Scammy programs and browser extensions are a persistent problem on the web, but web companies are starting to take them seriously as a threat to the web. In a post today, Google surveyed the past year's efforts to fight unwanted software, and came away with some impressive statistics. Chrome user complaints about unwanted extensions dropped from 40 percent to 20 percent of total complaints, spurred by an aggressive banning campaign earlier this year. At the same time, more than 14 million Chrome users removed unwanted extensions and the number of unwanted-software-related warnings on Adwords dropped 95 percent.
That's good news, but it's just a dent in the larger adware ecosystem. In May, a study found that as many as 5 million computers visiting Google sites are infected with some form of adware, and Google believes that one in 10 Chrome browsers have some form of hijacked settings. Now that unwanted software warnings have been folded into Chrome's Safe Browsing feature, the browser displays more than 5 million such warnings a day.
5 million Chrome warnings a day
To lower that number, Google has launched a number of new initiatives. Earlier this year, Google shifted to a stricter pre-approval process for downloadable content on Adwords, rather than trying to catch unwanted programs after the fact. Google Search also began deprecating sites that serve unwanted software, and added a design element to highlight the canonical source of free programs like Twitter, Firefox, and Slack, making it harder for third parties to distribute adware-bundled versions of the software.
Still, Google's powers are limited, particularly for non-Chrome users. "We only cover parts of the web," said Moheeb Rajab, an engineer on the Google security team. "It's an open platform, and effective protection for users will take wider participation from the industry."
In the past, adware manufacturers have looked to Adwords as a way to distribute software, but recent changes have made the platform much less hospitable. Google's own data estimates that less than 1 percent of unwanted software is served through Adwords. Still, the company's critics aren't entirely mollified by the shift. "These efforts are all going in the right direction, but one might reasonably wish that Google had done more earlier," said Harvard Business School professor Ben Edelman, a longtime Google critic who has also consulted for Microsoft. "Indeed, it’s not hard to find Google’s systems still supporting deceptive software. In my work testing adware forensically, I still see this often. Still, I’m glad Google has engaged with these issues with renewed vigor."
Update 12:07PM ET: Updated to include information on Edelman's previously disclosed consulting work with Microsoft.