Earthweb
Images Research Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
 SUBJECTS:
 FEATURES:
Search EarthWeb Network

internet.commerce
Be a Commerce Partner
Cheap Airline Tickets
PDA Phones & Cases
Home Networking
Merchant Solutions
Dental Insurance
Boat Donations
Tech Jobs
Car Donations
KVM over IP
Education Online
Televisions
Cheap Digital Camera
Promote Your Website

AMD How-to Article:
Driving Windows x64: A Checkup, with Tips and Workarounds

AMD Article:
Supersizing Java
IT Management : Columns : Executive Tech: Will SiteAdvisor.com Ban Your Domain?

Symantec Data Management Solutions
Whitepaper: The Benefit of Continuous Data Protection
Data volume continues to grow at nearly 40% to 50% each year, making back up of mission critical data very difficult. For any organization looking to manage data growth, improve reliability, and speed data recovery, continuous data protection provides the avenue to address the challenges in a method that will improve overall data protection without weighing down IT with costly solutions.
Register Now to Download.
Whitepaper: Breaking Through the Dissimilar Hardware Restore Challenge
This paper discusses recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, and increasing disaster tolerance.
Register Now to Download.
Whitepaper: Converging System and Data Protection
From resilience against threats to efficient restoration of normal operations, Symantec can help keep your business up, running, and growing—no matter what happens.
Register Now to Download.
Webcast: Symantec Brings Disk-based Data Protection and Advanced System Recovery Together
Symantec Backup Exec™ and Symantec LiveState Recovery™ allow rapid and easy backup and recovery of virtually any Windows data and Windows system.
Join us for an informative Webcast to learn how to:
  • Create backups and restore to specific system recovery points
  • Maintain data availability and minimize server downtime
  • Eliminate backup windows, improving increased system reliability
  • Dramatically minimize downtime by rapidly recovering entire systems to dissimilar hardware platforms or even to virtual environments
Register Now to Watch.

Related Articles
Corporations Have an Unsubscribe Problem
How to Know When Unsubscribing Isn't Safe
More Ways to Protect Your E-Mail
Do Panasonic's Batteries Really Beat Energizer's?
- ITSMWatch Newsletter -
email:
IT Focus
Wireless in the Enterprise

Wireless technology continues to make great inroads into networks. But IT pros still must contend with a number of issues such as security, access and integration.

Ready? Set. Go!

Mobile Workers Never Looked So Thin

The Incredible Hidden Wireless Connection

Product Watch
Interop Secure Shell - SSH and SFTP Server/Clients for Windows w/SFU, SUA
SiteAssure - Anti-Phishing and Two-Factor Authentication Platform
SenSage - Clusterable Infrastructure for the Collection, Analysis of System Events
WinRAR - Support for RAR and ZIP Archives
NetDefend - Combined Firewall and VPN For SMB to Enterprise

more products >>

Datamation Definitions
data mining
ERP
extranet
grid computing
intranet
network appliance
outsourcing
storage
VPN
virus
FREE Tech Newsletters

Whitepaper: From Managing Boxes to Managing Business Processes--The Evolving Role of IT Service Management. Learn how to improve business agility, lower costs & increase revenue across the organization.

Will SiteAdvisor.com Ban Your Domain?
February 14, 2006
By Brian Livingston

Brian Livingston In the next few weeks, a service that's been methodically testing Web sites for spyware, spam, and other problems will be gearing up for a big launch. Does your company's Internet presence measure up to a "good" or a "bad" rating, as determined by this kind of examination?

The service calls itself SiteAdvisor.com. Despite its modest-sounding name, which suggests that its judgments are merely common-sense cautions, I believe SiteAdvisor and similar campaigns will eventually force many questionable Web sites to clean up their acts.

Now -- before the company moves into its full-launch mode -- is the time to check your own site to see whether it passes or fails the test.

And a Bot Shall Lead Them

SiteAdvisor has offered for several months an add-on for the Firefox browser that issues warnings when an untrustworthy site is visited. The company is currently in late beta testing of a similar add-on for Internet Explorer. As soon as the IE plug-in is ready for prime time, I believe many Web users will start hearing about -- and taking advantage of -- SiteAdvisor's ratings of Internet players.

Instead of using only human beings to rate sites, SiteAdvisor has created an army of software robots ("bots") to visit thousands of sites a day. These bots are capable of downloading any executable files that a site offers. Remarkably, the bots then install the programs into a Windows "virtual machine," where the programs are automatically tested for adware, spyware, contacts with remote servers, and other signs of malware.

The bots also submit a unique e-mail address to any signup forms that are found on a site. SiteAdvisor's e-mail server then analyzes how much e-mail is received as a result and how "spammy" it is.

In a telephone interview, SiteAdvisor CEO Chris Dixon explained that his company decided not to show users a potentially confusing point rating for each site, such as 1 to 100. The developers decided as an alternative to rate sites into one of three simple categories:

Red sites have been found to offer software that simultaneously installs adware or spyware. Or the site may generate a ton of spam to any e-mail address that's submitted.

Yellow sites are considered suspicious, but not a risk of outright malware. Users should be wary of sites in this category, although there may be no danger if personal information isn't submitted.

Green sites have been given the "all-clear" signal by SiteAdvisor. Its bots have found no malware or questionable activity associated with the sites.

More than 140,000 downloadable programs have been tested thus far, Dixon says. In addition, he adds, SiteAdvisor's bots have submitted unique e-mail addresses to more than 900,000 registration forms on the Web. The tested pages represent more than 90 percent of the world's Web traffic, the company says.

All this computerized activity has produced a "database of shame" that's unlike any other publicly available listing I know of.

Do You Get a Clean Bill of Health?

The evidence that SiteAdvisor's bots have collected from hundreds of thousands of Web sites is nothing less than astonishing. To demonstrate this, Dixon suggested that I visit SiteAdvisor's analysis page on Galttech.com, a purveyor of software downloads.

Among the many pieces of information SiteAdvisor has accumulated about this site are the following:

Overall rating. The site is rated "red," which SiteAdvisor's analysis page says is because "we found downloads on this site that some people consider adware, spyware, or other unwanted programs."

Spam score. If a site sent a lot of e-mails to SiteAdvisor's dummy address, and the e-mails scored high for "spamminess," this is reported here, too.

Link analysis. The analysis page includes a fascinating chart of other sites that the rated site links to. SiteAdvisor's bots found that Galttech, for example, links to ScreenSaverHeaven.com, which the service says is also a source of downloads that are considered to be adware.

Potentially unwanted programs. SiteAdvisor lists several adware makers whose software is loaded onto a PC when other specific programs are downloaded from Galttech. These include 180Solutions, Global Search, WhenU, and Zango.

Rating of installs. SiteAdvisor's "more detailed analysis" link takes you to a rating page, showing the intrusiveness of each program that's installed from these downloads. In this case, most of the installs are rated 7 out of a possible 10 on SiteAdvisor's "nuisance meter." Anything above 3 is considered a very bad rating.

Changing the Registry and phoning home. When you click the "see download info" link on the analysis page, you're shown an exhaustive listing of changes to the Windows Registry that were made by a particular piece of adware. SiteAdvisor also names on this page all of the remote servers that a piece of adware contacted after installation, presumably to seek instructions or to install even more programs.

All of the above can be overwhelming for anyone to grasp. The amount of detail that SiteAdvisor is making available for free on its site is primarily intended to satisfy other researchers (and poorly rated sites) that plenty of damning evidence has been collected, Dixon says. "Almost all adware programs will talk to their home servers after a delay," he adds. This explains why SiteAdvisor lists all of the servers that installed programs try to communicate with.

End users aren't intended to read SiteAdvisor's analyses of individual sites before visiting them. Instead, SiteAdvisor's add-on button on the IE and Firefox toolbars glows red or yellow to warn users away from risky domains. This is supplemented by a balloon containing an explanation of the rating, with hyperlinks to additional information.

I'd personally prefer that browser users be protected from visiting red sites at all (with configuration options hidden within a menu that can be used to override an individual rating, if need be). Dixon says fine-tuning such as this is on his company's schedule for development.

Keeping Out of Trouble

SiteAdvisor would have the greatest impact on cleaning up the Web if the makers of IE, Firefox, Opera, and other browsers would simply build in SiteAdvisor as a default protection service. Microsoft is sponsoring its own Web research project called HoneyMonkey, but this is focused on detecting browser exploits and not the social-engineering attacks that are being effectively catalogued by SiteAdvisor.

As far as I'm concerned, this kind of defense for Web users can't come too soon. When pressed to give hard numbers, Dixon estimates: "Of the sites we've tested, about 5 percent are red and 5 percent are yellow." That means 90 percent of Web sites are relatively safe to visit. But if 10 percent of the Internet's sites are questionable, this represents a giant threat. Can you imagine if 1 out of 10 bank branches were outright fronts for crooks, or 1 out of 10 hospitals took in patients primarily to steal their organs?

The situation is even worse when you look at the number of visitors the questionable sites attract, rather than the raw count of these sites. When the sites are rated by traffic, Dixon estimates, the red sites represent 9 or 10 percent of the visits, with the yellow sites adding up to another 9 or 10 percent. These sites get more traffic than others, Dixon speculates, because they're profitable and can therefore afford to advertise to attract visitors.

No other legitimate industry allows this level of outright thievery to exist in its midst. It's long past time that sites were routinely tested for malware and rated for integrity. Turning over e-mail addresses to spammers and quietly distributing adware programs are exactly the kinds of offenses that users have the right to know a site is guilty of.

That brings us to your domain. How do you think your site rates?

In this early stage of its development, SiteAdvisor displays no search box on its home page for you to enter your domain name and see your rating. But you can easily type in your Web address -- or that of any other domain -- using the input box that sits atop SiteAdvisor's site map page.

If you find that your domain is mistakenly being rated as verboten, SiteAdvisor provides instructions on its FAQ page on how to request a re-examination. The company says it won't accept money from site operators to change a rating, however.

Even if your site gets a cheery green rating, don't become complacent. If Microsoft, Mozilla, Opera, and other browser makers embrace SiteAdvisor's ratings -- as I believe they should -- questionable practices that creep onto your site could someday cut into your visitor numbers in a big way.

Now's the time for you to eliminate downloads that include any hint of malware. You should also make doubly sure your company's departments aren't sharing any e-mail addresses submitted by customers.

These are good ideas in any case. But they could become essential for your company's survival, once browsers actually start steering visitors away from sites that can't be trusted.

Brian Livingston is the editor of WindowsSecrets.com and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.


Executive Tech Archives


JupiterWeb networks:

Graphics.com

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
JupiterResearch


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | E-mail Offers