Google Adsense College

Posted by Panayiotis Mavrommatis,
Google Security Team

We recently began a series of
posts related to online security that focus on how we secure
information (with posts href="http://googleblog.blogspot.com/2008/03/how-google-keeps-your-information.html"
id="qyc5" >like href="http://googleblog.blogspot.com/2008/03/using-log-data-to-help-keep-you-safe.html"
id="kb5c" >these) and how you
can protect yourself online. Here's the latest in the series.-
Ed.

As part of this ongoing security series, we'd like to talk a
little about id="lase" >malware. The term malware, derived
from "malicious software," refers to any software
specifically designed to harm your computer or the software
it's running.

Malware can be added to your computer, with or without your
knowledge, in a number of ways — usually when you visit a website
containing malware or when you download seemingly innocent
software. It can then slow down your system, send fake emails from
your email account, steal sensitive information like credit card
numbers or passwords from your computer, and more.

The conventional wisdom was that you could avoid malware by
learning to spot sites that were created with the sole purpose of
spreading it, and by staying away from other sites that might be
risky. But href="http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html"
id="jddj" >recent research from Google
suggests that an increasing number of malware attacks are taking
place on sites you'd normally regard as safe or legitimate, but
have actually been compromised.

Google works closely with the href="http://googleonlinesecurity.blogspot.com/2007/11/help-us-fill-in-gaps.html"
id="kxrj" >security community to href="http://googleonlinesecurity.blogspot.com/2007/05/introducing-googles-anti-malware.html"
id="oe4q" >identify malware on the web and
then href="http://googleonlinesecurity.blogspot.com/2007/06/phishers-and-malware-authors-beware.html"
id="qn3p" >share that information more broadly.
We've set up a number of automated systems to scour our index
for potentially dangerous sites, and we href="http://www.google.com/support/bin/answer.py?answer=45449&topic=360&hl=en&sa=X&oi=malwarewarninglink&resnum=1&ct=help"
id="v9:q" >add a label to those that appear to be a vehicle for
malware. If you're searching on Google and click on a link that
we've flagged, a warning page will appear before you move
forward.

We also href="http://www.google.com/support/webmasters/bin/answer.py?answer=45432"
id="am_8" >notify webmasters if we
discover that a site is no longer secure and provide a method for
webmasters that href="http://googlewebmastercentral.blogspot.com/2008/04/my-sites-been-hacked-now-what.html"
id="ubgi" >clean up their sites to
href="http://googlewebmastercentral.blogspot.com/2007/08/malware-reviews-via-webmaster-tools.html"
id="bkdz" >request a review. And
starting soon, we'll be providing more detail on sites that
appear to be spreading malware, so users have a better sense of why
we have flagged a given site and webmasters can more easily
identify and correct issues on their sites.

All this stems directly from our security philosophy: We believe
that if we all work together to identify threats and stamp them
out, we can make the web a safer place for everyone. Of course, we
can't catch everything, so our users play a

href="http://www.google.com/contact/security.html"
id="kp-b" >crucial part of this effort too. Below are a few tips
that can help you reduce your chances of being affected by
malware:

Use anti-virus
software. Most anti-virus software is specifically designed
to find and remove harmful software on your computer. Be sure you
have anti-virus software installed on your computer (you can get a
free trial through href="http://pack.google.com/intl/en/pack_installer.html?hl=en&gl=us"
id="a:vx" >Google Pack if you don't),
keep it current, and use it to run frequent full-system
checks.

Make sure your operating
system and browser are up to date. Attackers typically
target vulnerabilities in your href="http://en.wikipedia.org/wiki/Operating_system" id="neqc"
>operating system (OS) and your browser
to install malware on your computer. OS and browser providers
frequently release updates to close those vulnerabilities. Enable
automatic updates for both your browser and your OS, and check for
alerts to ensure you have the latest and greatest
protection.

Be careful about what you
download. While Google and everyone else in the online
community is working hard to identify harmful sites, new sources of
malware are emerging all the time. Whenever you're prompted to
download an email attachment, install a plug-in, or download an
unfamiliar piece of software, take a moment to think it through.
You won't always be able to identify a risky download, but if
you practice some reasonable caution, you'll be able to reduce
that risk.

If you come across a potentially dangerous site that hasn't
already been flagged, please href="http://www.google.com/safebrowsing/report_badware/" >report
it. To learn more about malware and how to protect yourself,
check out StopBadware.org's href="http://www.stopbadware.org/home/help" id="b5qc"
>help page.

href="http://feeds.feedburner.com/~f/blogspot/MKuf?a=mBxPUZG" > border="0" />

height="1" width="1" />

Tags: , google, Mavrommatis, Panayiotis, Posted, recently, Security, teamWe

Posted by Niels Provos, Google Security
Team

We recently began two new series
of posts. The first, which explains how we harness data for our
users, started with href="http://googleblog.blogspot.com/2008/03/why-data-matters.html"
id="wkxh" >this post. The second, focusing on how we secure
information and how users can protect themselves online, style="font-style: italic;"
href="http://googleblog.blogspot.com/2008/03/how-google-keeps-your-information.html"
id="b3rt" >began here. This
post is the second installment in both series.- Ed.

We sometimes get questions on what Google does with server log
data, which registers how users are interacting with our services.
We take great care in protecting this data, and while we've
talked previously about href="http://googleblog.blogspot.com/2008/03/why-data-matters.html"
id="gjr1" >some of the ways it can be
useful, something we haven't covered yet are the ways it can
help us make Google products safer for our users.

While the Internet on the whole is a safe place, and most of us
will never fall victim to an attack, there are more than a few
threats out there, and href="http://googleblog.blogspot.com/2008/03/how-google-keeps-your-information.html"
id="syc9" >we do everything we
can to help you stay a step ahead of them. Any information we
can gather on how attacks are launched and propagated helps us do
so.

That's where server log data comes in. We analyze logs for
anomalies or other clues that might suggest malware or phishing
attacks in our search results, attacks on our products and
services, and other threats to our users. And because we have a
reasonably significant data sample, with logs stretching back
several months, we're able to perform aggregate, long-term
analyses that can uncover new security threats, provide greater
understanding of how previous threats impacted our users, and help
us ensure that our threat detection and prevention measures are
properly tuned.

We can't share too much detail (we need to be careful not to
provide too many clues on what we look for), but we can use
historical examples to give you a better idea of how this kind of
data can be useful. One good example is the href="http://www.citi.umich.edu/u/provos/papers/search_worms.pdf"
id="ujjv" >Santy search worm
(PDF), which first appeared in late 2004. Santy used combinations
of search terms on Google to identify and then infect vulnerable
web servers. Once a web server was infected, it became part of a href="http://en.wikipedia.org/wiki/Botnet" id="or.e"
>botnet and started searching Google for more
vulnerable servers. Spreading in this way, Santy quickly infected
thousands and thousands of web servers across the Internet.

As soon as Google recognized the attack, we began developing a
series of tools to automatically generate " href="http://en.wikipedia.org/wiki/Regular_expression" >regular
expressions" that could identify potential Santy queries
and then block them from accessing Google.com or flag them for
further attention. But because regular expressions like these can
sometimes snag legitimate user queries too, we designed the tools
so they'd test new expressions in our server log databases
first, in order to determine how each one would affect actual user
queries. If it turned out that a regular expression affected too
many legitimate user queries, the tools would automatically adjust
the expression, analyze its performance against the log data again,
and then repeat the process as many times as necessary.

In this instance, having access to a good sample of log data meant
we were able to refine one of our automated security processes, and
the result was a more effective resolution of the problem. In other
instances, the data has proven useful in minimizing certain
security threats, or in preventing others completely. In the end,
what this means is that whenever you use Google search, or Google
Apps, or any of our other services, your interactions with those
products helps us learn more about security threats that could
impact your online experience. And the better the data we have, the
more effectively we can protect all our users.

Tags: , google, Niels, Posted, Provos, recently, Security, teamWe

Posted by Susan Straccia, Google Blog
Team

We see a lot of exciting projects come to fruition around here, but
two Googlers recently added delivering a baby to their on-the-job
experience, giving a whole new meaning to working well under
pressure.

One day last month, Matthew, a software engineer in our href="http://maps.google.com/maps?f=q&hl=en&geocode=&q=720 4th Avenue, Kirkland, WA&sll=47.67842,-122.195236&sspn=0.001994,0.004951&ie=UTF8&om=1&ll=47.678522,-122.195649&spn=0.00942,0.021651&z=16&iwloc=addr" >
Seattle/Kirkland office, arrived at work as usual. As he got to
his desk, he learned that his expectant colleague Min was home
sick. He thought this was strange, since she seemed fine the day
before and her baby wasn't due for another 17 days. He sent her
an email to make sure everything was okay. Min responded that she
thought she might be experiencing contractions, but that everything
was fine. Fifteen minutes later, he got a second message: Please
come help me get to the hospital right away. Matthew rushed over
and had barely backed out of the driveway when Min managed to say,
"The baby's out." He picked up the little bundle in
his right hand and declared, "It's a boy," and gave
him to her to hold. An ambulance arrived on the scene seconds
later. And just like that, Min and her husband became the proud
parents of Andy.

onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"
href="http://bp1.blogger.com/_7ZYqYi4xigk/R0N5n8LJzuI/AAAAAAAAAOs/hAYyQU-rwjA/s1600-h/Min2.JPG" >
height="1" width="1" />

Tags: , Blog, google, lot, Posted, Straccia, Susan, teamWe

Posted by Chikai Ohazama, Google Earth
Team

We feel like proud parents around here. Our eldest, Google Earth
for the PC, is officially leaving beta status today, and we
couldn't be more pleased. For those of you who downloaded
early, upgrade to the latest and discover Google Earth all over
again.

And we have a brand new member of the family — Google Earth for
Macintosh. We're happy to finally have some good news for the,
ahem, vocal Mac enthusiasts we've been hearing from. Let's
just say that we have gotten more than a few "requests"
for a Mac version of Google Earth. They've gone something like
this:

1) "When is it coming out? Your website says that you are
working on it."

2) "You know, Mac users are very heavy
graphics/mapping/visualization/design/ architecture/education/real
estate/geocaching/social-geo-video-networking fans who would
certainly use Google Earth a lot."

3) "So when is it coming out?"

We heard you loud and clear. The Mac version runs on OS X 10.4 and
up. Happy travels throughout href="http://earth.google.com/download-earth.html" >Google
Earth, whether you're on a Mac or a PC.

Tags: , Chikai, Earth, feel, google, Ohazama, Posted, teamWe

Posted by Kevin Tom, Google Desktop
team

We are happy to be releasing the http://desktop.google.com/”>Google Desktop 5 application
in 29 languages, including our first release in Hindi. It's now
easier than ever for people around the world to find content on
their computer as well as on the web. We've redesigned the look
and feel of the sidebar and many of our most popular gadgets. There
are also previews for search results and warnings for suspicious
websites, whether you're clicking on links from documents, IMs,
websites, and more.

No matter which country you're in, we hope that these changes
make it easier to quickly and safely find the right information. To
learn more about what's new with Desktop 5, read http://googledesktop.blogspot.com/2007/03/new-sidebar-and-gadgets.html”>
this post on the Google Desktop Blog. And check out the
recently-released version for http://desktop.google.com/mac”>Mac, too.

http://bp2.blogger.com/_Ap14FtNN91w/RiVBZagCOnI/AAAAAAAAAEc/QZq7YuytFBo/s1600-h/Desktop5_images.jpg”>
alt="" id="BLOGGER_PHOTO_ID_5054518061659470450" border="0" />

Tags: , desktop, google, Happy, Kevin, Posted, teamWe, Tom