Microsoft Dismisses Study That Claimed Bing Delivers Five Times More Malware Than Google

Pulkit Chandna

Expresses faith in search engine’s malware warning system while questioning the study’s methodology

Microsoft is no stranger to seeing Security Essentials come up woefully short in German security and antivirus research firm AV-TEST’s bimonthly antivirus certification tests , but last week it was Bing, and not Security Essentials, that had the honor of being thoroughly trashed in an AV-TEST study.

A recent AV-TEST study “Search Engines as Malware Providers” , which involved over 40 million sites and spanned 18 months, concluded that Bing was responsible for delivering “five times as many websites containing malware as Google.”

Published on April 12, AV-TEST’s findings did not prompt an immediate response from Microsoft despite their alarming nature. The software giant waited until April 19 to refute the German company’s claim regarding the world’s perennial number two search engine’s affinity for malware.

In a post on the official Bing blog Friday, the company r esponded by calling into question the technique deployed by AV-TEST for this study , arguing that the security research firm’s results are not reflective of the actual threat posed to a real user, as it did not do any actual searching on Bing, but instead “used a Bing API to execute a number of queries and downloaded the result to their system for further analysis.”

“By using the API instead of the user interface, AV-TEST bypassed our warning system designed to keep customers from being harmed by malware,” wrote David Felstead, Senior Development Lead, Bing,

“Bing actually does prevent customers from clicking on malware infected sites by disabling the link on the results page and showing the below message to stop people from going to the site,” he further wrote, adding that the company preferred warning customers over the outright suppression of such malicious content for the sake of “both completeness and educational reasons.”

According to Felstead, the company’s data shows that Bing’s malware warning system is able to dissuade users from clicking through to sites with malware in the vast majority of instances (94 percent).

“We show results with warnings for about 0.04% of all searches, meaning about 1 in 2,500 search result pages will have a result with a malware warning on it.  Of those, only a small proportion of malicious links ever get clicked and the warning therefore triggered, so a user will see the warning only 1 in every 10,000 searches. In any case, the overall scale of the problem is very small.”

Follow Pulkit on Google+

Around the web