Well I tried to download chrome yesterday, and you STILL get www.downloadchromenow.com and other spam site adverts at the top of the results, which absolutely serve malware/spyware
Until they sort out their ads it's true, it is a dangerous site
Like the other peer comments, this does not show up for me. I'm afraid there's a good chance you already have some malware (or at least a rogue extension) that is inserting ads into your pages.
I've been testing these kinds of searches every now and again for a few years now (and complaining about it on HN regularly). The malware ads are generally intermittent and won't show all of the time. That doesn't mean they don't exist.
I can assure you that for many years Google has been serving ads that link to malware for search terms like "firefox". I've seen them across different machines, different browsers, different ISPs, different OSs.
The situation with firefox seems better now but only because Mozilla is seemingly buying up all the ads for searches with "firefox" in.
That is a very big assumption that may hold for Browsers but not many other products. And even if illegitimate models are more efficient, a big business can afford a money sink for PR.
They can't just ban the word "Chrome" from AdWords, though. Spammers/malware authors are very good at figuring out what's needed to slip through the automated systems.
They've done this for Skype too. And the funnier thing is when I reported it to Skype, they claimed it was "OK" because it said TOM in the description (Skype's Chinese sponsor). Except the link did not have anything to do with Skype or TOM.
On Google? If I enter "Chrome download" there, I get Google's own page as top result. However if you were to do the same with Bing (such as you probably would if you used Microsoft's browser downloader (Internet Explorer), which has Bing as default) you get the typical spam adverts at the top.
I just repeated your experiment: With my ad blocker disabled, I searched for "google chrome" on DDG. I got two ads above the search results; one was for google.com, and the second was for downloadsem.com, which is distributing a Chrome browser that comes with a lot of browser toolbars. I took screen shots. [1]
Of note is that these ads are powered by, and clicks redirect through, Yahoo.
It should. Though if search engines were actually held liable for every malware link they place above real results, Google would no longer be a profitable business. Just the fake banks Google puts in search ads alone...
microsoft writes the operating system they are infecting. then people with older computers think their hardware is too slow and buy a new one.
how can they not use vm's and heuristics to click all their ads and see if it infects their own operating system, before approving the ads, and then rechecking them every so many clicks?
Most of the time it's a brief look with a VM that the ad approval process goes thru, and honestly that may not show the malware.
A lot of the time the malware is designed to only show up in certain case scenarios such as date/time, specific version of an OS like Windows XP SP1 but not SP2. Designers come up with the most ludicrous ways of circumventing the Ad approval process, and with hundreds to thousands of new ad's per day there simply isn't an easy way to do all that testing for each single new ad being served, on top of discovering new methods used to skip the checks.
Some networks are truly terrible and just have automation systems but those networks aren't as profitable and are beginning to die out.
With deep learning networks becoming so popular I do often ponder if this type of prevention could be automated slightly better!
Think about Google's conflict of interest: They ship most of the malware consumers get via malicious ads. And then they advertise about Chromebooks having no malware. Google doubly profits off shipping malware to consumers.
Microsoft, at least, has a good incentive to police their malware.
It was on a fresh windows 10 install, so unlikely. Of course, now it isn't happening any more. Either they fixed it, it's intermittent, or I'm misremembering
I've had similar experiences with Bing, which I used inside IE on a fresh Windows install to search for a few programs/drivers (was just to lazy to type in my own search engine).
IIRC when I searched for FF or Chrome, the top 4-5 results were links to third party sites, but when searching for nvidia drivers the official site was the first non-ad result. Definitely seemed suspicious, and also made me realize how much I missed apt.
The difference is any AUR helper worth using tells you to review the pkgbuild. In this case, I can easily see that the deb the script uses is pulled from dl.google.com and that all it does is decompress it and rebuild it as a tar.xz package.
Additionally, the AUR is about as curated as Google Play, and I trust Google Play exceedingly more than random download links on the Internet. You can audit AUR packages via its rating, the number of comments it has, its popularity, and the website enables you to flag packages as malicious, the same way you would flag APKs on Google's service.
