Microsoft responding to AV-TEST study that has revealed that Microsoft’s Bing search delivers five times more malware-hosting links than Google–stated that “AV-TEST’s study doesn’t represent the true experience or risk to customers. Because Bing actually clearly marks the results that might be infected.”
Adding, it said Bing doesn’t deliver malwar, “this is a highly complex problem that all engines are constantly working to solve.”
“No engine will be perfect 100% of the time but we all work every day on detecting the latest threats from the bad guys and updating our engines to keep customers safe,” bing adds.
It said, Bing “are very confident that our methods for malicious link detection and warning make our engine one of the safest on the net.”
Bing explains that “AV-TEST didn’t actually do any searching on bing.com. Rather they used a Bing API to execute a number of queries and downloaded the result to their system for further analysis.”
“By using the API instead of the user interface, AV-TEST bypassed our warning system designed to keep customers from being harmed by malware. Bing actually does prevent customers from clicking on malware infected sites by disabling the link on the results page and showing the below message to stop people from going to the site.”
Bing adds that they don’t explicitly remove malicious sites from the index because most are legitimate sites that normally don’t host malware but have been hacked. And, that, if those sites remain infected for a long period of time, their ranking will naturally fall because customers won’t click on them.
“We warn customers about potentially malicious links and our data shows that these warnings block 94% of clicks to malicious sites.”
“We show results with warnings for about 0.04% of all searches, meaning about 1 in 2,500 search result pages will have a result with a malware warning on it. Of those, only a small proportion of malicious links ever get clicked and the warning therefore triggered, so a user will see the warning only 1 in every 10,000 searches. In any case, the overall scale of the problem is very small,” Bing added.
In other Bing news, visiting Bing.com in Google Chrome browser over SSL, will resutls in an error which tells you that you are most likely visiting a malicious website.
“An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of bing.com. You should not proceed, especially if you have never seen this warning before for this site,” Chrome warns.
Currently, Mozilla Firefox, Google Chrome and Microsoft’s Internet Explorer are generating the error. However, users can still proceed to view Bing.com but this error is obviously something that shouldn’t be present.
Microsoft said that the issue was originated at Akamai (as it is using their services for the certificate service), and that the issue was eventually resolved, “We’re working with Akamai on that. It should be fixed soon.”