Human error caused a glitch that returned the message “this site may harm your computer” for all Google search results for about an hour Saturday morning, the company said, but the mistake was Google’s and not StopBadware.org’s.
Google Saturday morning released an update to its list of URLs known to install malicious software and “unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked as a value to the file and ‘/’ expands to all URLs,” Google Vice President of Search Products & User Experience wrote in an official Google blog post explaining the glitch. “Fortunately, our on-call site reliability team found the problem quickly and reverted the file.”
Mayer’s original blog posting Saturday morning made it sound like the human error was on the part of StopBadware.org, a nonprofit organization Google and other IT companies and academic institutions work with to warn Internet users about sites known to install malicious software on computers that visit those sites. However, an updated blog posting clarified that the problem was on Google’s end.
Initially, Mayer wrote that Google periodically receives updates to the URL list and had received such an update Saturday morning, but her revised blog post said instead that “we periodically update that list and released one such update to the site this morning,” and then explained the ‘/’ mistake.
As the StopBadware blog explained it after the first Google blog went up publicly (and was circulated to reporters) as its explanation of the problem: “Google generates its own list of badware URLs, and no data that we generate is supposed to affect the warnings in Google’s search listings.”
Users who clicked on Google results during the glitch period got an “interstitial” warning page saying that there could be malicious software at the site they were trying to reach and referring them to StopBadware.org for more information, the organization’s blog said. “This led to a denial of service of our website, as millions of Google users attempted to visit our site for more information,” it said.
StopBadware operates as a partnership among academic institutions, IT companies and volunteers. It is operated out of Harvard Law School’s Berkman Center for Internet & Society. Its site was back up and running Saturday, if slowly at times given how many people were trying to obtain information from the organization.
In both the initial post and the update, Mayer apologized in her post to anyone who was inconvenienced by the glitch and to site owners whose pages were incorrectly labeled as being malicious. “We will carefully investigate this incident and put more robust file checks in place to prevent it from happening again,” she wrote.may be harmful to your computer.”
Some press reports earlier in the day said that Google had also stopped flagging known bad sites, but according to StopBadware that wasn’t the case and Google was correctly flagging those sites as malicious.