Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Google's ads are so pervasive that they make money for just about every minute you use the internet. If your computer is infested with viruses you might turn it off and go outside, therefore it's in Google's best interests to invest in general computer security.


Google makes money off of ads.

A common monetization method used by malware distributors is to secretly replace legitimate ads that get loaded on the machine (such as Google's) with their own.

Doing this on every single web page visited by that machine for the rest of its existence, and multiplying that by hundreds of thousands of other infected machines out there, and multiplying THAT by the dozens of different black hat groups doing this simultaneously, it adds up to a lot of lost money for Google.


I understand the ad thing but that idea applies to all software companies (because they want their own browsers and operating systems used by users), not just Google.

To me it feels like they're throwing their competitors under the bus in this way as opposed to running slander campaigns or witty commercials like Samsung, Microsoft, and Apple do. I'm not saying this is their intention but that is the way it comes off and it cannot be good for their reputation.

A non-profit organization funded by the entire tech industry would have more credibility.


They would fix any doubt if they began releasing bugs and exploits for Android as well.


Better that they fix their own vulnerabilities than release them.

They do offer a bug bounty for their own products, to encourage third parties to do to them exactly what they're doing to Apple and Microsoft.


It's not like they sit around and say: "Oh, f*ck Android, let's find vulnerabilities in other operating systems." I suppose it's long since they have a team working on Android vulnerabilities, but it's not trivial fixing, deploying - not to mention finding the flaws.


When it comes to others they have total disregard as to how difficult to deploy any fix is. The same standard should apply to themselves, but clearly doesn't.


For a start, they could try to fix vulnerabilities in Jelly Bean's webview[1] and urge manufacturers and carriers to push updates to their phones, since 46% of the market is apparently still Jelly Bean[2]

Of course, it's an uphill battle with the manufacturers/carriers. But as long as Google is not applying fixes to Jelly Bean, the manufacturers can always blame Google.

[1] http://www.androidpolice.com/2015/01/23/google-issues-offici...

[2] https://developer.android.com/about/dashboards/index.html


The Android security lead has posted a statement on this issue, explaining what is and is not being done, and why: https://plus.google.com/u/0/+AdrianLudwig/posts/1md7ruEwBLF




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: