BH: Some companies have claimed that incorrect blocking by services such as McAfee Site Advisor have harmed their business. What does Google do to ensure this doesn’t happen?
Ian Fette: We take every possible precaution to ensure that this does not happen. Our automatic processes have been fine-tuned to minimize the incidence of false-positives and we do all that we can to alert webmasters to problems in a timely manner and to provide them with the necessary help and advice to deal with those problems.
BH: It’s not uncommon for legitimate websites to be compromised and used as malware delivery vehicles without the site owner’s knowledge. In such cases, Google provides webmasters with an option to request a review once their website has been cleaned up - but how long does that process take?
Ian Fette: The time a review takes can vary, but usually it’s completed within approximately 24 hours. We strive to make the process as speedy as possible, while also ensuring that users continue to be protected from risks.
BH: Google’s new browser, Chrome, has a sandboxing architecture designed to provide protection against malware. Could you explain how that works?
Ian Fette: The easiest way to answer that is probably to direct readers to the Chrome Comic Book, which provides an overview of the technology behind Chrome.
BH: While Chrome’s architecture certainly appears to be more secure than that of some other browsers a number of vulnerabilities were nonetheless discovered shortly after its release. What did the development team learn from this and how do will Google ensure that future versions of Chrome are not affected by similar problems?
Ian Fette: Unfortunately, with a complex application such as a web browser, it’s next to impossible to completely eliminate vulnerabilities. Of course, we do all we can to ensure that Chrome is as secure as possible, but it’s unrealistic to expect that there will never be any bugs. What’s more important is how the bugs are handled. Within a week of Chrome’s release, two serious vulnerabilities were identified, and we released patches for them within 24 hours. That’s an extremely speedy turnaround and I think we’re doing – and will continue to do – a really great job of making Chrome an extremely secure web browser.
BH: Details are starting to emerge regarding a new browser-agnostic exploit known as clickjacking. What is Google doing to protect Chrome users?
Ian Fette: Clickjacking is a larger issue that affects all browsers, not just Google Chrome. Work is being done in the HTML5 working group and elsewhere in the broader community, as well as within Google, to address it.
BH: Does Google have any new security measures in the pipeline that may help make the web a safer place?
Ian Fette: I can’t share any specifics, but I think our track record demonstrates that we place great value on keeping our users safe. During the last few years we have developed and implemented mechanisms to protect users from phishing, malware, and a variety of other risks. We’ll continue to monitor and adapt our security procedures as necessary to protect users from new and emerging threats, and will do all that we can to provide our users with a safe search experience.
This post is part of the series: An Interview With Ian Fette: a Product Manager With Google’s Security Team
Ian Fette, a Product Manager with Google’s Security Team, talks about security, Google Chrome, the steps Google takes to protect its users and the latest clickjacking exploit.