Stay unsafe with AOL.

Is she really safe using AOL?

Updated 6-5-2007.

Most people don’t question why I can’t stand AOL but maybe some of you scratch your heads wondering why I think Google sucks, too. Explaining why usually isn’t a topic for this blog, but the safety of Google’s search engine is.

Most search engines show unsafe sites in results, but AOL uses Google to deliver them, and Google is crawling with tons of bad sites for even the most innocent words. Google also places worse sites higher in results than Yahoo! and other search engines do.

People who monitor badware threats know search engines are the number one breeding ground for them. Google is heinous in this respect. They do nothing to filter harmful results out. They even display unsafe results at the top of many popular searches.

I’ll give you a hard-to-forget example. Let’s say your teenage daughter wants to change her screensaver. Here’s the innocent-looking organic search results for “screensavers”, using AOL’s software.

Deceptively Sweet AOL Search Results

Would you object to her visiting the sites in the results? Probably not. This is what happens: she downloads four adware programs and six trojans along with her pretty screensavers. She shuts the computer down and when she restarts it, it joins a botnet, litters her desktop with full-screen ads, collects her browsing history, and slows her computer down.

What went wrong? Even looking through her browser history there’s no clue.

Let’s try this again with the McAfee SiteAdvisor plug-in for Firefox. It shows just how unsafe her search results were based on tests and user reports. A green checkmark means a site is OK; a red one means it’s not. Now we see that sweet-looking page of results given by AOL was, in fact, crawling with sites that dish up trojans and adware.

AOL's Google-powered, infected search results.

The sites listed “above the fold” in AOL Search show up in the same spot in Google Search. Three of four of the top AOL results are badware sites. One site boasts four trojans, six adware programs, and links to more sites that infect computers with nasties. (In contrast, I performed the same search in Yahoo! and three of the top four results were safe).

My unsafe results were achieved with AOL’s recently (and horribly) recoded AOL 9.0 VR (Vista Ready). I’d probably be re-installing Windows instead of writing this without my own malware protection installed because 9.0 VR does not install any. AOL’s anti-malware tools must be installed separately and the SpyZapper included with AOL’s built-in browser won’t protect your PC from unsafe sites, which go far beyond “mere” spyware in scope.

So it’s your choice: Move on to a better ISP, or stay unsafe with AOL.

Update: Google tests itself and finds one in ten results unsafe.

From the BBC article, published the day after I wrote this:

One in 10 web pages scrutinized by search giant Google contained malicious code that could infect a user’s PC.

…Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to “in-depth analysis”. About 450,000 were capable of launching so-called “drive-by downloads”, sites that install malicious code, such as spyware, without a user’s knowledge. A further 700,000 pages were thought to contain code that could compromise a user’s computer, the team report.

Update: Tell Me What I Already Know

As a tech fanatic, I have most of the stats for bad search engine results (especially Google’s) memorized, so the following tidbit isn’t news to me, but it’s still worth sharing. From Australia News.com:

SEARCH terms related to music and technology are most likely to return sites with spyware and other malicious code, a new study finds.

Some 42 per cent of the results using the term “screensavers,” for example, led to sites flagged with a “red” warning or a cautionary “yellow” by McAfee’s SiteAdvisor service. Other keywords McAfee deemed risky include names of file-sharing software – “BearShare,” “LimeWire” and “Kazaa.”

Risks are greater when clicking on keyword ads that make up much of search companies’ revenue.

The facts speak for themselves.

Update: Facts? Who Needs Facts?

It’s funny, but when I wrote this article, there wasn’t one current article like it on the Web that I could find. The next morning Google published the results of tests they had an independent lab run on their search engine, which, predictably, gave them perfectly dismal results.

A few weeks later, McAfee’s tests were done, and those results were published yesterday. I found three articles about their tests in my news reader last night, and over 200 today. Pretty big story all of a sudden.

Now people are taking the McAfee tests and either misstating the results or making up facts and figures that McAfee never submitted. Take the case of SDA India (page no longer exists), an Indian IT news site. Their article is at the top of the pile of stories in my news reader related to this one, and if it stays there for a while, no wonder: they report that McAfee claims risky search results are down in all search engines 20% from a year ago.

Funny how that contradicts every other article I’ve read, which say risky search results are down only 1.5%. Did someone pay them to write that, or are they simply lacking any fact-checking capabilities (like a pair of eyes)?

Update: How to Clear This Up

The best way is to post an actual link to the test results, which thankfully at least one website (Computer World) had the presence of mind to do. They have an excellent article detailing the results in what I call clearspeak. If you want to look at the results, visit this McAfee page.