Yahoo! Search has begun a partnership with McAfee, Inc. to provide SearchScan, which uses McAfee's SiteAdvisor technology to flag URLs it deems "risky" in the search results. Results are flagged with the type of danger below the title. This new feature is primarily aimed at preventing spyware and other malicious software from being downloaded on searchers' computers as well as at preventing searchers from falling victim to sites that employ spammy email tactics.
The Yahoo! Search Blog provides more information. Below, more details on what types of pages are flagged and how site owners can dispute incorrect flagging.
The types of behavior that causes a page to be deemed risky include:
- Download triggered upon page visit (these types of pages are removed from the search results entirely)
- User-initiated download includes spyware or other malicious sofware
- Site engages in spammy email tactics, such as flooding inboxes with mail
SearchScan is on to alert by default, but searchers can turn it off (or specify that flagged sites shouldn't display at all) in their Yahoo! preferences.
Why has Yahoo! implemented this feature?
The press release being released tomorrow morning quotes a Decipher Inc Online Security & Web Search consumer survey from March of 2008 and says "After children’s safety, 65 percent of Americans online are more worried about clicking unsecured search listings than the threat of neighborhood crime, getting ones wallet stolen or email scams." That's an interesting claim, as I don't know that 65% of online americans know what an "unsecured search listing" is, but the point remains a valid one. Search engines present the web as a whole, and as the web include lots of malicious activity, search engines end up serving up malicious suggestions. This partnership is an attempt to serve up "safe" results without engaging in web censorship.
Google's approach
Google has taken a similar tactic with a partnership with StopBadware.org. Any sites flagged by StopBadware.org include a message below the search result and Google directs searchers who click on these results to a page that provides more information and enables them to either continue to the page or go back to the search results.
If a site is flagged in Google's search results, Google alerts the site owner via email and a Google Webmaster Tools message. Google also provides a dispute and resolution process in the cases where the site owner doesn't agree with the label or makes changes to the site to abide by the StopBadware.org guidelines. In addition, the site owner can obtain more information from the page that Google directs searchers to for flagged pages in the search results.
The dispute and resolution process is actually forwarded to StopBadware.org and site owners can follow the process there.
Yahoo's dispute process
Yahoo! has a dispute process for site owners as well. When you hover over an alert in the Yahoo! search results, a information box appears that includes a site owner link.
That links leads to the SearchScan form, which seems to for both site owners and searchers. When I talked to Yahoo! about this process a month ago, they said, that like with Google's process, they forward the information to McAfee to resolve. I've asked them if they also provide proactive alerts to site owners and they said that if site owners are concerned that their pages may be missing from the search results due to SearchScan, they can turn off SearchScan and check the results:
If your site shows up in that experience, but not in the SearchScan On mode, (all other options such as SafeSearch remaining same) then you can believe that it is due to exploit rating on your site.Note, to make this work, you should ensure that you keep all other elements of the search experience constant between the test with SearchScan off and on. That is
a) make sure you don't change any other preferences
b) make sure you don't change the computer you are searching from in case source IP or other changes affect the query routing
c) make sure you use the same Y! search destination - .com, co.uk etc. because sometimes there are regional rules which cause filtering (for example, france has stricter rules around nazi memorabilia sites etc.)
d) check multiple times across a couple of days. This is important because sometimes there is some localized maintenance going on which might temporarily affect what you see.
As part of the agreement, McAfee will distribute Yahoo! Search to its user base. Distribution is arguably more important to gaining search market share than user interface improvements, and this distribution deal may provide clues to Yahoo!'s strategy. (Two different hotels I've stayed at in the last month have featured a Yahoo! search box on the wifi landing page, more signs that Yahoo! is working hard at increasing distribution.)
A Safer Way to Search
Today, we're announcing the beta release of SearchScan, a new feature from Yahoo! Search that helps protect users from viruses, spyware and spam. We've heard from users that security and privacy continue to be major concerns when they are online. We've also learned that solutions that require downloads and constant updating are less than ideal. To tackle the problem, we partnered with McAfee to build a feature that provides a safer and hassle-free search experience to all users.
How does it work? SearchScan leverages McAfee's SiteAdvisor technology to alert users if risky websites appear in Yahoo! Search results. Starting today, SearchScan will be turned on by default for all users in the U.S., Canada, UK, France, Italy, Germany, Australia, New Zealand, and Spain, and will scan for three types of risks in our search index:
- Browser Exploits -- These are sites that can stealthily harm a user's computer or install malware simply by visiting the site. Beginning today, any such sites or pages included in McAfee's data will be removed from search results automatically.
- Dangerous Downloads -- SearchScan will display warnings next to search results for sites that offer potentially dangerous software, such as viruses, spyware or adware. Users often may be unaware that these can be passed along with the screensavers, games and other software downloads.
- Unsolicited Email -- SearchScan will alert users to scanned sites that send unsolicited emails or inappropriately share email addresses with third parties.
With SearchScan, our goal is to protect users by allowing them to make a more informed decision about the websites they visit. By displaying prominent warnings next to search results for sites with potentially dangerous downloads or unsavory email practices, users are aware that while visiting the site may be safe, downloading a file or sharing an email address could be risky. Browser exploits, which include drive-by downloads, are different. Since just visiting these sites can cause harm, they will not appear in Yahoo! Search results if they've been identified by McAfee.
While SearchScan will be on by default, users have control over how they use the feature. In preferences, users can choose to turn the feature off or choose to filter out all sites with warnings from their search results.
SearchScan will continue to evolve and improve, but in the meantime, let us know if you have any feedback in the comments below.
Priyank Garg, Director, Product Management
Graham Mudd, Product Marketing Manager
Yahoo! Search
