Internet Security Systems - AlertCon(TM)

I'm Feeling Lucky

Posted by Robert Freeman on April 29, 2008 at 5:08 PM EDT.

I’m feeling lucky; it’s not every day that bloggers here get to share diverging opinions. In a recent blog post, it was postulated that Google’s “I’m Feeling Lucky” button should be reconsidered as a security hazard. But, it’s really no more dangerous than using the regular Google search button. Let me explain. First, Google is active in malicious webpage crawling just like we are here. Second, if they know a site is malicious and you click on “I’m Feeling Lucky”, Google will redirect you to the full search listing instead of automatically sending you to a malicious website. So there’s one main case left—what about when Google doesn’t know a site is malicious. In this case, who is to say that a user that clicked on “I’m Feeling Lucky” would be able to discern the malicious site in a full search listing, especially since it would be the first item returned? Personally, I’m skeptical that they could. On the other hand, there may be some clues for advanced users that don’t use this button anyhow.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.