Microsoft Begs to Differ, Says Bing Stops Malware

It seems like only last week that we were telling you about a study from AV-Test which found that Bing delivered five times as many malicious websites as Google. First Yandex challenged the findings, and now Bing has finally piled on saying that their search service is as safe as any other search engine.

"AV-TEST’s study doesn’t represent the true Bing experience," said Bing senior program manager David Felstead in a statement to SecurityWatch. "By using the API instead of the user interface, AV-TEST bypassed our warning system designed to keep customers from being harmed by malware."

Some users might be familiar with this system, where Bing generates a message when you click on a link it thinks might be suspicious. You can then learn more or proceed to the site anyway. This is similar to the complaint from Yandex, who said that they don't filter any search results, but instead add warnings on their results page. Google and other search engines offer similar warnings.

"Bing does prevent customers from clicking on malware infected sites by disabling the link on the results page and showing a message to stop people from going to the site."

According to a different Microsoft spokesperson, Bing incorporates automated scanning into its search system. "Bing is able to easily detect pages consisting of machine-generated spam, keyword stuffing, redirect spam or malware, allowing Bing to effectively remove such sites from results," said the spokesperson. "When a page is detected with malicious content, depending on the content and/or intent of the page, it is either removed from the Bing index entirely, or flagged with a warning such that users are informed that there may be some risk to their online security if they continue to visit it."

AV-Test Responds
Andreas Marx, the CEO of AV-Test, confirmed to SecurityWatch that the 18-month study was based on information delivered from the Bing API. The search terms the company used were gleaned from trending terms on Twitter, Google Trends, and BBC headlines. "No links were clicked/followed through the search engine," said Marx. "We simply grabbed the URLs and downloaded them on our own systems for further analysis."

AV-Test used this methodology because they weren't testing the efficacy of search engine malware blocking. Rather, they were interested in seeing how the bad guys are attempting to use search engine results to deliver malware to victims. "We didn't want to test the warnings from the search engine but simply how many potentially malicious websites are returned by the search engine," Marx told SecurityWatch.

As AV-Test said when responding to Yandex's complaint that they used a multi-step system to confirm the malicious results using both their resources and third party systems as well.

Is There a Safer Search Engine?
"It's a fact that malware writers are using SEO attacks to optimize the rank of their malware sites," explained Marx to SecurityWatch. "This was the main topic of the study, the report was NOT designed to be a 'safety comparison' for search engines."

However, Marx went on to say that malicious links can come from anywhere—Google, Bing, Facebook, Twitter, and email.  He urged people to keep their security software up to date, and use common sense to avoid suspicious links. To him, the more malicious sites that are blocked before users even see them, the better.

In reference to blocking tactics used by some search engines, Marx was still concerned that users might not get the message. "These warning messages are not shown at all times if the site is dangerous, just in some cases," he said. "However, in all cases, you can easily click on the link and visit the malicious website and your system gets infected."

Marx suggested that a clearer model for malicious link blocking that used warning messages similar to Google Chrome when it suspects a site is malicious, or simply make a suspicious link not-clickable thus forcing the user to cut and paste the URL into the browser.

"Microsoft argues that their warning is 94% effective, so 'only' 6% of the people will click on the malicious link anyway," said Marx. "Still, that's a lot of people."

In an interesting wrinkle to this story, Felstead demonstrated how Bing flagged the website vacationhotlines.net in a blog post this past Friday. However, Computer World UK spoke with the site's manager who, with the help of anti-virus software, confirmed that his site was malware free. The site is currently listed, without warning, on Google.