A New Face for Live Search Search Verticals Starting to Debut from Microsoft Susan Kuchinskas
Health.live.com includes a special topic dashboard, inline article results, highlighted information from trusted sources such as the Mayo Clinic and "action modules." These modules are unpaid content such as a pregnancy quiz from the U.S. Department of Health and Human Services.
Privacy and security are handled differently in this vertical from the rest of the MSN network. All communication between client and server are encrypted and Microsoft erases the logs and deletes the cookies after 90 days. Moreover, the company will not target advertisements against these results. This is an important point because Microsoft claims its adCenter technology will target consumers based on their behavior anywhere on the MSN network.
Click for shot of Live Search video results
In fact, all these improvements mean nothing if ads — and clicks on those ads — don't follow. Like other search engines, Microsoft didn't give advance notice of the index change to search-engine marketers. Chris Hong, search engine marketing manager for Dealix, a provider of sales leads for auto dealers, attended the Searchification event. He said he understands it's important for search providers to retain secrecy about their indexes and ranking algorithms in order to thwart "black-hat" marketers who try to game the system.
Hong said improvements to adCenter, MSN's combined search and display advertising platform, have shaved off a half hour of his work day. Nevertheless, he said, MSN's advertising interface remains too complicated and is way behind Google's, where he can change a campaign with three clicks. "Every click matters," he said.
Microsoft has increased the index by a factor of four to improve coverage. But size isn't the only thing that matters. It's also increased its coverage of structured information and user-generated content, and it's feeding this into specific search verticals, such as entertainment, product reviews and local business information. The result, Nadella said, is an improvement in relevance for long and obscure queries and a halving of the number of times users get less than 10 results.
Query intent — the ability for the search engine to understand whether "apple" refers to consumer electronics or nutrition — has long been a bugbear for search engines.
For example, when someone types EPRML, the results now start with a definition from Acronym Finder. A query for "Dona Pacem sung in Latin," which formerly got five related results, now starts the results with the lyrics of the song. A search for someone's name now returns results from executive profile sites.
"I'm excited about our ability to take the entire Web corpus we have and extract additional information about entities like people or products, the so-called structured information," Nadella said.
He said improved query analysis fixes 30 percent of the worst query results. For example, search engines typically ignore the word "the" in queries. But if you were looking for the TV show "The Office," you used get links to Microsoft's Office products. By examining user behavior across the network, Microsoft says its search software will know when someone wants entertainment instead of software.
Instead of asking "did you mean" for a misspelled word, Live Search now simply corrects it and gives only results for the correct spelling. As Microsoft officials noted in the presentation, Google suggests the correct spelling and displays any pages that also contain the misspelling in the results.
Clicking "translate this page" provides side-by side versions of the page. This function also provides the option of seeing the original-language text with translations provided when you mouse over a section.
In terms of relevance, "We believe we are as good as Google and ahead of Yahoo," Nadella said.
The new features will go live in stages in the next two weeks.
The latest target for the malware criminal element is those popular widget-driven applications, both desktop and browser-based, thanks to their explosion in popularity and relatively insecure model.
Security firm Finjan issued a recent report that found that widgets (or gadgets) are exposing computer users to a whole host of attacks because they were designed as these cool little innocuous applets without any real security model but have all the power of a full-blown app.
Worse, this vulnerability is not limited to Yahoo Widgets or the Windows Vista sidebar applets. Finjan also found sample exploit code to insert malicious widgets into Microsoft's Live.com and Google's iGoogle pages.
"It's an environment that's designed to look really cool and provide some basic functionality, but no one thought about basic security," said Istach Amit, director of security research at Finjan's malicious code research center. "There are inherent problems in the security model of those widget engines."
There's a lot of widgets out there. Finjan found 3,720 widgets available on Google.com, 3,197 on Apple.com, and 3,959 on Facebook.com. The companies offer their own, but they also host thousands of third-party widgets for users to install and there's no guarantee they will catch a widget with malicious code in it.
The problem is widgets are full-blown apps that the hosting environment, whether it's iGoogle or Yahoo Widgets, doesn't take into account and they should be restricted or scrutinized a lot more than they are now, said Amit. "They should not access the file system or access the network if they do not need to," he said.
Already Microsoft and Yahoo have had to make fixes to their widgets and Google is also updating its Desktop and portal pages. Microsoft had to fix the Vista Sidebar after Finjan found a vulnerability in the contacts widget. It also had to fix a problem in the RSS reader used on Live.com.
Finjan also found a problem in Yahoo Widgets Contacts and one in iGoogle that installed itself without user approval or knowledge. It could then access their contents, GMail mailbox, and browser history. Yahoo was unavailable for comment, while Google said this:
"Javascript is a supported part of Google Gadgets, which many developers use to provide unique functionality to users. We recognize the potential for misuse of this feature and we mitigate this risk by putting it in a domain of its own.
"This area of vulnerability research is a moving target and we are currently working to find innovative solutions to these problems. Google takes security issues very seriously and will respond swiftly to fix known security issues," said a Google spokesperson in a statement to InternetNews.com.
"They are fixing the vulnerability pretty quickly, but I can't say what they are doing with the security model. It's more than just fixing a widget that has been coded badly," Amit said.
It's a matter of following a World Wide Web Consortium (W3C) object model for security involving objects and widgets. Only two companies have embraced the W3C object model, according to Amit: Apple and Opera.
The Opera browser uses the W3C widget policy on security and policies. Firefox and Microsoft's Internet Explorer don't have a widget environment so there is no comparison, although in its most recent security report, Symantec found that browser plug-ins are also becoming popular malware targets.
Mac OS is more secure since it was one of the participants in the W3C committee that developed the object security recommendations and Apple's security policy is based on an Apple object model that already exists in Mac OS X.
With some malware issues, it's often a case of not opening an e-mail from an unknown source. A widget presents a much tougher proposition because it basically means not using the product altogether. But that's exactly what Amit recommends until the security model in these products improves.
"If you really don't need it, don't use it. I know it looks nifty, but you have to remember it's a full-fledged app, and like any app it does have its security problems," he said.
