BarCamp: Erica on Stopbadware.org
I should tell you about the medical application sessions I went to yesterday afternoon, the One Laptop Per Child excursion, and a few other things from last night, but I’m in a BarCamp Boston 2 session Erica George is leading about Stop Badware.org, a project out of the Berkman Center for Internet & Society about stopping harmful programs, like spyware, that do bad things to computers and often appear without the user’s awareness. For example, someone might download wallpaper that has a program incorporated in it that sends keystroke data back to another server, potentially capturing information like financial information and passwords. She describes the project as “neighborhood watch for the Internet” and as “letting people know their back door is unlocked when they believe it is locked.”
Google, who has provided funding to StopBadware.org, is doing a lot to try to alert people to sites that might contain harmful programs. She mentioned the text “This site may harm your computer.” that appears in Google search results and its link to a help document explaining what that text means.
StopBarware.org. She and I run the blog group together.
3/23/07: By the way, she mentioned Jonathan Zittrain’s “The Generative Internet” quite a few times.
March 26th, 2007 at 10:16 pm
[...] Remember a few days ago I told you about Erica’s StopBadWare.org talk at BarCamp Boston 2 and some of the basics of badware? Ethan has a much more detailed post about how the weblog of someone he knows was hacked to distribute malware, what she did to solve the problem, and some guidelines for specifically what to do if it happens to you. [...]
March 27th, 2007 at 6:47 pm
Google does more than provide funding to StopBadWare.Org, they have empowered the organization to delist sites. A site that I administer was flagged by StopBadWare.Org. Who knows how long it was flagged for because no attempts to contact anyone associated with the site were made. The site was submitted via the appeals process. No changes were made to the site in the meantime. About 2 weeks later, the site was deemed healthy and cleaned of any malicious content. Again, NO CHANGES TO THE SITE HAD BEEN MADE. StopBadWare.Org has not yet provided any evidence that any malicious code was ever present. It looks great to everyone that they are flagging about 8,000 new sites a week, but by what methods. And it is my contention that most of the site administrators have not been contacted. StopBadWare.Org needs to greatly improve their methodology and embrace a policy of thorough documentation and full disclosure. Sites flagged should be provided with the full details of WHY the site was flagged. And StopBadWare.Org needs to provide log files of attempted contacts to the Site Administrator. AND if StopBadWare.Org is incorrect — do not for a second believe they are infallible — they need to provide public apologies and some form of restitution to the damaged business. Who is policing the police here? Don’t get caught up in the number of sites this organization as flagged; this is nothing more than unverified bravado and self-marketing. While we should all be thankful of any site that is removed dispensing malicious code, we cannot be gratified at innocent businesses and sites that are harmed by the vigilante approach this organization seems to embrace. Indeed the power that StopBadWare.Org wields is too great.
April 9th, 2007 at 4:50 pm
Hi j, thanks for the writeup! I wonder if maybe I should do a session on badware and blogs at a blog group sometime soonish, actually. Or, even better, we could do a combined session on comment spam and badware as they affect blogs.
I’d also like to clear up any confusion from the comment above. GoogBadnUgly, StopBadware is not in any way empowered to “delist” sites from Google’s index. It’s Google that finds the sites with badware and places warnings in their search results. It’s also Google that makes a good faith effort to contact webmasters to let them know their sites were flagged and where they can get information about what’s wrong. StopBadware is involved in Google’s filtering as an independent organization from which site owners can request an impartial review.
If anyone would like to read more about the Google warnings, we have a FAQ: http://stopbadware.org/home/faq#partnerwarnings
For folks concerned about the security of their own websites, check out http://stopbadware.org/home/security
Erica
StopBadware Online Organizer