Google’s efforts to offer a more secure search to users has had what seems to be an unintended positive side effect, it’s killed many of the BlackHat SEO scripts used to game the system and spread malicious files such as Rogue anti-Virus.
In October, Google announced that they would enable a feature that redirects users signed-in to their accounts to SSL search (httpS://www.google.com). The feature encrypts the search queries on the results page, offering an additional layer of protection in public areas such as free Wi-Fi at coffee shops or airports.
The drawback is that the search strings are altered, so sites that manage SEO (Search Engine Optimization) based on search terms were impacted slightly by the change. Previously, a webmaster would be able to track the search terms used by a person when they enter their site from Google. Google’s Analytics service mitigates this some, but some webmasters are still steamed over the changes.
The upside is the missing search queries and encrypted traffic hinders BlackHat SEO scripts. These scripts allow webmasters to build link farms, in an effort to game the search engines and place their domains at the top of the list for a given search term. They can also be used to hijack a search term, and poison it. This is commonly seen with sites that spread Malware or Rogue anti-Virus applications.
“When these sites receive visits from search engine visitors, they will have no idea what search sent them there. They won’t have a clear idea which search terms work and which don’t, so they are essentially in the dark. This can have a lot of impact on the effectiveness of their poisoning activities. This is, of course, good for Google as their search lists are cleaner but it’s also good for all users because they’ll be less likely to click on bad links from Google,” commented David Sancho, a Senior Threat Researcher at TrendMicro.
The only catch is that a user must be logged into their Google account to be redirected to SSL searching, but given the number of regular Google+ or GMail users, this isn’t a major issue.
There are also browser add-ons, such as HTTPS Everywhere, which can help keep you on the secure versions of many domains.