Will SiteAdvisor.com Ban Your Domain?

In the next few weeks, a service that's been methodically testing Web sites for spyware, spam and other problems will launch. Prepare now.
In the next few weeks, a service that's been methodically testing Web sites for spyware, spam, and other problems will be gearing up for a big launch. Does your company's Internet presence measure up to a "good" or a "bad" rating, as determined by this kind of examination?

The service calls itself SiteAdvisor.com. Despite its modest-sounding name, which suggests that its judgments are merely common-sense cautions, I believe SiteAdvisor and similar campaigns will eventually force many questionable Web sites to clean up their acts.

Now -- before the company moves into its full-launch mode -- is the time to check your own site to see whether it passes or fails the test.

And a Bot Shall Lead Them

SiteAdvisor has offered for several months an add-on for the Firefox browser that issues warnings when an untrustworthy site is visited. The company is currently in late beta testing of a similar add-on for Internet Explorer. As soon as the IE plug-in is ready for prime time, I believe many Web users will start hearing about -- and taking advantage of -- SiteAdvisor's ratings of Internet players.

Instead of using only human beings to rate sites, SiteAdvisor has created an army of software robots ("bots") to visit thousands of sites a day. These bots are capable of downloading any executable files that a site offers. Remarkably, the bots then install the programs into a Windows "virtual machine," where the programs are automatically tested for adware, spyware, contacts with remote servers, and other signs of malware.

The bots also submit a unique e-mail address to any signup forms that are found on a site. SiteAdvisor's e-mail server then analyzes how much e-mail is received as a result and how "spammy" it is.

In a telephone interview, SiteAdvisor CEO Chris Dixon explained that his company decided not to show users a potentially confusing point rating for each site, such as 1 to 100. The developers decided as an alternative to rate sites into one of three simple categories:

Red sites have been found to offer software that simultaneously installs adware or spyware. Or the site may generate a ton of spam to any e-mail address that's submitted.

Yellow sites are considered suspicious, but not a risk of outright malware. Users should be wary of sites in this category, although there may be no danger if personal information isn't submitted.

Green sites have been given the "all-clear" signal by SiteAdvisor. Its bots have found no malware or questionable activity associated with the sites.

More than 140,000 downloadable programs have been tested thus far, Dixon says. In addition, he adds, SiteAdvisor's bots have submitted unique e-mail addresses to more than 900,000 registration forms on the Web. The tested pages represent more than 90 percent of the world's Web traffic, the company says.

All this computerized activity has produced a "database of shame" that's unlike any other publicly available listing I know of.

Do You Get a Clean Bill of Health?

The evidence that SiteAdvisor's bots have collected from hundreds of thousands of Web sites is nothing less than astonishing. To demonstrate this, Dixon suggested that I visit SiteAdvisor's analysis page on Galttech.com, a purveyor of software downloads.

Among the many pieces of information SiteAdvisor has accumulated about this site are the following:

Overall rating. The site is rated "red," which SiteAdvisor's analysis page says is because "we found downloads on this site that some people consider adware, spyware, or other unwanted programs."

Spam score. If a site sent a lot of e-mails to SiteAdvisor's dummy address, and the e-mails scored high for "spamminess," this is reported here, too.

Link analysis. The analysis page includes a fascinating chart of other sites that the rated site links to. SiteAdvisor's bots found that Galttech, for example, links to ScreenSaverHeaven.com, which the service says is also a source of downloads that are considered to be adware.

Potentially unwanted programs. SiteAdvisor lists several adware makers whose software is loaded onto a PC when other specific programs are downloaded from Galttech. These include 180Solutions, Global Search, WhenU, and Zango.

Rating of installs. SiteAdvisor's "more detailed analysis" link takes you to a rating page, showing the intrusiveness of each program that's installed from these downloads. In this case, most of the installs are rated 7 out of a possible 10 on SiteAdvisor's "nuisance meter." Anything above 3 is considered a very bad rating.

Changing the Registry and phoning home. When you click the "see download info" link on the analysis page, you're shown an exhaustive listing of changes to the Windows Registry that were made by a particular piece of adware. SiteAdvisor also names on this page all of the remote servers that a piece of adware contacted after installation, presumably to seek instructions or to install even more programs.

All of the above can be overwhelming for anyone to grasp. The amount of detail that SiteAdvisor is making available for free on its site is primarily intended to satisfy other researchers (and poorly rated sites) that plenty of damning evidence has been collected, Dixon says. "Almost all adware programs will talk to their home servers after a delay," he adds. This explains why SiteAdvisor lists all of the servers that installed programs try to communicate with.

End users aren't intended to read SiteAdvisor's analyses of individual sites before visiting them. Instead, SiteAdvisor's add-on button on the IE and Firefox toolbars glows red or yellow to warn users away from risky domains. This is supplemented by a balloon containing an explanation of the rating, with hyperlinks to additional information.

I'd personally prefer that browser users be protected from visiting red sites at all (with configuration options hidden within a menu that can be used to override an individual rating, if need be). Dixon says fine-tuning such as this is on his company's schedule for development.

Keeping Out of Trouble

SiteAdvisor would have the greatest impact on cleaning up the Web if the makers of IE, Firefox, Opera, and other browsers would simply build in SiteAdvisor as a default protection service. Microsoft is sponsoring its own Web research project called HoneyMonkey, but this is focused on detecting browser exploits and not the social-engineering attacks that are being effectively catalogued by SiteAdvisor.

As far as I'm concerned, this kind of defense for Web users can't come too soon. When pressed to give hard numbers, Dixon estimates: "Of the sites we've tested, about 5 percent are red and 5 percent are yellow." That means 90 percent of Web sites are relatively safe to visit. But if 10 percent of the Internet's sites are questionable, this represents a giant threat. Can you imagine if 1 out of 10 bank branches were outright fronts for crooks, or 1 out of 10 hospitals took in patients primarily to steal their organs?

The situation is even worse when you look at the number of visitors the questionable sites attract, rather than the raw count of these sites. When the sites are rated by traffic, Dixon estimates, the red sites represent 9 or 10 percent of the visits, with the yellow sites adding up to another 9 or 10 percent. These sites get more traffic than others, Dixon speculates, because they're profitable and can therefore afford to advertise to attract visitors.

No other legitimate industry allows this level of outright thievery to exist in its midst. It's long past time that sites were routinely tested for malware and rated for integrity. Turning over e-mail addresses to spammers and quietly distributing adware programs are exactly the kinds of offenses that users have the right to know a site is guilty of.

That brings us to your domain. How do you think your site rates?

In this early stage of its development, SiteAdvisor displays no search box on its home page for you to enter your domain name and see your rating. But you can easily type in your Web address -- or that of any other domain -- using the input box that sits atop SiteAdvisor's site map page.

If you find that your domain is mistakenly being rated as verboten, SiteAdvisor provides instructions on its FAQ page on how to request a re-examination. The company says it won't accept money from site operators to change a rating, however.

Even if your site gets a cheery green rating, don't become complacent. If Microsoft, Mozilla, Opera, and other browser makers embrace SiteAdvisor's ratings -- as I believe they should -- questionable practices that creep onto your site could someday cut into your visitor numbers in a big way.

Now's the time for you to eliminate downloads that include any hint of malware. You should also make doubly sure your company's departments aren't sharing any e-mail addresses submitted by customers.

These are good ideas in any case. But they could become essential for your company's survival, once browsers actually start steering visitors away from sites that can't be trusted.

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.