dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
5662
TeMerc6
join:2004-01-22
Phoenix, AZ

1 recommendation

TeMerc6

Member

Site Advisor: Helping To Decide Good\Bad Sites.

Ben wrote:
Much of the spyware problem results from users visiting sites that turn out to be untrustworthy or simply malevolent. I'm certainly not inclined to blame the victimized users -- it's hardly their fault that sites run security exploits, offer undisclosed advertising software, or show tricky EULAs that are dozens of pages long. But the resulting software ultimately ends up on users' computers because users browsed to sites that didn't pan out.

How to fix this problem? In theory, it seems easy enough. First, someone needs to examine popular web sites, to figure out which are untrustworthy. Then users' computers need to automatically notify them -- warn them! -- before users reach untrustworthy sites. These aren't new ideas. Indeed, half a dozen vendors have tried such strategies in the past. But for various reasons, their efforts never solved the problem. (Details below).

This month, a new company is announcing a system to protect users from untrustworthy web sites: SiteAdvisor. They've designed a set of robots -- automated web crawlers, virtual machines, and databases -- that have browsed hundreds of thousands of web sites. They've tracked which sites install spyware -- what files installed, what registry changes, what network traffic. And they've built a browser plug-in that provides automated notification of worrisome sites -- handy red balloons when users stray into risky areas, along with annotations on search result pages at leading search engines.


Full Read @ Ben Edelman
»www.benedelman.org/news/ ··· 5-1.html

Logan 5
What a long strange trip its been
Premium Member
join:2001-05-25
San Francisco, CA

Logan 5

Premium Member

Re: Site Advisor: Helping To Decide Good\Bad Sites

Interesting read....Thanks for Sharing & bringing us another relavent topic for discussion.

Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to TeMerc6

Premium Member

to TeMerc6
Click for full size
I joined the beta test team. I can't submit a download for analysis. I get a blank page in Fx. But I can submit a comment about the site. Anyone know how I can submit a download?

Site Advisor has great potential I think. I was impressed that there is a Fx edition. I figured I'd have to use IE to be a tester but no there is a Fx edition.

I already found a red (bad) site. Interestingly, it is closed and I'm wondering if the bad rating had anything to do with that. It is a Comet Cursor site that is/was an affiliate of ThemeWorld and ThemeDoctor (both of which rate clean with SiteAdvisor which I knew would). But the Comet Cursor affiliate site is a nasty one unless you like Comet Cursor. This site that is rated red by SiteAdvisor gave a link to cursorcafe.com. I was suspicious, but SiteAdvisor rates it clean. However, SiteAdvisor says there are no downloads at the site. Of course there are! I downloaded (in IE) the CursorCafe Installer but declined the Starware Toolbar. The toolbar privacy policy is ok but I am still suspicious. I did get a great white tiger cursor that works in Fx also. I installed it on my VMWare guest machine not my main machine.

I'm wondering what happens when SiteAdvisor rates a site red and the site decides to sue over the rating. Is SiteAdvisor going to be able to withstand that sort of thing?
TeMerc6
join:2004-01-22
Phoenix, AZ

TeMerc6

Member

Re: Site Advisor: Helping To Decide Good\Bad Sites.

If you do a search for nearly anything your going to get hits for good, bad, and sites to view with caution. You can also submit sites for review. In the same area where the little check marks are, there wiill be a button saying untested. If you run your mouse over it, you can click to submit, which I have done for many sites already, my own included.

And it will indeed be a test of how strong the company is once a few sites get listed as a site to use 'extreme caution'. But I think therein lies the 'loophole', they are not saying it is 'bad', rather just to be viewed with caution, kind of like a street sign giving you a recommended MPH warning. Heed the warning and proceed with ease, exceed the speed and potential for trouble rises.

Overall I think they will be fine.

justin
..needs sleep
Mod
join:1999-05-28
2031
Billion BiPAC 7800N
Apple AirPort Extreme (2011)

2 recommendations

justin to TeMerc6

Mod

to TeMerc6

Re: Site Advisor: Helping To Decide Good\Bad Sites

the arms race continues.

So, I am a bad site. And this pesky tool is starting to reduce my daily spyware installs. What can I do to counter?

lots of things.

I can create new domain names faster than they can be crawled.

I can detect crawlers, and offer them peaceful HTML.

I can install spyware only when I see netblocks from AOL, comcast, and other well known IP ranges.

I can hide the malware behind screens that humans easily probe but robots cannot (image maps, question and answer sessions, "free surveys", etc).

Soon, we're all paying (in time, brain space and money) for Yet Another Defense Layer and they are subverting it as often as they subvert spyware scanners, virus scanners and so on (eg: often).
TeMerc6
join:2004-01-22
Phoenix, AZ

TeMerc6

Member

said by justin:

the arms race continues.

So, I am a bad site. And this pesky tool is starting to reduce my daily spyware installs. What can I do to counter?

lots of things.

Soon, we're all paying (in time, brain space and money) for Yet Another Defense Layer and they are subverting it as often as they subvert spyware scanners, virus scanners and so on (eg: often).
Even so, would you rather companies just stop trying altogether? Because other than giving up, trying to make users safer is all you can really offer. There is no silver bullet and I'm all for people\companies who offer ways to protect, especially when it's a relatively simple thing such as this.
bedelman0
Premium Member
join:2004-06-20
Cambridge, MA

1 edit

1 recommendation

bedelman0 to TeMerc6

Premium Member

to TeMerc6

quick responses re submissions, threats, arms race

Hi, folks. Ben Edelman here. I'm not in a position to provide full tech support for SiteAdvisor, but where I see questions I can answer, I'll do my best.
said by Mele20 :
I can't submit a download for analysis. I get a blank page in Fx.
Try disabling your popup blocker? The "submit a download for review" window comes up as a new window, and an overzealous popup blocker might block this window even though the window-open is clearly caused by a user's click ont he link. If this doesn't fix your problem, I suggest that you submit this issue through the submit feedback page.
quote:
However, SiteAdvisor says there are no downloads at the site. Of course there are!
This is perfect feedback to submit to SiteAdvisor. One appropriate place to submit this feedback is on the SiteAdvisor dossier page for cursorcafe.com. As I'm sure you realize, it's tough to design robots that find all download links, and no one thinks SiteAdvisor does this perfectly at present. Your feedback, as to specific downloads that have been missed, will help improve the algorithm.
quote:
I'm wondering what happens when SiteAdvisor rates a site red and the site decides to sue over the rating. Is SiteAdvisor going to be able to withstand that sort of thing?
This is a serious worry. In many respects, SiteAdvisor is similar to most anti-spyware vendors; like them, SiteAdvisor rates the programs users may encounter, and SiteAdvisor helps users figure out how to respond to those programs. So if they're able to withstand vendor suits, SiteAdvisor should be OK too. But the bigger SiteAdvisor becomes, the larger a target they'll be. Ultimately the proof is in the pudding -- how the company responds if (and when) they're sued. I think we'll have to wait and see. Meanwhile, my Threats Against Spyware Detectors, Removers, and Critics page indexes other such suits and threats, of which there are remarkably many already.

Justin, Your comments re the arms race are well taken. I can tell you that the SiteAdvisor folks are thinking about this already. There's no single easy answer, but I'm hopeful that SiteAdvisor won't be as easy to trick as you suggest.
bedelman0

2 edits

bedelman0

Premium Member

(deleted)

.

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

hpguru to TeMerc6

Premium Member

to TeMerc6

Re: Site Advisor: Helping To Decide Good\Bad Sites.

This is a good idea but it needs work. A lot of work. I just visited a site reported to me today which I confirmed is using an IE vulnerability to install malware. SiteAdvisor's advice - "We tested this site and didn't find any significant problems to report." Too damn bad for the poor fool who failed to install the most recent cumulative update for IE.

skyroket8
join:2001-06-11
Colorado, US

1 edit

skyroket8 to TeMerc6

Member

to TeMerc6
Click for full size
edit: no, I don't care my gmail address is in that screenshot...

Cool project.
Interesting - »www.siteadvisor.com/site ··· orts.com

Looks like it also puts some symbols next to search results from SOME search engines....kinda cool. It could stand to be a bit more accurate if it says "freesaver . com" is an okay site. It really didn't have anything bad, it just linked to a bad site in order to download some of the screen savers. Ideal for the home user, but a corporate web filter looks to be the better deal (I had to circumvent my web filter just to get to freesaver . com) for now.

antiserious
The Future ain't what it used to be
Premium Member
join:2001-12-12
Scranton, PA

antiserious to hpguru

Premium Member

to hpguru
said by hpguru:

This is a good idea but it needs work. A lot of work.

... I agree, and I just signed up to help out ... I think it's potentially a great idea that's going to need a lot of input to refine ... if they're up to the task it could be extremely useful ...

Logan 5
What a long strange trip its been
Premium Member
join:2001-05-25
San Francisco, CA

1 edit

Logan 5

Premium Member

Re: Site Advisor: Helping To Decide Good\Bad Sites

said by antiserious:

I think it's potentially a great idea that's going to need a lot of input to refine ... if they're up to the task it could be extremely useful ...
Agreed... Provided they can 'bulletproof' themselves from the inevitable legal challenge(s) from the Mal/Scum/Adware creators & sites that spread the garbage who will cry foul at being labeled in such a disparaging manner....

ed. spelling
chris_dixon
join:2005-12-19
Boston, MA

1 recommendation

chris_dixon to hpguru

Member

to hpguru
Hi there,
This is Chris Dixon from SiteAdvisor. Thanks for all of your comments.

Actually, we really should have made this clearer but our data does not yet include results from exploit detection. To date, it only includes results from programs you have to click to download (127,000 of those so far...). We are testing our exploit detection in our labs now and expect to include the results in January. Sorry we didn't explain this earlier. (Based on your comment, we added an explanation of this on our feedback page).

So basically right now we believe we have very few false positives but do have some false negatives, especially when it comes to exploits. It will indeed take some time to get it perfect but we are definitely in this for the long haul and appreciate all your feedback.

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

1 recommendation

hpguru to TeMerc6

Premium Member

to TeMerc6

Re: Site Advisor: Helping To Decide Good\Bad Sites.

Ahem.

»www.siteadvisor.com/site ··· 7.0.0.1/
hpguru

hpguru to TeMerc6

Premium Member

to TeMerc6
I found a bug in the version of SiteAdvisor for IE.

Yesterday while attempting to download IE-Spyad I received this error.

"Cannot copy file: Cannot read from the source file or disk."

As you know, Eric's site is secure so I found I could download the file after disabling 'Do not save encrypted pages to disk' which of course is inadvisable. On my other system the error didn't occur so I restored an image made just prior to the last round of MS updates and then systematically went through all the changes I had made since then to determine which change had broken the functionality. It is definitely SiteAdvisor. Reinstalling it broke the functionality, uninstalling it restored functionality.

FYI I am running WinXP Pro SP2 fully patched.

I don't download many files from secure sites so I am going to reinstall SiteAdvisor because I want it to succeed but imo this is a problem that needs to be addressed.
chris_dixon
join:2005-12-19
Boston, MA

chris_dixon

Member

Re: Site Advisor: Helping To Decide Good\Bad Sites

Hi, this is Chris Dixon from SiteAdvisor. Thanks for all the feedback and bug reports. We are looking at all the issues reported here including the IE problem with HTTPS sites and plan to post fixes / updates soon. Thanks for being patient with us during our Beta phase.

Chris

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

hpguru to TeMerc6

Premium Member

to TeMerc6

Re: Site Advisor: Helping To Decide Good\Bad Sites.

Thanks Chris.

Another bug. This issued when IE was closed.

"The instruction at "0x7c910f29" referenced memory at "0x00000018". The memory could not be "read".

Click on OK to terminate the program"
hpguru

hpguru to TeMerc6

Premium Member

to TeMerc6
Why is SiteAdvisor adding domains to my IE Restricted Zone?
Granted, they were all bad domains and they are removed when I close IE (unless SiteAdv crashed)
but that is not the point. You are doing it without permission and without any form of warning or
notification. There is furthermore no mention of this in your Privacy Policy or License Agreement when SiteAdvisor is installed nor any mention of it that I can find in your FAQ.

This is unacceptable. If you are going to do this then you should disable this feature by default
and allow the user to enable it in Settings if they so desire.
chris_dixon
join:2005-12-19
Boston, MA

chris_dixon

Member

Re: Site Advisor: Helping To Decide Good\Bad Sites

Hi hpguru,
We do actually mention this pretty prominently on our main IE install page »www.siteadvisor.com/prei ··· all.html. This notice has been there at least since last Monday when we launched our Beta. I'm sorry this wasn't clearer. We only add these RZ sites to try to protect our plug-in users better. Perhaps we should either make this clearer or not use the RZ for this type of protection. I'd love to hear more of your thoughts on the topic, and we definitely appreciate the feedback.
Thanks,
Chris

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

hpguru

Premium Member

Hi Chris,

I don't know if that page mentioned this feature when I installed it but at any rate I didn't become aware of it until yesterday evening when I discovered sites in my Restricted Zone which I had not added.

Just so there is no misunderstanding I think this is a good idea but it needs to be disabled by default. Either that or users should be given the option to enable it at install time or later in the Settings dialog.

Personally I don't think I would use such a feature. I block access to bad sites using my hosts file and I have a method for determining which domains get blocked most often. I add those domains to my Restricted Zone using wildcards to cover child domains which are missing from my hosts file. I do that because it seems like the most sensible approach to adding sites to the Restricted Zone. Perhaps you could implement something of that nature in SA.