undefined | Better HN

0 pointsbrendoelfrendo5y ago0 comments

You won't get away with uploading malware to your Google drive without Google noticing. The no-no here is that this guy is operating a demo site that allows anonymous file uploads without policing the content that goes there. That's just mind blowingly dumb and ripe for abuse.

0 comments

thayne5y ago

So you need a google quality malware detection filter to allow user content upload on your site? That's a pretty big barrier to entry.

And I find it hard to believe that there isn't any malware or phishing content on any of the big content provider's properties.

newacct5835y ago

> So you need a google quality malware detection filter to allow user content upload on your site? That's a pretty big barrier to entry.

No, but IF you allow people to anonymously upload malware to your site, Google-quality malware detection filters will absolutely do what they were designed to do and detect the malware on your site.

I just don't understand the people insisting on arguing that somehow this was a false positive. Google was right! This site was hosting malware! It's true it wasn't "intentionally" hosting malware, and that it was designed for benign purposes.

Which is to say, you are demanding that Google forgive this site automatically based on intent and not evidence. And sadly, while Google may have Google-quality malware detection filters, they haven't yet cracked the nut of thought crime detection.

thayne5y ago

my problem isn't that it flagged some user-uploaded malware, my problem is that the entire site is blocked without warning.

I am genuinely curious how you would prevent your site from being blocked like this? Sure in this case it was a demo, but what if it was an actual image hosting service that required login? What's to stop a bad actor from creating an account and uploading malicious content. Maybe you even have some filter that does image recognition on the images and tries to detect if it is phishing. But unless your filter is able to catch the exact same content that google's malware detector uses, there's still a chance that you'll miss something that google finds, and starts blocking your site.

1 more reply

brendoelfrendoOP5y ago

Well, if you're operating upload without any detection filter at all, I'd say you're asking for it.

Realistically, offering an anonymous demo is probably a bad idea, no matter how many conversions it gives you.

draebek5y ago

FWIW I have been sent several phishing sites running on Google lately. (Can't remember if it was Drive or Sites—is Sites even around still?)

About half of them are taken down by the time I get to them. The other half, I've had to report myself.

I realize, however, that these are not malware.

(Funnily enough, I think all of the attempts I was able to view were trying to phish O365 creds.)

j / k navigate · click thread line to collapse

0 comments

thayne5y ago

So you need a google quality malware detection filter to allow user content upload on your site? That's a pretty big barrier to entry.

And I find it hard to believe that there isn't any malware or phishing content on any of the big content provider's properties.

newacct5835y ago

> So you need a google quality malware detection filter to allow user content upload on your site? That's a pretty big barrier to entry.

No, but IF you allow people to anonymously upload malware to your site, Google-quality malware detection filters will absolutely do what they were designed to do and detect the malware on your site.

thayne5y ago

my problem isn't that it flagged some user-uploaded malware, my problem is that the entire site is blocked without warning.

1 more reply

brendoelfrendoOP5y ago

Well, if you're operating upload without any detection filter at all, I'd say you're asking for it.

Realistically, offering an anonymous demo is probably a bad idea, no matter how many conversions it gives you.

draebek5y ago

FWIW I have been sent several phishing sites running on Google lately. (Can't remember if it was Drive or Sites—is Sites even around still?)

About half of them are taken down by the time I get to them. The other half, I've had to report myself.

I realize, however, that these are not malware.

(Funnily enough, I think all of the attempts I was able to view were trying to phish O365 creds.)

j / k navigate · click thread line to collapse