V
Virus Guy
What I don't understand is why can't the maliciousness of html content
be analyzed (and blocked) in real time, after the content is
downloaded but before it is handed off to the browser to be rendered?
The method described below would have to entail additional bandwidth
load and latency in rendering search-page results as the individual
URL's are checked and rated (unless the database of known-bad URL's
are stored locally and updated periodically?)
The service described below seems to be tied into the search-page
results of the major search engines.
One wonders why the search engines don't perform their own
content-analysis and throw up their own rating as part of displaying
search results - or go a step further and allow a user to set a
check-box to automatically filter-out results from known-bad domains
or URL's (unless they fear liability issues - or media blow-back if
they erroneously ID a bad URL).
I guess it's only a matter of time until SiteAdvisor is bought by
Google and they tinker with incorporating it into their own search
engine.
---------------------
http://www.linuxpipeline.com/showArticle.jhtml?articleId=181500400
March 01, 2006
Browser Plug-in Warns Of Surfing Risks Before Clicking
By Gregg Keizer Courtesy of TechWeb News
A company founded by several MIT engineers launched free Internet
Explorer and Firefox plug-ins Wednesday that reveal dangerous Web
sites listed by popular search engines.
With the plug-ins installed, users see green, yellow, or red tags
beside hits in search results on Google, MSN, and Yahoo, said
Boston-based SiteAdvisor. The tags -- red represents sites that
heavily spam visitors, host spyware and adware, or hijack browser home
pages -- give users a heads-up before they click on a link.
"We believe consumers want to know, in plain English: 'If I download
this program, will it come with adware?' Or, 'if I sign up here, how
much and what kind of e-mail will I receive?'" said chief executive
Chris Dixon. "SiteAdvisor zeros in on the moment of decision, when
users are about to interact with a dangerous site. We can tell them:
'We've been here before, and here's what happened to us.'"
The company's ratings were with the help of automated Web spiders,
which crawled the millions of sites that represent more than 95
percent of the Internet's total traffic. Nearly half a million
downloads were analyzed for spyware and other malicious code, and 1.3
million registrations were logged using unique e-mail address to track
spam from each site source.
Users need a proactive approach to security, said Dixon, because of
the shift in attackers' strategies, from technical assaults such as
viruses and worms to for-profit attacks such as adware, spyware, spam,
and phishing.
Traditional security software "leaves a big hole in consumers' Web
safety armor because they don't know what's safe to click in the first
place," Dixon added. "We focus on the kinds of attacks that other
companies miss, so consumers can browse with confidence and stay safe
and in control online."
Although the plug-ins are free, SiteAdvisor plans to release more
powerful versions that will carry price tags. "In the future, we will
offer paid versions with additional premium features," the company
said.
The plug-ins can be downloaded from here.
http://www.siteadvisor.com/preview/index.html
Additional details on the inner workings of SiteAdvisor, check out the
recent review on InternetWeek.
http://internetweek.cmp.com/handson/181400665
be analyzed (and blocked) in real time, after the content is
downloaded but before it is handed off to the browser to be rendered?
The method described below would have to entail additional bandwidth
load and latency in rendering search-page results as the individual
URL's are checked and rated (unless the database of known-bad URL's
are stored locally and updated periodically?)
The service described below seems to be tied into the search-page
results of the major search engines.
One wonders why the search engines don't perform their own
content-analysis and throw up their own rating as part of displaying
search results - or go a step further and allow a user to set a
check-box to automatically filter-out results from known-bad domains
or URL's (unless they fear liability issues - or media blow-back if
they erroneously ID a bad URL).
I guess it's only a matter of time until SiteAdvisor is bought by
Google and they tinker with incorporating it into their own search
engine.
---------------------
http://www.linuxpipeline.com/showArticle.jhtml?articleId=181500400
March 01, 2006
Browser Plug-in Warns Of Surfing Risks Before Clicking
By Gregg Keizer Courtesy of TechWeb News
A company founded by several MIT engineers launched free Internet
Explorer and Firefox plug-ins Wednesday that reveal dangerous Web
sites listed by popular search engines.
With the plug-ins installed, users see green, yellow, or red tags
beside hits in search results on Google, MSN, and Yahoo, said
Boston-based SiteAdvisor. The tags -- red represents sites that
heavily spam visitors, host spyware and adware, or hijack browser home
pages -- give users a heads-up before they click on a link.
"We believe consumers want to know, in plain English: 'If I download
this program, will it come with adware?' Or, 'if I sign up here, how
much and what kind of e-mail will I receive?'" said chief executive
Chris Dixon. "SiteAdvisor zeros in on the moment of decision, when
users are about to interact with a dangerous site. We can tell them:
'We've been here before, and here's what happened to us.'"
The company's ratings were with the help of automated Web spiders,
which crawled the millions of sites that represent more than 95
percent of the Internet's total traffic. Nearly half a million
downloads were analyzed for spyware and other malicious code, and 1.3
million registrations were logged using unique e-mail address to track
spam from each site source.
Users need a proactive approach to security, said Dixon, because of
the shift in attackers' strategies, from technical assaults such as
viruses and worms to for-profit attacks such as adware, spyware, spam,
and phishing.
Traditional security software "leaves a big hole in consumers' Web
safety armor because they don't know what's safe to click in the first
place," Dixon added. "We focus on the kinds of attacks that other
companies miss, so consumers can browse with confidence and stay safe
and in control online."
Although the plug-ins are free, SiteAdvisor plans to release more
powerful versions that will carry price tags. "In the future, we will
offer paid versions with additional premium features," the company
said.
The plug-ins can be downloaded from here.
http://www.siteadvisor.com/preview/index.html
Additional details on the inner workings of SiteAdvisor, check out the
recent review on InternetWeek.
http://internetweek.cmp.com/handson/181400665