Google: Anti-virus Software Needs To Shape Up

Mountain View (CA) - Google is painting a scary scenario about potentially dangerous websites on the Internet: More than 1.3% of all search queries are now directing users to at least one malware site - and only seven out of ten threats are caught by the best security applications available today.

Google limited its research (PDF) to pages that contain so-called drive-by download web pages, which are installing and running malware on client PCs without user action. According to the company, such drive-by downloads are now hiding in more than 3.4 million URLs on more than 181,000 web sites. The research results also suggest that more and more search results provided by Google point to malware sites: While less than 0.3% of search queries contained a link to at least one malware site one year ago, the rate has gone up to about 1.3% at the end of the year.

From the top 1 million web site addresses listed in search results, Google found about 6000 to be malicious - which means that, on average, 0.6% of the most popular web pages in Google search can lead to malware exposure. The most popular malicious web page has a rank of 1588 of 1 million. Most malware sites (67%) are hosted in China, followed by sites in the U.S. (15%), Russia (4%), Malaysia (2.2%) and Korea (2.0%).

The company's researchers also found that antivirus software may not be sophisticated enough to reliably protect users from web threats: Google found a 70% malware detection rate for the best anti-virus engine with the latest set of definitions. "These results are disturbing as they show that even the best anti-virus engines in the market fail to cover a significant fraction of web malware," the reports states.

"Merely avoiding the dark corners of the Internet" will not protect users from malware exposure, Google believes. "State-of-the-art anti-virus engines are lacking in their ability to protect against drive-by downloads. While this is to be expected, it does call for more elaborate defense mechanisms to curtail this rapidly increasing threat."

Google said it examined about 66.5 million URLs for this report.