Google Enhances Safe Browsing for Admins
Google has enhanced its Safe Browsing for Network Administrators service by adding malware, social engineering and unwanted software to the list of things it monitors for.
Software engineer, Nav Jagpal, explained in a blog post that the service now monitors 40% of active networks, sending 250 daily reports to 1300 network administrators.
Five years after it was first launched to notify admins about harmful URLs on their networks, the service now monitors for and shares a range of data with them.
This includes pages which may be harming users via drive-by-downloads; domains set up with malicious intent to launch exploits and serve malware; and deceptive sites that socially engineer users into divulging sensitive info or downloading malware.
It also checks for unwanted software – that is, software which is “distributed through deceptive means such as social engineering, and has harmful software traits such as modifying users’ browsing experience in unexpected ways and performing unwanted ad injections.”
Finally, the service will now alert network admins if it finds traditional malware like trojans or viruses, Jagpal explained.
“Network administrators can use the data provided by our service to gain insights into the security and quality of their network,” he concluded. “By working together, we can make it more challenging and expensive for attackers to profit from user harm.”
Safe Browsing for Network Administrators is just one of a plethora of services Google offers to make the web a safer place, including its companion – Safe Browsing for users.
That service was updated last summer to include improved detection of potentially unwanted software, particularly that distributed via ad injectors or ad networks which lack strict guidelines.
Earlier this year Google also switched on Chrome alerts for malicious embedded content.
Download buttons, images claiming software is out-of-date and the like mimic their host site’s look and feel to appear legitimate, but can often lead to malware or phishing attempts.
Source: Information Security Magazine