Author Archives: Mark Risher

Protecting our Google Docs and Drive Users

Protecting all Google users from viruses, malware, and other abusive content is central to user cyber-safety and sometimes we remove access to certain files in order to provide these protections.


On Tuesday, October 31, we mistakenly blocked access to some of our users’ files, including Google Docs. This was due to a short-lived bug that incorrectly flagged some files as violating our terms of service (TOS). The blocking raised questions in the community and we would like to address those questions here.


The Google Docs and Drive products have unparalleled automatic, preventive security precautions in place to protect our users from malware, phishing and spam, using both static and dynamic antivirus techniques. Virus and malware scanning is an industry best practice that performs automated comparisons against known samples and indicators; the process does not involve human intervention.


Tuesday’s bug caused the Google Docs and Drive services to misinterpret the response from these protection systems and erroneously mark some files as TOS violations, thus causing access denials for users of those files. As soon as our teams identified the problem, we removed the bug and worked to restore access to all affected files.


We apologize to our users for any inconvenience this incident caused and remain committed to offering high-quality systems that keep their content safe while fully securing their files.

Source: Drive


Protecting our Google Docs and Drive Users

Protecting all Google users from viruses, malware, and other abusive content is central to user cyber-safety and sometimes we remove access to certain files in order to provide these protections.


On Tuesday, October 31, we mistakenly blocked access to some of our users’ files, including Google Docs. This was due to a short-lived bug that incorrectly flagged some files as violating our terms of service (TOS). The blocking raised questions in the community and we would like to address those questions here.


The Google Docs and Drive products have unparalleled automatic, preventive security precautions in place to protect our users from malware, phishing and spam, using both static and dynamic antivirus techniques. Virus and malware scanning is an industry best practice that performs automated comparisons against known samples and indicators; the process does not involve human intervention.


Tuesday’s bug caused the Google Docs and Drive services to misinterpret the response from these protection systems and erroneously mark some files as TOS violations, thus causing access denials for users of those files. As soon as our teams identified the problem, we removed the bug and worked to restore access to all affected files.


We apologize to our users for any inconvenience this incident caused and remain committed to offering high-quality systems that keep their content safe while fully securing their files.

Fighting phishing with smarter protections

Editor’s note: October is Cybersecurity Awareness Month, and we're celebrating with a series of security announcements this week. This is the third post; read the first and second ones.

Online security is top of mind for everyone these days, and we’re more focused than ever on protecting you and your data on Google, in the cloud, on your devices, and across the web.


One of our biggest focuses is phishing, attacks that trick people into revealing personal information like their usernames and passwords. You may remember phishing scams as spammy emails from “princes” asking for money via wire-transfer. But things have changed a lot since then. Today’s attacks are often very targeted—this is called “spear-phishing”—more sophisticated, and may even seem to be from someone you know.


Even for savvy users, today’s phishing attacks can be hard to spot. That’s why we’ve invested in automated security systems that can analyze an internet’s-worth of phishing attacks, detect subtle clues to uncover them, and help us protect our users in Gmail, as well as in other Google products, and across the web.


Our investments have enables us to significantly decrease the volume of phishing emails that users and customers ever see. With our automated protections, account security (like security keys) and warnings, Gmail is the most secure email service today.


Here is a look at some of the systems that have helped us secure users over time, and enabled us to add brand new protections in the last year.

More data helps protect your data


The best protections against large-scale phishing operations are even larger-scale defenses. Safe Browsing and Gmail spam filters are effective because they have such broad visibility across the web. By automatically scanning billions of emails, webpages, and apps for threats, they enable us to see the clearest, most up-to-date picture of the phishing landscape.


We’ve trained our security systems to block known issues for years. But, new, sophisticated phishing emails may come from people’s actual contacts (yes, attackers are able to do this), or include familiar company logos or sign-in pages. Here’s one example:

Screenshot 2017-10-11 at 2.45.09 PM.png

Attacks like this can be really difficult for people to spot. But new insights from our automated defenses have enabled us to immediately detect, thwart and protect Gmail users from subtler threats like these as well.

Smarter protections for Gmail users, and beyond

Since the beginning of the year, we’ve added brand new protections that have reduced the volume of spam in people’s inboxes even further.

  • We now show a warning within Gmail’s Android and iOS apps if a user clicks a link to a phishing site that’s been flagged by Safe Browsing. These supplement the warnings we’ve shown on the web since last year.

safelinks.png

  • We’ve built new systems that detect suspicious email attachments and submit them for further inspection by Safe Browsing. This protects all Gmail users, including G Suite customers, from malware that may be hidden in attachments.
  • We’ve also updated our machine learning models to specifically identify pages that look like common log-in pages and messages that contain spear-phishing signals.

Safe Browsing helps protect more than 3 billion devices from phishing, across Google and beyond. It hunts and flags malicious extensions in the Chrome Web Store, helps block malicious ads, helps power Google Play Protect, and more. And of course, Safe Browsing continues to show millions of red warnings about websites it considers dangerous or insecure in multiple browsers—Chrome, Firefox, Safari—and across many different platforms, including iOS and Android.

pastedImage0 (5).png

Layers of phishing protection


Phishing is a complex problem, and there isn’t a single, silver-bullet solution. That’s why we’ve provided additional protections for users for many years.

pasted image 0 (5).png
  • Since 2012, we’ve warned our users if their accounts are being targeted by government-backed attackers. We send thousands of these warnings each year, and we’ve continued to improve them so they are helpful to people. The warnings look like this.
  • This summer, we began to warn people before they linked their Google account to an unverified third-party app.
  • We first offered two-step verification in 2011, and later strengthened it in 2014 with Security Key, the most secure version of this type of protection. These features add extra protection to your account because attackers need more than just your username and password to sign in.

We’ll never stop working to keep your account secure with industry-leading protections. More are coming soon, so stay tuned.

The geeky detective-work that protects you online, automatically

Using a strong password without recycling it on different accounts, exchanging personal information only on encrypted sites, keeping your software up to date: these tried-and-true tips have never been more important for staying safe online. But this Safer Internet Day, we wanted to give some insight into how our systems help keep you safe, automatically—on Google and beyond. No switches to flip or buttons to click, these protections always have your back.

Outsmarting phishing to protect your Google Account

Sometimes, email may look like it came from someone you trust, but it might be a wolf in sheep’s clothing. This spammy message is trying to phish you—trick you into giving away your personal information—and then hijack your account.
Phishing Quiz Final_Page_14.png
Spam emails take advantage of your trust in friends or businesses to try to infect your computer or steal your username and password

Luckily, we’ve built lots of smart armor into Gmail to automatically zap scammy messages before you ever see them. Our systems anonymously examine thousands of signals across all of Gmail—where a message originated, to whom it’s addressed, how often the sender has contacted the recipient in the past—to determine which messages are safe, and which ones aren’t. We then filter the vast majority of this nasty stuff out; the average Gmail inbox contains less than 0.1 percent spam.

Still, across the internet, the bad guys can be pretty clever. For example, a fraudster could steal your username and password because you accidentally shared them on an especially deceptive scam site. But, even if attackers have your credentials, our systems are still able to block them and keep your account safe, something we did hundreds of millions of times in 2016. That's because we aren’t just making sure you’ve typed the right password. We also look for subtler signals to confirm the sign-in doesn’t look funky: Are you using the same device that you usually use? Are you in a familiar location, or somewhere far away that you haven’t been to before? We want to make sure the sign-in attempt doesn’t resemble other concerning sign-in patterns that may be on our radar at any given time.

The secret sauce is the systems that detect these subtler signals—clues—billions and billions of times every day to help paint the picture of a safe log-in. Think of these like Sherlock Holmes’ magnifying glass...if it were powered by a few data centers. The clues scammers may not even know they’re leaving behind help us inspect each new log-in attempt and compare it with the picture of a safe log-in that our systems have painted based on billions and billions of other log-ins. If something looks fishy, we’ll require more verifications designed to thwart bad guys, send notifications to your phone, or email you so you can quickly act on anything that looks unfamiliar.

On the web, on Android: we've got you covered

safe_browsing_phone_2.png
A Safe Browsing warning: red means stop!

We use similar security tools to help make the web and a huge variety of Android apps and devices safer too.

For example, have you ever clicked a link and seen a red warning, like this? That’s Safe Browsing at work, strongly suggesting you should avoid visiting a site because it probably contains “badness,” like malware or a phishing trap. Similar to the way we crawl the web to deliver search results, Safe Browsing crawls for bad stuff that might be harmful to you or your device. It’s always hard at work: We show tens of millions of Safe Browsing warnings every week on more than 2 billion devices, across a variety of web browsers.

For our Android users, we developed an “app analyzer” that builds on Safe Browsing’s technology to specifically hunt for dangerous Android apps, wherever they may be, and warn you before you install one. If an app doesn’t pass the app analyzer test, it won’t be allowed in Google Play. An additional protection, Verify Apps, runs directly on Android devices, proactively checking more than 6 billion apps and 400 million devices every day. It checks in when you install an app, returns frequently to make sure everything looks safe, and if something is amiss, can remove the app from afar.

Detecting the obvious badness—sites well-known for phishing scams, ransomware that locks your device until you pay a fraudster—is relatively easy. But the stealthier badness is only detectable by measuring billions of signals across sites and apps. If this sounds similar to the way we approach spam protections on Gmail or suspicious logins into Google, that’s because it is! The ability to understand badness on a large scale enables us to find the clues bad guys don’t even know they were leaving behind.

We have a responsibility to keep you safe on Google, and help make the web more secure as well. We’re constantly improving our automatic protections, but we want to give you the controls to adjust your security settings as well. With that in mind, celebrate Safer Internet Day by taking our two-minute Security Checkup to protect your account and adjust your security settings. You can also learn more about other ways to keep your Google Account secure at privacy.google.com.

The geeky detective-work that protects you online, automatically

Using a strong password without recycling it on different accounts, exchanging personal information only on encrypted sites, keeping your software up to date: these tried-and-true tips have never been more important for staying safe online. But this Safer Internet Day, we wanted to give some insight into how our systems help keep you safe, automatically—on Google and beyond. No switches to flip or buttons to click, these protections always have your back.

Outsmarting phishing to protect your Google Account

Sometimes, email may look like it came from someone you trust, but it might be a wolf in sheep’s clothing. This spammy message is trying to phish you—trick you into giving away your personal information—and then hijack your account.
Phishing Quiz Final_Page_14.png
Spam emails take advantage of your trust in friends or businesses to try to infect your computer or steal your username and password

Luckily, we’ve built lots of smart armor into Gmail to automatically zap scammy messages before you ever see them. Our systems anonymously examine thousands of signals across all of Gmail—where a message originated, to whom it’s addressed, how often the sender has contacted the recipient in the past—to determine which messages are safe, and which ones aren’t. We then filter the vast majority of this nasty stuff out; the average Gmail inbox contains less than 0.1 percent spam.

Still, across the internet, the bad guys can be pretty clever. For example, a fraudster could steal your username and password because you accidentally shared them on an especially deceptive scam site. But, even if attackers have your credentials, our systems are still able to block them and keep your account safe, something we did hundreds of millions of times in 2016. That's because we aren’t just making sure you’ve typed the right password. We also look for subtler signals to confirm the sign-in doesn’t look funky: Are you using the same device that you usually use? Are you in a familiar location, or somewhere far away that you haven’t been to before? We want to make sure the sign-in attempt doesn’t resemble other concerning sign-in patterns that may be on our radar at any given time.

The secret sauce is the systems that detect these subtler signals—clues—billions and billions of times every day to help paint the picture of a safe log-in. Think of these like Sherlock Holmes’ magnifying glass...if it were powered by a few data centers. The clues scammers may not even know they’re leaving behind help us inspect each new log-in attempt and compare it with the picture of a safe log-in that our systems have painted based on billions and billions of other log-ins. If something looks fishy, we’ll require more verifications designed to thwart bad guys, send notifications to your phone, or email you so you can quickly act on anything that looks unfamiliar.

On the web, on Android: we've got you covered

safe_browsing_phone_2.png
A Safe Browsing warning: red means stop!

We use similar security tools to help make the web and a huge variety of Android apps and devices safer too.

For example, have you ever clicked a link and seen a red warning, like this? That’s Safe Browsing at work, strongly suggesting you should avoid visiting a site because it probably contains “badness,” like malware or a phishing trap. Similar to the way we crawl the web to deliver search results, Safe Browsing crawls for bad stuff that might be harmful to you or your device. It’s always hard at work: We show tens of millions of Safe Browsing warnings every week on more than 2 billion devices, across a variety of web browsers.

For our Android users, we developed an “app analyzer” that builds on Safe Browsing’s technology to specifically hunt for dangerous Android apps, wherever they may be, and warn you before you install one. If an app doesn’t pass the app analyzer test, it won’t be allowed in Google Play. An additional protection, Verify Apps, runs directly on Android devices, proactively checking more than 6 billion apps and 400 million devices every day. It checks in when you install an app, returns frequently to make sure everything looks safe, and if something is amiss, can remove the app from afar.

Detecting the obvious badness—sites well-known for phishing scams, ransomware that locks your device until you pay a fraudster—is relatively easy. But the stealthier badness is only detectable by measuring billions of signals across sites and apps. If this sounds similar to the way we approach spam protections on Gmail or suspicious logins into Google, that’s because it is! The ability to understand badness on a large scale enables us to find the clues bad guys don’t even know they were leaving behind.

We have a responsibility to keep you safe on Google, and help make the web more secure as well. We’re constantly improving our automatic protections, but we want to give you the controls to adjust your security settings as well. With that in mind, celebrate Safer Internet Day by taking our two-minute Security Checkup to protect your account and adjust your security settings. You can also learn more about other ways to keep your Google Account secure at privacy.google.com.