May 30th, 2012 | Published in Google Public Policy
Security online is a shared responsibility and we take our role very seriously. We work hard to proactively identify security threats, protect our users and their personal information, and help make the Internet a safer place.
So when we realized that some of our users’ computers or routers were infected with malware called DNSChanger—and that we could tell which of our users were infected—we notified them and directed them to the tools they needed to clean their computer and ensure connectivity. We’ve already notified half a million individuals about DNSChanger infections on their devices.
While we can’t detect most kinds of malware, sometimes we’re able to use data to discover unusual patterns. For example, irregular activity in our search traffic could indicate activity from a botnet or denial of service attack, and we take steps to notify the appropriate authorities and our users. This isn’t the first time that we’ve been able to detect malware and alert our users—we reached a million users last summer during a similar malware notification.
We are constantly developing new security technologies and contributing research and open source tools to the security industry. We’ve provided SSL encryption by default for Gmail accounts, notified users about suspicious activity or tampering with their Google accounts, created tools to detect and act upon potentially dangerous sites in our search index, help browser and web developers to protect their users from malicious links with the freely available Safebrowsing API, and delivered automatic security updates to the Chrome browser.
We’re also collaborating with the Industry Botnet Group, a group of ISPs, security groups, industry leaders, and law enforcement entities that share expertise and aggregate resources for countering botnets. The U.S. Department of Commerce recently highlighted the success of this initiative in bringing together private sector actors to address the issue of botnets. And the White House held an event today applauding the success of industry partnerships in addressing these issues— recognizing like many in Congress that transparency and information sharing are critical to addressing security risks on the Internet. Google is also continuing to address botnet security concerns through the Federal Communications Commission’s Communications, Security, Reliability, and Interoperability Council (CSRIC), which includes participants from both the public and private sectors.