Google (s GOOG) labeled the entire Internet as malware earlier this morning (between 6:30 a.m. PST and 7:25 a.m. PST), warning visitors that pretty much every web site could harm your computer. The news spread across the blogophere and Twitterverse pretty quickly. Many speculated that the problem arose from Google’s efforts to integrate the malware-blocking functionality promoted by collaborator StopBadWare.org, a not-for-profit group. Google confirmed that in a blog post. “What happened? Very simply, human error,” said Marissa Mayer, VP of search products and user experience:
Update: We maintain a list of such sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list. We periodically update that list and released one such update to the site this morning.
Since each case needs to be individually researched, this list is maintained by humans, not algorithms. We periodically receive updates to that list and received one such update to release on the site this morning. Unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs.
I have two thoughts about this problem. First, it shows that Google has become the single point of failure in our digital lives, whether we like it or not. These problems — human errors as Marissa calls them — are not going to go away, as the company becomes bigger, offers more services and extends control on our digital lives.
Secondly (and more importantly), if all of us are going to be obsessing about Google’s epic fail on a Saturday Morning, then maybe the message should have said “this computer may harm your life.” OK people, go and enjoy the weekend. I am about to do the same!
Really impressive that Marissa Mayer herself gave such a clear and transparent explanation of what went on, what they did to fix it, and what the impact was. If not for that detailed explanation, I think the public response could have been much worse. A lesson learned for all of us.
Just to clarify, StopBadware.org is NOT the source of Google’s list of potentially harmful websites; Google generates and maintains this list internally. StopBadware.org then uses Google’s list of malicious websites for research purposes as part of a data-sharing agreement, and independently evaluates websites at the request of website owners to assist the owners in removing infections and/or getting their websites removed from Google’s blacklist.
The StopBadware.org website did experience downtime as a result of the tremendous load that was placed on our infrastructure when suddenly, ALL Google searches displayed a link to the educational information we provide; however, this short outage would not have had any impact on Google’s own data, and could not have caused this morning’s bug.
Please see Marissa Mayer’s updated blog post or our explanation at http://blog.stopbadware.org for more information.
@Brandon,
That’s pretty much what my post says. But the additional information helps understand the issue much better. Thanks for stopping by to explain that.
Then maybe we should use more than just Google such as: Yahoo, Exalead, searchme, etc…
I agree – Let’s move on .. An embarrassment nevertheless … http://tinyurl.com/brvb5f
Boy, do I feel like an idiot. My daughter came to me this morning and told me of the message she kept getting even though she tried all kinds of different ways. I was busy with something else at the time so I couldn’t investigate, and she insisted that the problem wasn’t local, but my smug response was that it had to be the computer or our home network, as it just couldn’t be every search on Google getting that. I just went and ate some crow…
That’s interesting. I was surfing at that time, and was quite surprised by this. Interestingly, according to Marissa’s explanation ALL URLs should be marked malware. This was not the case. Around all about 1 or 2 links were marked bad on each page, so I wonder.
Was it really a mistake? Better safe than sorry!
:>
I wouldn’t call it a single point of failure. When my search (chicken cacciatore) failed via Google, I switched to Yahoo and got what I wanted.
This is not only a simple engineering problem of google, it’s a serious management issue. Time to switch to other search engine… LOL
I like SilkWise now. http://www.silkwise.com because it automatically connects my questions to different experts and always gives good answers.
/quote/
First, it shows that Google has become the single point of failure in our digital lives, whether we like it or not.
/quote/
…that’s IF you were using Google in the first place.
This bug outlines how dependent we have become on Google. This Sunday we had to go to a party. The host had to make a lot of preparations for the event and failed to do so as the google searches marked the websites as malware and she was afraid to visit those sites.
We do need a good alternative to Google, something that matches the search results and provides to be a worthy competitor to its ad platform.
I think Google has (inadvertently) shown everyone how valuable a spam filter is to everyday work. In my own moment of insanity, I tried shutting down our own internal spam filters for one day only, to experience the pain. Unfortunately, I quickly shut the experiment down after only one hour when I discovered that no one at Maysoft was particularly fond of feeling the pain or receiving all of their spam. Where is their sense of adventure?
http://blog.maysoft.org/blog.nsf/d6plinks/FPAO-7NVKRB
Just goes to show that diversity in digital security is absolutely necessary. No use getting all comfortable with one method thinking that everything is going to be taken care of at all times. Geez, what was I thinking!
http://www.justaskgemalto.com
Good job on Google making sure this problem has not since been repeated. At the same time it is nice to know that I have a choice to use other search engines if it does happen again and that the Internet can never actually be “down” as a whole.