I think, but am not sure, that “this site has not hosted malicious software” is making a distinction between targeting users and just providing bandwidth for distributing malware? It is confusing, though.

The linked URLs just go to the report pages for those sites, not the actual site.

I’ve seen mixed results on how often blocked sites are scanned. But I think the important point for the moment is that by making this data available, it’s now possible to critique the method.

Chris:

I’m not now sure exactly what “without user consent” means. I’d assume it’s a mix of pages trying to exploit known security vulnerabilities, and distributing software that dishonestly includes malware (eg, a screensaver that includes trojan).

I don’t think listing the exact exploits and advisories is all that useful for users. If the site is actively distributing malware, then it’s risky to visit, end of story. I would expect that sites using known malware are also highly likely to include unknown attacks.

Does this really mean “this web site attempts to exploit security vulnerabilities to download and install malicious software without user consent”?

I mean, no site should be able to do that, so I’m lost.

As for the level of detail, IMO, it tells me almost nothing – I want to know what exploits the page attempts with links to corresponding security advisories, etc. So, my preference would be a summary at the top for “normal” users, and then a big divider, and give even more detail below.

> Of the 151 pages we tested on the site over the past 90 days, 108
> page(s) resulted in malicious software being downloaded…

Then just a bit further down it says:

> Has this site hosted malware?
> No, this site has not hosted malicous software over the past 90
> days.

Huh??? That’s confusing.

Also, it says this is for bettasearch.com, but actually it’s for http://www.bettasearch.com. That www. can make a big difference, so they should fix that.

And why on earth are the URLs to the malicious sites actually hyperlinked? (Unless they go to safebrowsing.clients.google.com of course.)

I visited the site myself just now, and the page is currently saying:

> Of the 1 pages we tested on the site over the past 90 days, 0 page(s)
> resulted in malicious software being downloaded and installed without
> user consent. The last time Google visited this site was on
> 03/26/2008, and suspicious content was never found on this site
> within the past 90 days.

So why is it still being blocked? Is 1 page test really enough? I suspect the site is still hosting malicious software (being bet_t_asearch.com and all), but if a user sees that only one page was tested, and it wasn’t found to have malicious software on it, they’re going to loose confidence in the protection and think it’s buggy and just a pain. They’re also likely to click through to the page.