Malware and unwanted software
Google checks websites to see whether they host downloadable executables that negatively affect the user experience. You can see a list of any suspected files hosted on your site in the Security Issues report.
What is malware?
Malware is any software specifically designed to harm a computer, the software it's running, or its users. Malware exhibits malicious behavior that can include installing software without user consent and installing harmful software such as viruses. Webmasters sometimes don't realize that their downloadable files are considered malware, so these binaries might be hosted inadvertently.
- See Protecting users from malicious downloads in our Google Online Security Blog for more on how Google helps protect users from malicious downloads.
- See our Unwanted Software Policy for our criteria for safe software on the web.
What is unwanted software?
Unwanted software is an executable file that engages in behavior that is deceptive, unexpected, or that negatively affects the user's browsing or computing experience, for example by switching your homepage or other browser settings to ones you don't want.
- See That’s not the download you’re looking for... in our Google Online Security Blog for more on how Google helps protect users from unwanted software.
If your site's downloads are identified as malware or unwanted software
It can be frustrating to learn that one of your downloadable files contains malware or unwanted software, and we want to help you resolve the issue. We can't provide exhaustive instructions to address every situation, but the following recommendations should help you isolate the issue quickly. For feedback specific to your software, please refer to the Webmaster Help Forum.
After you ensure that your downloadable program complies with the following guidelines, you can request a review of your status. A review can take 2-3 days to complete. Below are general guidelines for good software practice, but for more specific examples, please see Common Violations of the Unwanted Software Policy.
- Start with antivirus software. Use antivirus software to scan the binaries and other content hosted on your site. Antivirus software finds many types of malware and unwanted software but, unfortunately, not all types. Submitting your software to an anti-virus program (or an anti-virus consolidation service, such as VirusTotal) will give you an indicator of potential issues with your software. Google Safe Browsing applies its own criteria to determine whether a program or binary is unwanted software or malware.
- Explicitly and clearly explain to the user what browser and system changes will be made by your software. Allow users to review and approve all significant installation options and changes. Your program’s main UI should clearly disclose the binary’s components and their primary functionality. The binary should offer an easy way for the user to skip the installation of bundled components. For example, hiding these options or using grayed-out text is not good disclosure.
- If your binary installs a browser add-on or changes default browser settings, it should follow the browser-supported installation flow and API. For example, if the binary installs a Chrome extension, it should be hosted in the Chrome Web Store and adhere to the Chrome Developer Program Policies. Your binary will be identified as malware if it installs a Chrome extension in violation of the Chrome Alternative Extension Distribution Options policy.
- Do no harm. Your binary should respect and not harm the user's browsing experience. Make sure that your downloadable binaries adhere to the following common policies:
- Do not break the browser's reset functionality. Read about the reset browser settings button in Chrome.
- Do not bypass or suppress the browser's or operating system's UI control for setting changes. Your program should provide users proper notice and control over settings changes that occur in the browser. Use the Settings API to change Chrome settings (see this Chromium Blog post).
- Use an extension to change Google Chrome functionality, rather than causing browser behavior change via other programmatic means. For example, your program should not use DLLs (dynamically linked libraries) to inject ads in the browser, should not deploy proxies that intercept traffic, should not use a Layered Service Provider to intercept user actions, or insert new UI into every web page by patching the Chrome binary.
- Your product and component descriptions should not scare the user and/or make false, misleading, claims. For example, your product should not make false claims about how the system is in a critical security state or infected with viruses. Programs like registry cleaners should not show alarming messages about the state of a user’s computer or device, and claim they can optimize the user’s PC.
- Make the uninstallation process findable, simple, and non-threatening. You program should have clearly-labeled instructions for returning the browser and/or system to its previous settings. The uninstaller should remove all components and not deter the user from continuing the uninstall process, for instance by claiming potential negative effects on the user’s system or privacy if the software is uninstalled.
- Keep good company. If your software bundles other software components, you are responsible for making sure that none of these components violate any of the recommendations above.
If your site's downloads are identified as "Uncommonly downloaded"
If Google Safe Browsing hasn't seen a particular binary before, Chrome may warn that it is uncommonly downloaded and could be dangerous. In these cases the warnings are lifted automatically if Google Safe Browsing verifies that it is benign.
If your site is showing uncommon download warnings, you can also request a review in Search Console.