Google is flagging legitimate software as malicious

Martin Brinkmann
Dec 8, 2018
Google
|
26

On November 29, 2018, some software developers started to notice that Google Safe Browsing was flagging their programs and sites as malicious.

Google Safe Browsing is implemented natively in Google Chrome and used in other web browsers such as Firefox or Safari. Safe Browsing is used by the vast majority of desktop browsers at the time of writing.

Long standing and respected software companies such as Greatis, Antibody Software, Scooter Software, or IBE Software had some of their programs flagged by Google Safe Browsing on December 1, 2018. The companies produce programs such as the excellent Bulk Image Downloader, Beyond Compare, Spambully, HelpNDoc, Rename Expert, or Unhackme.

google safe browsing warning

Google flagged the programs or pages and notified webmasters that malware was detected on project websites via the company's Search Console provided that webmasters had added their sites to it.

Developers who tested their programs on Google owned Virustotal noticed, however, that their programs came up clean.

The main issues that each faced were the following ones:

  • Google was not specific. While the company stated that malware was found, it did not provide any details.
  • Virustotal scans returned that the programs or sites were clean.
  • Programs were signed by the companies.
  • The only option to contact Google was by mail. No direct contact option was provided. Google replied to some, at least, that the issue was not resolved but did not provide any actionable information.
  • Companies lost most of their traffic in the period in which their programs and sites were flagged.

Most of the flagged programs shared certain features; many were created using Delphi and Inno Setup.

Some of the affected sites and programs work fine in Google Chrome and Firefox at the time of writing. It appears that the issue was resolved on December 3, 2018. Websites can be accessed without warning messages and downloads work as well. Google may still display "this type of file may harm your computer" but it is at least possible to download the programs to the local system.

No one outside of Google knows whether Google did something on its end, e.g. tuned Safe Browsing, or if other factors led to the end of the issue.

Closing Words

The "webmaster" option of getting Google to recheck the flagged files and domains appears broken. Some webmasters used Chrome's issues report option (use Alt-Shift-I to display the form) to notify another Google department about the issue. Whether that helped or not is unclear.

Google's Safe Browsing is a powerful tool that protects millions of Internet users each day from malware. The software may flag legitimate sites or programs, however which disastrous consequences for companies and site owners; traffic will drop significantly and reputation will surely take a hit.

Software developers may experience the issue again and when that happens, they are left on their own again as there is no one to call or contact that could resolve the issue in a matter of minutes or hours.

Summary
Google is flagging legitimate software as malicious
Article Name
Google is flagging legitimate software as malicious
Description
On November 29, 2018, some software developers started to notice that Google Safe Browsing was flagging their programs and sites as malicious.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. coakl said on December 12, 2018 at 12:37 am
    Reply

    I wonder if Chrome’s built-in malware scanner from ESET (Google Chrome Cleanup) is feeding false positives to the Safe Browsing component.

    Settings > Reset and clean up > Clean up computer

  2. Alex said on December 10, 2018 at 11:46 am
    Reply

    Folks, Virustotal has a some AV vendors that also hurt legitimate software developers because they false positive all the time. VB32 basically flags everything we do as having Trojans.

    They don’t respond to requests. Virustotal basically banned me from their trial for not being polite enough when questioning why some of theses AV programs remain when their website hasn’t been updated in years (zombie-ware) and they don’t respond to vendors.

    People trust VT and so we lose business because some POS AV flags us incorrectly.

    Really, Google needs to get it’s head out of it’s rear end: we wanted a good search engine, not a Big Brother nanny with the power to put companies out of business and have no recourse or remediation systems in place.

  3. Say NO to monopolies said on December 10, 2018 at 1:54 am
    Reply

    If a corporation gets the majority of internet users onto his browser and if the users agrre to use services from the same corporation, then this monopoly can cut off adversary corporations.
    “Safe Browsing” may help in the creation of such monopoly, as tools will be blacklisted because they use specific packers that are considered not safe by none other than G00gle.

  4. ULBoom said on December 9, 2018 at 11:11 pm
    Reply

    I doubt google, facebook, twitter, etc., have a good idea of what all their code does. Patch after patch, feature after feature, old features removed, one data leak after another (those we learn about), they can’t possibly determine all the interactions that could occur. No one’s taking care of ethics; they all talk down to their users and treat them like garbage.

    Google can’t even keep something as straightforward as their store from spreading malware even though they supposedly vet everything in it.

    We live in The Age of BS.

  5. pHROZEN gHOST said on December 9, 2018 at 3:19 pm
    Reply

    The problem for the site/software owners is that most typical users don’t know there’s an issue with the safe browser they use. They believe the browser.

    Class action lawsuit?

  6. user17843 said on December 9, 2018 at 12:47 pm
    Reply

    I am always browsing without “Safe Browsing”. It’s a ridiculous piece of software only aimed for people who know nothing about the web.

    Everyone who knows the web of the early 2000s doesn’t need this at all.

    “The “webmaster” option of getting Google to recheck the flagged files and domains appears broken.”

    This is the most frigthening aspect. I know people who were making 5 figures from Google, but Google entirely ignored them and they struggle to talk with anyone directly.

    Google is quick making decisions for everyone on the web, but they don’t want to be responsible for the mistakes.

    That’s why a browser for grown up people could come with Safe Browsing deactivated by default.

    It’s simple. There is never both safety and freedom.

    1. Tom Hawack said on December 9, 2018 at 4:14 pm
      Reply

      I am Tom Hawack and I approve this message :=)

      I was about to write the same, I see you’ve done it, @user17843

      The general idea here, a “user’s web policy”, mine for sure, has always been to block anything from Google which is not required for a website’s page correct layout; unfortunately websites are Google-addicted and so many of them are that it’s impossible to even try to block all Google servers, but there are nevertheless quite many of them which can be blocked with no display issue : that’s what I focus on.

      But I cannot “hate” Google because independently of the company’s core advertisement nature and implications, its services are quite often the closest to excellency one can find on the Web; this forces admiration and admiration forces consideration, in my case anyway. It’s not like Microsoft which tracks *and* is the opposite of excellency (no admiration, no consideration and the nasty feeling of deep dislike) which leads to a total ban of MS products, services, servers to the maximum extent of my knowledge. And Microsoft servers can be avoided with no loss of Web pages rendering, contrarily to Google. In my worst nightmares I imagine Google’s omnipotence with Microsoft quality services, the worst of two worlds, and i wake up yelling “Nooooo!”. Damn.

      1. user17843 said on December 10, 2018 at 2:01 pm
        Reply

        Thanks. Technically I think SB is brilliant, it’s like the immune system of the web.

        Google is protecting a small minority of people surfing the web, primarily those who have old hardware/software and are extremely naive. And most other people simply get a “feeling of security”, but have never personally visited any flagged website.

        SB helps the web stay free from threats and most importantly it keeps malware/phishing domains from exploding. And it’s obvious that a system such as “Safe Browsing” is only helpful if it is installed on lots of devices – to weed out the bad sites.

        So there’s a real benefit overall, but it’s strange that nowadays even professionals think they have to use Safe Browsing themselves and the web somehow is “dangerous” without it.

        Also most domains affected are from China, India, Russia, etc. and it’s mostly phishing which is already blocked by most filterlists or detected by any intelligent person upon seeing the website.

        The danger is that a website becomes invisible once Google says so. This happens quite often today – be it in the Google search ranking or due to the SB reports. Google can make entire companies fall into insolvency. The danger of a monoculture system.

  7. AnorKnee Merce said on December 9, 2018 at 9:41 am
    Reply

    As a home-user, I have disabled all kinds of Safe-browsing filters on my computers. I am the final decision-maker on which websites are safe, not Google, M$, Mozilla, the AV, OS, etc. Computering has now become a nanny-state, political-correctness, censorship and marketing/self-promotion tools.

    OTOH, businesses/companies may need such Safe-browsing filters for some of their ignorant employees, in order to secure their valuable IT assets = “better safe than sorry”.

    1. John Fenderson said on December 10, 2018 at 5:54 pm
      Reply

      @AnorKnee Merce:

      I, too, disable this sort of thing. I don’t personally find it useful at all and it gets in the way often enough to annoy me. I suppose it’s reasonable as a means of protecting users who don’t want to put any real effort into (or know how to) safely using the web, but I’m in neither of those groups.

  8. ilev said on December 9, 2018 at 8:43 am
    Reply

    Meanwhile Google Maps is spamming users with spam messages :

    https://www.howtogeek.com/fyi/whats-up-with-this-weird-google-maps-spam/

  9. Dennis said on December 9, 2018 at 5:13 am
    Reply

    Google has started challenging me most of the time with Captcha when I’m on my VPN — ???…

  10. 11r20 said on December 9, 2018 at 1:55 am
    Reply

    Dave said on December 8, 2018 at 6:54 pm
    Reply

    harm·ful
    [ˈhärmfəl]
    ADJECTIVE

    causing or likely to cause harm.

    Causing harm to what is the real question. Most likey causing harm to the bank accounts of Alphabet Inc. board members.

    11r20 said on December 8, 2018
    “”Exactly””

  11. Anonymous said on December 9, 2018 at 12:07 am
    Reply

    I’ve disabled Safe Browsing for the same reason (though there are others) I gave up on Google Search and its filter bubbles – I don’t want to avoid sites just because Google “deems” them harmful.

  12. Anonymous said on December 8, 2018 at 10:15 pm
    Reply

    Reverse marketing

  13. seeprime said on December 8, 2018 at 9:28 pm
    Reply

    If Google lets this continue, they’ll beign losing the lofty positiion and “trust” they obtained from consumers over the past three years, at the expense of Microsoft. Did Google lay off their QA people recently?

  14. Graham said on December 8, 2018 at 8:24 pm
    Reply

    Taking a few cues from Tumblr, I see?

  15. Thomas said on December 8, 2018 at 8:19 pm
    Reply

    And of course Firefox has the same problem but thanks to Martin Brinkmann and Thorin-Oakenpants I was able to disable google’s assorted safebrowsing settings – much thanks Martin.

  16. wtarkan said on December 8, 2018 at 7:26 pm
    Reply

    I’m one of the member of Sordum TEAM , we have many vbs script to simplify some tasks , oddly Google started to flagging some of our scripts as malicious , even more odd Virustotal belong to google and all scripts seems clean , Google does’t accept virustotal clean report even worst we have deleteded these scripts but no luck finally ve have to delete the topic and then Google accepted ? in my opinion ; google must stop pretend to be an antivirus manufacturer

  17. Dave said on December 8, 2018 at 6:54 pm
    Reply

    harm·ful
    [ˈhärmfəl]
    ADJECTIVE

    causing or likely to cause harm.

    Causing harm to what is the real question. Most likey causing harm to the bank accounts of Alphabet Inc. board members.

  18. 11r20 said on December 8, 2018 at 6:24 pm
    Reply

    Google is growing into it’s role as cheerleader for the ChiComs social score agenda.

    Do it googlers way or hit the highway

    1. Anonymous said on December 8, 2018 at 8:34 pm
      Reply

      This is ridiculous, China or communism had nothing to do with the decisions of the US private company Google described in this article. What happened here is wealthy people oppressing less wealthy people for profit, by negligence or malicious intent, there’s nothing “social” either in that event.

      1. doug said on January 7, 2022 at 2:17 am
        Reply

        you have evidence of that because there is quite a bit of it that google has gotten into bed with the Chinese to be able to peddle their wares to the Chinese people with the limitations imposed by the Country. So quick people like you are to dismiss valid concerns.

  19. Anonymous said on December 8, 2018 at 6:23 pm
    Reply

    Safebrowsing is not only used to spy on users, it may be used to harm sites, and given Google’s ethics, it *will* be used to harm sites.

  20. td said on December 8, 2018 at 6:06 pm
    Reply

    That’s why the only sane action is to ditch Goolags Big Brother browser and use alternatives.

    1. Anonymous said on December 9, 2018 at 3:56 am
      Reply

      It qualifies as malware. Collects data, tracks users, and serves up ads (via Google).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.