google safe browsing: meaning of "malicious software being downloaded and installed without user consent"
As an example, see http://www.google.com/safebrowsing/diagnostic?site=google.com What does this phrase mean? Is it a browse-and-get-owned exploit? Is it for outdated browsers, or modern browsers too? Does it require specific vulnerable plugins to be active, such as Java?
All Replies (5)
Read the following about "drive-by downloads". Item 2 at the top of the page. User does not need to click on something on the infected page for a download to occur. Simply visiting the page is enough for the download to occur.
You can also read this (3rd paragraph under "Delivery Methods").
Modified
So in this case, the malware is downloaded, but not run?
Most malware using the drive-by download method is downloaded and automatically installed or the user is fooled with some pop-up to "update" something which they may already have installed or believe that they need to install. Read the last paragraph (above "References") in - https://en.wikipedia.org/wiki/Drive-by_installation
- A drive-by install (or installation) is a similar event. It refers to installation rather than download (though sometimes the two terms are used interchangeably).
Modified
Then in this case, how worried should I be about the safebrowsing numbers for "malicious software being downloaded and installed without user consent", if I am using an up-to-date Firefox with javascript enabled? What if I have flash enabled?
Bottom line: The warning is just that - a warning.
- If a user proceeds to a suspicious site or a site known to be malicious, it is the user's decision and responsibility.
- The browser used and/or browser settings may or may not protect you if it is a new (zero-day) attack vector. That is the reason for frequent updates.
- If a user proceeds and is infected with a virus, the user needs to refer to the following for assistance -
The information on the page http://www.google.com/safebrowsing/diagnostic?site=www.google.com seems a bit garbled and contradictory as it starts by saying "Of the 37966 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent" then below that listed sites that may contain malicious downloads. You will need to contact Google about that seeming discrepancy as Mozilla is not involved in visiting or analyzing those pages
I gave you the definition that you requested in your original question. If your aim is to investigate Google's methodology or reporting, then contact Google.