnily enough, the following message was going to be the one to El Reg saying that Google was knackered. Oh well, late to the party as usual I suppose...

  24. Apocalypse Later

    I didn't notice

    But I use Yahoo for googling.

  25. Julian Bond
    Alert

    Queen Kong!

    Where are you?

  26. Jonathan McColl

    Gooooooogling

    I googled Google and discovered it was unsafe too. Wish I'd taken a screenshot

  27. Anonymous Coward
    Anonymous Coward

    Not the whole web

    Google didn't mistake the whole web for malware - its adverts ^w sponsored links at the top of the search results were OK apparently. I didn't get a screenshot though.

    Click a sponsored link - that's OK, anything else is bad - a way to boost revenue or keep the advertisers happy?

  28. Mark Dowling
    Thumb Down

    saw this when it happened

    a copy and paste allowed me to keep working but I bet it would freak out non-techies...

  29. Anonymous Coward
    Anonymous Coward

    @Pete

    '...or maybe better: "you might die after handling this item"...'

    Technically, you could put 'you will die after handling this item'. If you handle it, you've survived long enough to handle it - and make no mistake, you WILL die at some point thereafter. So you'll definitely die after handling any item you handle.

    /pedant

  30. jai

    and this is why

    you can't ever let one organisation become the be all and end all of their field

    always need a backup search provider for when they screw up

  31. CurtisB
    Gates Horns

    And a right embuggerance too...

    I was googling about a WSUS problem. It could be said that Goodle was being quite accurate, though it was something of a nuisance!

  32. Anonymous Coward
    Go

    @Google could be technically wrong

    <quote>Since every site that you download means work for your computer it increases wear and tear to visit websites. Arguably this is harmful to your computer.</quote>

    This has to be one for the excuse calender!

  33. Jeff
    Coat

    screenshot and IE

    It wasn't working in IE, i did take a screenshot of google saying that google wasn't safe for your computer. It will cause my joy for time to come. I also sent the an email to El Reg, this was about 10-15 minutes after it had started (i had to find the email address and take the screenshots)

    I did notice that there was sometimes a server error, and once it said i was unauthorized to access that page. The really odd part was that under certain search conditions the sites showed up as fine, i believe it was with quotes but am not sure.

    The most annoying part was not that it was indicating that all sites were harmful, it was that to get to the sites from google you would have to copy and paste. that and didn't have link for cached pages (why would they cache a potentially harmful website.)

    Grabbing my coat, its the one in the back as I was here first, nothing more to see.

  34. Anonymous Coward
    Stop

    @David Wiernicki

    "make no mistake, you WILL die at some point thereafter"

    Not necessarily: I intend to live forever, or die trying.

    @Mark Dowling

    Copy and paste? Why? I went to the error page and simply removed the google part of the URL - no copying or pasting, just a simple select + delete

    (and change the urlencoded parameters back, but then I can't imagine many people knowing how to decode the %xx codes).

    My first thought when I realised what was going on was to email the reg, but I googled the contact details and couldn't get through :)

  35. John
    Happy

    Did someone say Exec alert!

    I for one am glad this has happened, the panic and chaos us on-call admins received during this 'outage' was funny to say the least, it's almost as if most peoples IT systems 'extend' off Google! How many times can you say 'its Google's problem, wait 30 minutes and try again.'

    Well done Google for fixing it and blaming it on a very realistic issue.

  36. Randall Lind

    IE was fine

    I was about to reinstall Firefox but, saw it was working in IE then FireFox started working,

  37. Anonymous Coward
    Happy

    Idiots !!!

    Love it ! Google, one of the biggest internet companies in the world.

    ,,,,and they don't test their changes off line on a parrallel system? (Perhaps they don't have the budget to do this)

    Surely there is something seriously wrong here wrt change control, management, redundancy, techical ability etc.

    ,,,or are they so big and so complacent they test live by using us lot as the guinea pigs and just roll out the changes.

    A couple of useful lessons here are that even the largest company makes mistakes and can be complacent or over confident. Roll on SAAS and the cloud - we're all doomed I tel you ! (Well not really, but all we're doing is placing our eggs in someone elses basket)

  38. Anonymous Coward
    Alert

    @Not the whole web

    <Q>Google didn't mistake the whole web for malware - its adverts ^w sponsored links at the top of the search results were OK apparently. I didn't get a screenshot though.</Q>

    So, if google had marked "all links unsafe" in this temporary (comedic) bug/feature. Then why were the adverts not also included?

    Does this imply that the malware checks are not done on the adverts? If you pay Google enough, does this mean it will turn a blind eye to your Malware product? From previous El'Reg articles about "Free" Adobe Acrobat... I guess this is the case.

  39. Lord of Dogtown
    Heart

    Donkeyporn.net

    Its still blocked!

  40. Anonymous Coward
    Paris Hilton

    Entire web found to be harmful..

    ..no-one surprised, pictures at 11.

  41. Anonymous Coward
    Happy

    So happy...

    that this happened on a weekend! I can't imagine explaining to our users that no, this isn't our fault and that no, I nor anyone else at tech support, can fix it. Particularly since the warning page bears a striking resemblance to some of the internal blocks' messages, and could easily be mistaken for one at a quick glance. OK, I can imagine it. It's not very nice.

  42. Arty Effem

    Dear Chief Programmer,

    This oversight may harm your career.

  43. DfKimera
    Boffin

    Mostly harmless...

    Did anyone search for planet Earth during the downtime?

  44. Anonymous Coward
    Paris Hilton

    So that's where it got to!

    I had a bug on one of my sites that involved an absent solidus, cheeky bugger was moonlighting at google!

    Paris, cos' she knows how to handle naughty solidi.

  45. I. Aproveofitspendingonspecificprojects
    Unhappy

    Viruses

    Guess who just happened to be looking up bacteria and viruses at the time. I thought it was adequate warning if a little OTT.

    Fufufufiddlesticks.

  46. Neil

    ho ho ho

    I bet Yahoo and AltaVista thought they had all their christmas presents early......and then had them snatched away again an hour later.

  47. Anonymous Coward
    Anonymous Coward

    Billion Dollar Corporation or: How I learnt to stop worrying and love Google

    Was the human in question (in this Google 'human error') a certain General Midwinter? Or perhaps Major TJ Kong?

    Come on Reg™, where are the two new icons to add to messages featuring a G with horns or a halo?

  48. Kenny Swan
    Coat

    God...

    @Thomas Baker: It affected all browsers. It affected IE7 for me. Besides, it was a server side thing, so I doubt the browser would make much difference. And for everyone here whining about not getting 'credit', stop being such a pathetic attention whore. I noticed the issue, like a lot of the world, but I just ignored it and got on with my day and waiting for Google to sort it out. I didn't send it into a load of IT sites then came back looking to see if someone had mentioned my name. Do you REALLY think you're the only ones who noticed this issue and the only ones who sent in a tip. Get over yourselves.

  49. Andus McCoatover

    At first I thought...

    ..that the Vietnamese bloke who owns my local pub had exceeded his usual obsessive secrecy mode.

    (i.e., when accessing some pages on, for example the Telegraph.co.uk, I get "Page blocked by your System Administrator")

    I was using Firefox, and switched to IE, and it worked. Like the poster above, I thought FF was borked. Took me awhile to realise the search engine on IE was Yahoo.

    So I guess the poor sod at Google is about as bright as I am (Hint: think Toc H lamp. Google for it, if it'll let you.)

  50. Anonymous Coward
    Coat

    Absolutely staggering.

    The occurrence of phrases such as "internet down", "traffic down 93%" - the stock reaction seems to have been "google went down and we couldn't access the internet".

    Google != the internet. They're a search engine - and that's all. It's testimony to the prominence of Google in people's thinking, that to lose Google is to lose the net.

    Personally I use ask, not google - I don't like google - they can't be trusted. To have untrustworthy people appoint themselves as gatekeepers to human knowledge is foolish. That we stand around mutely while it happens, aware of their inherent untrustworthiness, says a lot about the people we have become.

    To the people who thought that because Google went down they couldn't access the internet, please return your computers to the shop you bought them from and tell them you're too stupid to own one.

  51. Julian I-Do-Stuff
    Happy

    @Pete

    Reminds me of a -sane - government official responding to a pestering about some imagined danger to public health/safety on Radio 4 years ago ...

    After repeatedly telling the interviewer that there was no significant risk, that the risk was insignificant, that whilst it was theoretically possible the likelihood was negligible, the interviewer hit him with a perfect...

    "Yes, bit it *is* possible, isn't it?" (=all Radio 4 listeners should begin/continue to panic)

    To which the weary interviewee responded, patiently, but with the gentle sigh of someone seeking to reassure a child, "Almost everything is almost always a possibility."

    Pause. Silence. End of interview.

    The only certainty in life is death - even taxes are optional (NB, the British invented Income Tax - a "temporary measure" if I recall my history correctly - to pay for the Napoleonic wars; if we disinvented it, would the rest of the world follow again?)

  52. sauerkraut
    Happy

    i typed google into goole...

    ... lo and behold: the internet was broken!

  53. BoldMan
    Paris Hilton

    Worked ion IIE but not Firefox? Shurely shome mishtake?

    So if the problem was with Google, how could it affect one browswer but not another? Explain please?

  54. Anonymous Coward
    Go

    Safety first

    Since all sites could potentially be compromised and contain malware, this new approach makes sense.

    Wait, they reverted it?

  55. Martin Eriksson

    Just wait for the lawsuits to roll in...

    I'm just waiting for a flurry of lawsuits to roll in... 40 min of no google referrers would be a significant chunk of change for alot of large e-commerce sites... Not to mention the click-arb sites stuck in between, and the people that rely on PPC for their business...

    /bfg

  56. Simon R. Bone
    Thumb Down

    Lost income and loss of site reputation??

    Class action potential?

  57. mittfh
    Boffin

    Technically, they could be right...

    There's no way Google can tell what's happened to a webpage since it was last spidered...

    OK, so the pages on most well-known big domains are likely to be fairly innocuous, but once you start trawling through individual users home pages, anything could have happened in the past few months...

    Then again, 99% of malware exploits Windoze boxes, and I'm typing this on a Linux box - so unless the malware is smart enough to hack the root account, I think I'm pretty safe...

  58. Dan Moore

    Lawsuits?

    I don't think so. It's not google's responsibility to provide traffic to your website. Reminds me of some clients we have - "My website ranking has dropped, have you got a number for Google so I can tell them to fix it?"

  59. Andus McCoatover
    Happy

    RE:Worked ion IIE but not Firefox? Shurely shome mishtake?

    Er, if that was aimed at me, pse re-read comment.

    (Sheesh, Flies-on-my-Sacred-Cow!)

    Thank You very many. Kiitoksia paljon.

  60. Anonymous Coward
    Anonymous Coward

    Familiar tactic

    I stopped using Nod32 AV because it told me just about everything installed on my PC was malicious software. (and I was too lazy to bother doing anything about it). Perhaps they've started using that as their corporate AV solution? :D

  61. Anonymous Coward
    Thumb Down

    This crap can be turned off...

    I'm sure there's an option in FF to turn it off. To non-techies it *would* look, though, like the whole damned web was down.

    I hate Google.

  62. Doug Glass
    Paris Hilton

    Jeez, Don't People Know.....

    ... Google is not the web? All you had to do was use a bookmark or type in the address. Or search using another search facility....such as [God forbid] Yahoo.

  63. Niall

    Re:Statistics

    and how many people ignored it?

  64. Simon Harris Silver badge
    Joke

    Gooigle said even Google wasn't safe...

    Yes, I admit it - I typed Google into Google and it broke the internet

  65. Anonymous Coward
    Pirate

    TDWTF... first for all your tech news

    Well, we covered it there at 14:35 GMT.

    Then again at 14:43 and 14:53. So we were first to publication :-P~~~

    (It's now 16:12 and a google news search for "google malware" (no quotes) has the earliest reference as:

    Google crashes; says all Internet is bad

    iTWire, Australia - 1 hour ago

    Clicking on any search results takes me not to the page in question but to a Google page advising of the risks of malware. I am told I can continue on if ...GOOG)

  66. Kas Thomas
    Thumb Up

    Script to keep Google "harmful" page from appearing

    If this happens again, there's a useful Greasemonkey script at http://tinyurl.com/c53hhe for routing around the Google warning page.

  67. Ville Ahl
    Black Helicopters

    Worldwide?

    This gestapo thing deserves a black helicopter. I were doing some happy googling when the intarwebs went dead... quick switch to yahoo to find out what google badware alliance actually is. As a result i think i'll skip on google, if i can dodge that overlord of the internets. I mean, anonymously sending an alert that isn't even researched by stopbadware.org, and your site is unreachable by the formerly blue G giant. It makes me wonder though that why oh why is the el reg not on badware list all the time, considering the people you make angry daily.

  68. Anonymous Coward
    Thumb Up

    The clueful wouldn't have noticed...

    ...because they don't use Google...and their HOSTS file is filled with Google-blocking entries.

  69. dave

    @ideala2...

    ...now Google's working properly again, you can use it to research the difference between a TLD and an URL :)

  70. Frank Sutton
    Thumb Down

    Internet gone bad

    I personally think this should be a wake up call to all internet users.

    I'm now starting to think "monopoly" (microsoft springs to mind), what if in 10 years time and google's beaten all other search engines into ground and this happens? Most techs would be fine but bugger me would the rest suffer.

    I now firmly believe Google's access gateway to information is far to powerful right now, let alone 10 years in the future.

    "Do no Evil" yeah right.

  71. Arty Effem

    Dear Head Programmer,

    This oversight may harm your career.

  72. Chronos Silver badge
    Thumb Up

    Single point of failure

    Title says it all. What a bloody great idea to castrate the Internet, which was designed from the ground up NOT to have any single points of failure, by introducing one. EU take note, this is what they'd like to have everyone use, so take the advice they give you when you're fabricating that Internet Rule Book out of whole cloth with much NaCl. [1]

    I wonder if Fx3's "safe" browsing took a hit, too? I can't tell as it's turned off and the lookup URLs munged about 30 milliseconds after I install Fx on any of my systems, but IIRC that all comes from the Goog, too. If I ever decide to rummage through the code, I might just make a port that disables this "functionality" out of the box and replaces Google with Scroogle SSL as the default search plugin.

    On that note, what should I call the unbranded results, since I'm not allowed to call it IncandescentVulpine for trademark reasons? I'm thinking Earthbadger, which sounds nice; wouldn't that look bloody wonderful in your httpd logs? I'll give ElReg the diff and they can call it Airvulture, in keeping with the [mystic elements][animal] naming scheme. Or I might just be a lazy bastard and go back to using Konq ;o)

    [1] http://www.theregister.co.uk/2008/10/15/neutrality_in_europe_analysis/

  73. Anonymous Coward
    Happy

    Side-effects!

    ROFL poor old stopbadware.org effectively got DDoS'd, as they suddenly got millions of visits from confused googlers following the link given on the warning pages that every single one of them was now seeing....

  74. Graham O'Brien
    Paris Hilton

    I beat Ollie so there!

    I emailed our beloved Moderatrix - oddly enough, google sites were not flegged as hazard, juet everyone else ...

    ... I though it was because I had googled for a recipe for coq-au-vin ...

    Paris for obvious reasons

  75. Anonymous Coward
    Linux

    Only Windows users affected

    Linux and Mac are safe :)

  76. Christopher
    Boffin

    statistics

    What I want to know is what yahoos stats looked like during that 45min period. I can imagine they got bombed with traffic especially since i was struggling to get their site to respond during the period.

    nice screen shots... look very similar to the ones i emailed the register at 15:13.

  77. Dan

    Warning against themselves

    Ian Visits has a lovely screenshot of Google telling users that Google could harm their computer.

    http://www.ianvisits.co.uk/blog/2009/01/31/google-thinks-every-website-could-harm-your-computer/

  78. Adam Williamson
    Thumb Down

    ORly?

    "Google mistakes entire web for malware"

    Mistakes?

    40% of it wants to sell you crap you don't need, 40% of it wants to waste your time, and the other 20% is hawking viruses to take over your computer so they can sell you crap you don't need and waste your time ALL THE TIME.

    I'd say Google's right on the money ;)

  79. Pierre Silver badge
    Coat

    My bad

    Sorry folks, it's my fault. I dropped the internet. Must have caused a glitch. It seems to be OK now. I'll take it back to Big Ben before something really bad happens.

    PS Cade, we all know you're on a personal crusade against the Big G (yes, they ARE a big nasty corporation hell-bent to making money. Hey, guess what, the *entire* US -world?- economy is!), but putting stuff like "blocking access to the entire net" in this abstract makes you sound like a raving loonie, sorta.

  80. Anonymous Coward
    Happy

    THHGTTG

    Harmless -> Mostly Harmless -> Gone

  81. Anonymous Coward
    Anonymous Coward

    (untitled)

    Google finally gets it right, and they fiddle to turn it back as it used to be ?!?

  82. Sam Tana
    Paris Hilton

    No "OK" button

    The worst thing is that the standard malwear warning advises users that the requested site "may harm your computer" but that you "may continue at your own risk" but supplies no obvious method of doing so. There's no "OK" button. Unless you know to manually change the URL in your browser (or use another search engine) you're goosed.

    Paris, because she likes being goosed.

  83. Dom

    Re: No "OK" button

    If you don't know how to manually change the URL or use another search engine, then you don't know enough to be allowed to take your browser somewhere dangerous.

  84. n
    Joke

    CAN'T..STOP ..HAND..MOVING...TOWARDS...KEYBOARD....ARGHHH....

    FIRST !!

  85. Lionel Baden

    i dont think

    That i have ever noticed that warning before in my life !

    And if i did i would promtly ignore it.

    Because i will not download a new video codec from some random link

  86. mr.K

    Human error?

    Isn't human errors limited to humans? I thought that Google only had Oompa Loompas running their factory.

  87. Anonymous Coward
    Anonymous Coward

    FIRST!11!1!

    Da tarnet, she's broken. Ma Google ain't workin anymore.

  88. This post has been deleted by its author

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019