Google is flagging legitimate software as malicious
On November 29, 2018, some software developers started to notice that Google Safe Browsing was flagging their programs and sites as malicious.
Google Safe Browsing is implemented natively in Google Chrome and used in other web browsers such as Firefox or Safari. Safe Browsing is used by the vast majority of desktop browsers at the time of writing.
Long standing and respected software companies such as Greatis, Antibody Software, Scooter Software, or IBE Software had some of their programs flagged by Google Safe Browsing on December 1, 2018. The companies produce programs such as the excellent Bulk Image Downloader, Beyond Compare, Spambully, HelpNDoc, Rename Expert, or Unhackme.
Google flagged the programs or pages and notified webmasters that malware was detected on project websites via the company's Search Console provided that webmasters had added their sites to it.
Developers who tested their programs on Google owned Virustotal noticed, however, that their programs came up clean.
The main issues that each faced were the following ones:
- Google was not specific. While the company stated that malware was found, it did not provide any details.
- Virustotal scans returned that the programs or sites were clean.
- Programs were signed by the companies.
- The only option to contact Google was by mail. No direct contact option was provided. Google replied to some, at least, that the issue was not resolved but did not provide any actionable information.
- Companies lost most of their traffic in the period in which their programs and sites were flagged.
Most of the flagged programs shared certain features; many were created using Delphi and Inno Setup.
Some of the affected sites and programs work fine in Google Chrome and Firefox at the time of writing. It appears that the issue was resolved on December 3, 2018. Websites can be accessed without warning messages and downloads work as well. Google may still display "this type of file may harm your computer" but it is at least possible to download the programs to the local system.
No one outside of Google knows whether Google did something on its end, e.g. tuned Safe Browsing, or if other factors led to the end of the issue.
The "webmaster" option of getting Google to recheck the flagged files and domains appears broken. Some webmasters used Chrome's issues report option (use Alt-Shift-I to display the form) to notify another Google department about the issue. Whether that helped or not is unclear.
Google's Safe Browsing is a powerful tool that protects millions of Internet users each day from malware. The software may flag legitimate sites or programs, however which disastrous consequences for companies and site owners; traffic will drop significantly and reputation will surely take a hit.
Software developers may experience the issue again and when that happens, they are left on their own again as there is no one to call or contact that could resolve the issue in a matter of minutes or hours.Advertisement