Summary: We're often enticed or directed to websites we've never been to before. We'll look at a couple of tools to help identify safe web sites.
How do I know if a site I'm about to visit is a safe web site? Is there any software I can use to know this, or some other technique?
•
This turns out to be a frustratingly difficult problem to solve.
It's not that there aren't some solutions to identifying safe web sites, but rather that the solutions themselves can often be inconsistent.
But used properly, there are some ways you can at least gather a little additional data before taking the plunge and clicking that link.
•
The short answer is that there's no authoritative, canonical list of what is and what is not safe. In part because even the word "safe" has different meanings depending on who you ask. For some people "safe" simply means no malware could be downloaded by visiting the site; for others "safe" means things like there not being any risque humor present.
By the former definition, a site like my Forwarded Funnies is quite safe, and by the latter, it's not safe at all (there's definitely some risque, and even "blue" humor on the site).
So I don't think you'll ever get an absolute safe/not-safe decision from anywhere. At best you'll get data that'll let you make that determination yourself.
I'm going to point you at two tools for that data: McAfee's Site Advisor, and Web Of Trust.
I'm also going to use their analysis of Ask Leo! to describe what they do, and while I might mention them as interesting, I can't actually recommend either as authoritative.
Site Advisor evaluates a number of characteristics of a site: things like what email you'll get if you sign up, where the site links out to, what kinds of things you can download from the site and if they contain malware, and more.
Site Advisor's Review of Ask Leo! gives it a good review. But even in that good review there are some minor issues:
(Note: this is as of this writing on 11-Oct-2009 - the information displayed is likely to change over time.)
"What our inbox looked like after we signed up here:" correctly states that you'll get one email per week, but displays something completely unrelated as "what our inbox looked like".
"Download tests" lists a download that I don't host; it's a fine download, but it's not from Ask Leo!.
The "online affiliations" for Ask Leo! is at best incomplete, and those shown don't seem the most relevant to a safe/not safe determination.
There are also several positive (Thank You!) user comments about the site. More on that below.
Web of Trust also displays information about sites, but in a slightly more easy to grasp manner: on 4 different rating scales: Trustworthiness, Vendor reliability, Privacy and Child Safety. It also keeps track of whether the site was recently bookmarked in the social bookmarking site Delicious, which typically indicates that someone found it useful, and the tech news and information site Digg, which typically indicates that someone found it interesting or newsworthy.
As I might hope the Web of Trust scorecard for Ask Leo! ranks the site highly across the board, and once again there are several positive (Thank You!) user comments about the site.
•
"So, where do these sites get their information?" you might ask.
They have basically two different approaches.
From McAfee's site:
These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats ... . The result is a guide to Web safety.
What you're seeing in the McAfee SiteAdvisor review is the result of those tests, plus additional user comments. The Site Advisor software, when installed, makes the overall rating visible, reviews available with a click from within your browser.
Web Of Trust (WOT) is more community driven. It has browser add-ons that not only display the rating of the site or page that you're visiting, but actually allow you to contribute your own rating and comments.
From the site:
Web site ratings are continuously updated by millions of members of the WOT community and from numerous trusted sources, such as phishing site listings.
What you're seeing when you look at WOT information is the combination of the reviews, ratings and opinions of other users like you.
•
I stop just shy of actually recommending either of these services. Let me be clear: these are both good, reputable services. There's value in the information that they provide.
But I have two concerns:
occasionally incorrect information
occasional browser add-on problems
I've experienced both, and with both products, but I'm most concerned with incorrect information.
Every so often Ask Leo!, or a page on Ask Leo! will get erroneously flagged as malicious, when it is most certainly not. I don't know if it's a failure of the automated tools, in McAfee's case, or a failure of appropriate screening of user feedback in the case of WOT, but it happens.
And I know it happens to other sites as well, as I've used both these tools in the past and seen sites that I know are safe yet are flagged as something less than that. It's not often, but often enough so as cause me to question the overall accuracy of the information being used.
So I'm a little hesitant.
What I can say is this: give them a try. As I said, there is good information here. You don't need to install their add-ons if you don't want: simply visit their sites and enter in the URL of the site you want to know more about.
But then take that information with a grain of salt. Use it as part of your own decision making process. Read and understand the reviews, and see if they are fair and make sense.
One of the best things you can do as you surf the web is to simply be skeptical. Don't believe everything you read, every promise made, or every offer. That goes for links people directly you to; it goes for the information people might post on sites like Site Advisor or WOT; it even goes for what you read here on Ask Leo!.
Use some common sense - I'm guessing you already have a sense for what's good or bad; listen to that sense. Use tools like Site Advisor or WOT to gather additional data if you're not sure, or even just a plain old Google search for more information.
And if it's not worth your time to do the extra checking, then it's almost certainly not worth the risk of visiting a site you're not familiar with.
I'm actually quite interested in additional techniques readers are using to identify or avoid good or bad sites on the internet. Feel free to leave a comment with what you do to stay safe.
Related:
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
Why am I getting warnings from your newsletter and site links? A recent newsletter surfaced warnings from a couple of security services. As a result, we'll look at what false positives are, and what to do.
Article C3898 - October 11, 2009
How about AVG Link scanner in AVG Internet Security Suite. I have been using for some years with good result.
14-Oct-2009
FYI, finjan can be added to your list. Not a complete answer, as you identify wot and Site adviser >>at leat one more seemingly safe source.
My Best diligent
Posted by: diligentinquirer at October 13, 2009 5:09 PMIf you are on a secure site, simply click on the padlock in the address bar (depending on your browser, this might need a double-click or right-click). You will see to whom the security certificate was given. While phishers may fake a website, the verisign security certificate is a pretty safe indication of the authenticity of a web site.
Posted by: Bernice at October 13, 2009 10:22 PMYes, the AVG Link Scanner does provide a means of vetting website links and so offers a possible solution. However, I agree 100% with Leo when he says "I've experienced and also had several reports of this feature seriously impacting browser performance. I recommend turning it off immediately. In fact, I recommend turning off any browser intrusive or email intrusive features on any anti-malware program at the first sign of problems". Only last night I turned off these features on a friend's computer which then became appreciably faster and more responsive.
Posted by: Bernard Winchester at October 14, 2009 1:42 AMExperience and being wary of downloads are the best defence.
I use Site Advisor and find it to be very helpful. Another useful tool is Verification Engine, by Comodo, which does not recommend websites, but does verify that you have reached the website that you want to go to, and have not been misdirected to a fake website. This free utility is especially good for verifying that you are connected to your real banking or credit card websites. A great security enhancement, and a very small download. You can get it at www.comodo.com.
Posted by: Terry at October 14, 2009 9:42 AMI use Firefox and the "InterClue" addon to preview pages. So far, it's work extremely well to avoid such problems.
Posted by: Lewis at October 14, 2009 6:23 PMFYI - Web Of Trust reports that the covertsurfer.com site has a "Poor" rating. Check here for more info:
http://www.mywot.com/en/scorecard/covertsurfer.com
Posted by: Bill Ring at October 17, 2009 6:23 AMThere's an article in Windows Secrets seeming to extol a free program that should accomplish what we are looking for: http://windowssecrets.com/2009/07/09/02-Use-OpenDNS-to-surf-safely-with-these-tricks
Posted by: Felixamat at October 19, 2009 11:51 AMLeo, another tool for identifying "bad" web sites (but only for IE users at present) is Browser Defender, which is very visible, and does things similar to WOT and Site Advisor. Link-Extend http://www.linkextend.com/ is another one. One of the nice things about Link Extend is that it includes any detections by Site Advisor, WOT, Browser Defender, Web Security Guard, Norton Status, Complete status and Google Safe browsing all in one toolbar package. It is only available as far as i know as a Firefox addp-on and is available for FF 3.5. It also gives indicators in Google search to avoid visiting bad sites. My only problem with it is that if you are on a site and want to know the status, you have to click the safety, kidsafe or ethics buttons. There are no alerts. The kidsafe and ethics tools also include ratings from a few browser safety vendors. It also has a number of other features not security related.
Posted by: howiem at October 20, 2009 6:51 AMI got a lot of false positives with the McAfee site advisor. I uninstalled it and use the Norton one now.
Posted by: whs at October 22, 2009 4:13 PM