Helping people with computers... one answer at a time.
Avoiding websites that are questionable or suspicious is common advice from internet security gurus - but just what does that mean?
So just what is a "questionable" or "suspicious" website?
•
It's not uncommon for computer support people such as myself to admonish computer users to never visit questionable or suspicious websites, as they're often a source of malware, scams and other bad things.
But just what does that mean?
Yes. Well. Ahem.
It's kinda like an apocryphal definition once applied to pornography - it's difficult to describe, but you'll know it when you see it.
The problem is that when it comes to web sites by the time you see it, it might be too late.
•
If It Sounds Too Good To Be True...
Many websites actually live up to the "web" moniker by attempting to attract visitors whom they then ensnare with malware or worse.
The "clue" is the enticement to visit the site in the first place. Free this, or easy that, expensive things at unbelievably cheap prices, unbelievable pictures of this or that situation or public figure ... these are all common techniques to entice you to click on a link.
Don't.
If you're not sure, just don't.
"Unbelievable" is a good word in those descriptions; just remember the old adage: If it sounds too good to be true, then it's very likely not true at all.
Porn
I debated about including this topic, since I know it's difficult not to be judgmental about pornography. Unfortunately, it's also a classic category where many malicious sites fall.
I'm guessing you'll fall into either of two camps.
To many all porn is evil and that pornography sites might be including malware is just further proof of their bad intentions; people visiting porn sites deserve what they get - be it malware or something else. That makes this easy: you can skip this section since you're avoiding all porn anyway.
To others, some adult sex material might be acceptable, and we certainly know that there's a lot of it available on the internet. The question becomes, once again, how to distinguish the safe from the malicious.
The promise of pornography seems to entice many people to visit sites that they wouldn't normally visit. As a result that promise is often used by hackers and worse to trick people into visiting sites laden with malware.
I'll repeat my earlier admonition: if you're not sure, don't.
How to be sure? Stick to "brand names", if you will. Most major publications that you'd probably recognize in a magazine stand in this space have online presences, for example. TV networks that specialize in adult content similarly have internet-based venues.
But above all - beware the phrase "free porn". Once again, if it's too good to be true, it probably isn't. The promise of "free porn" has likely infected more machines than people are even willing to admit.
Phishing
Phishing is, of course, the attempt to make you think you're going to one site when in fact you're going to another. A link might look like it's taking you to paypal.com, and the site you land on might even look very much like Paypal, but if you look closely you'll see that the link didn't take you to Paypal at all, but rather some hacker's phishing site. That site - looking like Paypal - is designed to encourage you to hand over your Paypal login credentials by "logging in" - at which point a) it fails, and b) the hacker now has your Paypal ID and password.
The key in that scenario is look closely. Make sure that links go to exactly where you think they will, that they did take you to exactly where they should have. How do I know that this web address is safe? has a good description of how URLs can be misleading, and what to look for.
If you're not sure, don't click.
Particularly if you're not 100% certain about the source of the link - perhaps it's on a webpage you've never visited before, or perhaps its in an email that you didn't expect or just feel funny about, don't click.
Instead, fire up your browser and enter the URL by hand or use your own trusted bookmark.
That way you'll know you are where you should be.
Tools
There are several online tools that can help.
-
Web Of Trust is a collaborative website rating tool where people can rate their experiences with individual sites.
-
Norton Safe Web is a similar service, based primarily on automated checks. Community reviews are available there as well.
-
McAfee SiteAdvisor is perhaps one of the better known services, and similarly performs some automated checks as well as providing a forum for user comments.
There are probably others as well.
Many of these sites may offer addons or software you can install that will integrate more closely with your browser and often will display safety indications in search results. It's important to note that those are only conveniences - you don't need them, though you're welcome to use them if you believe they'll be helpful. Even without the addons each of the three listed above will give you a site report based on a URL you enter, and much of the time that's quite sufficient if you're generally paying attention to the links you're being presented with.
My only concern with these sites, aside from the occasional false positive, is that community comments can be manipulated - a site owner could certainly amass an army of people to leave positive comments on a site that was fundamentally malicious. The take-away here is simply to realize that, take all comments with a grain of salt, and remember that, once again, if it sounds too good to be true, it probably is.
What Are Your Tricks ?
This is one of those situations where I do feel that I'm perhaps a little too close to the problem. I can typically spot a scam almost immediately, but I know that I'm not an average computer user.
So I'll also ask you: what techniques do you use to make sure that you're not about to fall for a malicious web site?
What alerts you to a website being "questionable" or "suspicious"?
Share your ideas in the comments below - we'll all benefit.
Article C4708 - January 14, 2011 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
January 18, 2011 10:07 PM
It is the Trend Micro that works for me in my office. It advices on the "suspisous" sites and if it identifies it to be "dangerous" it does not allow it to open at all.
January 19, 2011 7:10 AM
Everything is fi ne, explanation is good but for a person that does not know computer is useless, I read the instructions still I am unable and afraid to do it, one needs to know to do anything as serious as to reinstall windows. I have a friend who did it and destroy de pc.It is a job for a technician.thanks
January 23, 2011 12:45 PM
I use the NoScript add-on with Firefox, which blocks "all javascript, java, and other executable content" from running without my approval. It is extremely comforting to have this level of control, particularly when surfing around for information, which may take you to unfamiliar sites.
January 24, 2011 4:26 PM
The "ipads for $23.74? Save 90% on retail" ad above appears to be the perfect example of a link/website that should be avoided. It does sound enticing though...
December 15, 2012 4:08 PM
My site has the label "suspicious" next to it when I googled it. I don't know why. It doesn't meet any of criteria you listed above. It is a Holistic Healing site... How can I get this "label" removed?
16-Dec-2012