Google’s Safe Browsing team’s charter is to protect end users from malware and deceptive practices on the Web. Recently, the team has been focusing heavily on unwanted software (UwS). Google’s systems and tools were able to help detect this software because of its resemblance to malware. Unlike most malware, however, UwS is often created and distributed by companies that operate in the open.
By engaging with these companies, the Safe Browsing team has learned how stakeholders view Google’s systems from the outside; key lessons include the efforts these companies go through to bypass Google’s evasion, how much knowledge they have about how Google’s systems operate, and how their return on investment (ROI) can make spending $50K a month on new domains a drop in the bucket.
Nav Jagpal shares fun stories about the Safe Browsing team’s engagement efforts last year and lessons that others in security may find useful when building systems and engaging with ecosystems that host a spectrum of adversaries and allies.
Nav Jagpal is a renegade software engineer on Google’s Safe Browsing team and has been with Google for over nine years. Nav specializes in fighting Chrome extensions malware and unwanted software. Nav’s publications include “Trends and Lessons from Three Years Fighting Malicious Extensions,” “Ad Injection at Scale: Assessing Deceptive Advertisement Modifications,” and “Trends in Circumventing Web-Malware Detection.”
©2016, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org