Helping people with computers... one answer at a time.
Avoiding websites that are questionable or suspicious is common advice from internet security gurus - but just what does that mean?
So just what is a "questionable" or "suspicious" website?
It's not uncommon for computer support people such as myself to admonish computer users to never visit questionable or suspicious websites, as they're often a source of malware, scams and other bad things.
But just what does that mean?
Yes. Well. Ahem.
It's kinda like an apocryphal definition once applied to pornography - it's difficult to describe, but you'll know it when you see it.
The problem is that when it comes to web sites by the time you see it, it might be too late.
Many websites actually live up to the "web" moniker by attempting to attract visitors whom they then ensnare with malware or worse.
The "clue" is the enticement to visit the site in the first place. Free this, or easy that, expensive things at unbelievably cheap prices, unbelievable pictures of this or that situation or public figure ... these are all common techniques to entice you to click on a link.
If you're not sure, just don't.
"Unbelievable" is a good word in those descriptions; just remember the old adage: If it sounds too good to be true, then it's very likely not true at all.
I debated about including this topic, since I know it's difficult not to be judgmental about pornography. Unfortunately, it's also a classic category where many malicious sites fall.
I'm guessing you'll fall into either of two camps.
To many all porn is evil and that pornography sites might be including malware is just further proof of their bad intentions; people visiting porn sites deserve what they get - be it malware or something else. That makes this easy: you can skip this section since you're avoiding all porn anyway.
To others, some adult sex material might be acceptable, and we certainly know that there's a lot of it available on the internet. The question becomes, once again, how to distinguish the safe from the malicious.
The promise of pornography seems to entice many people to visit sites that they wouldn't normally visit. As a result that promise is often used by hackers and worse to trick people into visiting sites laden with malware.
I'll repeat my earlier admonition: if you're not sure, don't.
How to be sure? Stick to "brand names", if you will. Most major publications that you'd probably recognize in a magazine stand in this space have online presences, for example. TV networks that specialize in adult content similarly have internet-based venues.
But above all - beware the phrase "free porn". Once again, if it's too good to be true, it probably isn't. The promise of "free porn" has likely infected more machines than people are even willing to admit.
Phishing is, of course, the attempt to make you think you're going to one site when in fact you're going to another. A link might look like it's taking you to paypal.com, and the site you land on might even look very much like Paypal, but if you look closely you'll see that the link didn't take you to Paypal at all, but rather some hacker's phishing site. That site - looking like Paypal - is designed to encourage you to hand over your Paypal login credentials by "logging in" - at which point a) it fails, and b) the hacker now has your Paypal ID and password.
The key in that scenario is look closely. Make sure that links go to exactly where you think they will, that they did take you to exactly where they should have. How do I know that this web address is safe? has a good description of how URLs can be misleading, and what to look for.
If you're not sure, don't click.
Particularly if you're not 100% certain about the source of the link - perhaps it's on a webpage you've never visited before, or perhaps its in an email that you didn't expect or just feel funny about, don't click.
Instead, fire up your browser and enter the URL by hand or use your own trusted bookmark.
That way you'll know you are where you should be.
There are several online tools that can help.
Web Of Trust is a collaborative website rating tool where people can rate their experiences with individual sites.
Norton Safe Web is a similar service, based primarily on automated checks. Community reviews are available there as well.
McAfee SiteAdvisor is perhaps one of the better known services, and similarly performs some automated checks as well as providing a forum for user comments.
There are probably others as well.
Many of these sites may offer addons or software you can install that will integrate more closely with your browser and often will display safety indications in search results. It's important to note that those are only conveniences - you don't need them, though you're welcome to use them if you believe they'll be helpful. Even without the addons each of the three listed above will give you a site report based on a URL you enter, and much of the time that's quite sufficient if you're generally paying attention to the links you're being presented with.
My only concern with these sites, aside from the occasional false positive, is that community comments can be manipulated - a site owner could certainly amass an army of people to leave positive comments on a site that was fundamentally malicious. The take-away here is simply to realize that, take all comments with a grain of salt, and remember that, once again, if it sounds too good to be true, it probably is.
This is one of those situations where I do feel that I'm perhaps a little too close to the problem. I can typically spot a scam almost immediately, but I know that I'm not an average computer user.
So I'll also ask you: what techniques do you use to make sure that you're not about to fall for a malicious web site?
What alerts you to a website being "questionable" or "suspicious"?
Share your ideas in the comments below - we'll all benefit.