incrediBILL - 9:57 pm on Apr 27, 2007 (gmt 0)

Let me chime in with a large resounding THIS IS HOGWASH!

a) Google isn't the internet police
b) Malware can be cloaked to hide from Google

LET'S GET READY TO RAMBLE!

It's not just an AdWords/AdSense problem, it's an INTERNET problem.

I'll hazard a guess that some advertisers don't even have a clue because it could be their shared hosting company that is hacked, not the individual advertiser.

For instance, I've been tracking one particular shared hosting company for almost a year now and it's absolutely filthy with hacked customers, people complain all over the 'net about them, but it never changes and they MAY be using AdWords and probably don't know they have malware in their account.

I run a directory with about 35K listings and people using it started to send me a little hate mail with a few of my listings had malware in them. Guess what, it was the above mentioned hosting company that had those hacked sites, which are still hacked. However, I evaluated the sites with the problems and added some basic virus detection to my link checker so now I automatically disable the sites until the viruses are removed.

Since I did it, could Googlebot, Media-partners and the AdsBot-Google check for malware?

Of course they could.

Could the sites being checked, if indeed it was malicious on the site owners behalf, spoof a clean page to Google?

OF COURSE THEY COULD!

I think Google should do virus detection and drop infected sites until they are cleaned but there is no way for Google to ever be 100% sure everything is clean, nor can they crawl fast enough to check everything often enough, nor should they be required to do so.

So the problem becomes a liability issue that if Google does claim to check for viruses and misses some, as the malware code mutates quickly to avoid detection, that they could be open to lawsuits so the best strategy is to be hands-off.

That's why I don't claim to check my directory listings for malware, but do so silently so it's not a claimed feature. I don't even notify the infected parties as it's not my job to get involved except to provide "quality listings" as best I can. But Google, being a big public entity and scrutinized as they are, would be quickly caught when unwittingly infected webmasters on massively infected hosts were penalized and someone figured out what they all had in common.

If Google starts policing the web then companies like McAfee with SiteAdvisor will cry foul as it puts them out of business.

Why?

Because if Google polices AdWords for malware then people will scream they don't police AdSense, then people will scream they don't police the SERPs, the newsfeeds, and on and on, an endless battle.

It's the job of products like McAfee SiteAdvisor, Norton AV, etc. to PROTECT CUSTOMERS from MALWARE, that's why we pay them.

Let each company do it's respective job properly and stop witch hunting for deep pockets to sue because someone gets a silly idea that the bigger fish should expand their role as 'net police and start stepping on the AV companies toes.