Human error causes Google search bug
The glitch, warning that sites 'may harm your computer,' lasted about an hour
January 31, 2009 12:00 PM ETIDG News Service - Human error caused a search-results glitch that returned the message "This site may harm your computer" for about an hour Saturday on Google Inc.'s Web site, the company said. The mistake was Google's, not StopBadware.org's, as was originally thought.
Google said it released an update Saturday morning to its list of Web addresses known to install malicious software and "unfortunately (and here's the human error), the URL of '/' was mistakenly checked as a value to the file and '/' expands to all URLs," wrote Marissa Mayer, Google vice president of search products and user experience, in an official Google blog post explaining the glitch. "Fortunately, our on-call site reliability team found the problem quickly and reverted the file."
Mayer's original blog posting about the incident made it sound as if StopBadware.org was responsible for the error. StopBadware.org is a nonprofit organization that Google and other IT companies and academic institutions use to warn Internet users about sites known to install malware on computers that visit those sites. Mayer later posted an update clarifying that the problem was on Google's end.
Mayer initially wrote that Google periodically receives updates to the URL list and had received such an update on Saturday morning. Her revised blog post said instead that "we periodically update that list and released one such update to the site this morning," and then spelled out the '/' mistake.
After the first Google explanation went out publicly -- and was circulated to reporters -- StopBadware explained its side of the story on its own blog: "Google generates its own list of badware URLs, and no data that we generate is supposed to affect the warnings in Google's search listings."
Users who clicked on Google results during the glitch got an "interstitial" warning page saying that there could be malicious software at the site they were trying to reach and referring them to StopBadware.org for more information, the organization's blog said. "This led to a denial of service of our Web site, as millions of Google users attempted to visit our site for more information," it said.
StopBadware operates as a partnership among academic institutions, IT companies and volunteers. It is operated out of Harvard Law School's Berkman Center for Internet & Society. Its site was back up and running Saturday, if slowly at times because many people were trying to obtain information from the organization.
In both the initial post and the update, Mayer apologized in her post to anyone who was inconvenienced by the glitch and to site owners whose pages were incorrectly labeled as being malicious. "We will carefully investigate this incident and put more robust file checks in place to prevent it from happening again," she wrote.
Some news reports earlier in the day said that Google had also stopped flagging known bad sites, but according to StopBadware, that wasn't the case, and Google was correctly flagging those sites as malicious.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
Human error
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
