Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

5% of All Web Traffic Unsafe

Posted by ScuttleMonkey on Sat Mar 04, 2006 11:27 PM
from the conservative-estimates dept.
Security The Internet
OnFour writes "The MIT-backed startup behind SiteAdvisor has slapped a red "X" warning label on approximately 5 percent of all Web traffic and warned that there are roughly one billion monthly visits to Web pages that aren't safe for surfing. About 2 percent of all Web traffic was given the "yellow" caution rating." A more general SiteAdvisor blog entry overview was covered earlier on Slashdot.
+ -
story

Related Stories

[+] Developers: MIT Startup Tests Top Million Sites for Spyware 243 comments
torrentami writes "An MIT startup called SiteAdvisor has downloaded over 100,000 programs from the top million Web sites and tested them for adware and spyware using an automated system they've built. They've got a blog entry where they dissect 5 of the worst adware bundles they found. There is some amazingly invasive stuff in there."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

5% of All Web Traffic Unsafe 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Ack, worst link ever to click (Score:4, Funny)

    by Mr Krinkle (112489) on Saturday March 04 2006, @11:31PM (#14852369) Homepage
    "roughly one billion monthly visits to Web pages "
    OK, and the "one billion monthly visits" is clickable?
    Dear god does anyone else think that is the epitomy of where you could actually post tubgirl or worse and have it not only be on topic, but insightful? :(
    ermm
    crap, I think I just justified tubgirl as insightful or interesting.
    I quit.
    (and no, there are NO LINKS in this comment, if for no other reason than I might end up drunk and click on one of them)

  • 5% not safe (Score:3, Funny)

    by Lehk228 (705449) on Saturday March 04 2006, @11:33PM (#14852375) Journal
    and 50% of web surfing is not safe for work.

  • What do they mean by safe? (Score:3, Insightful)

    by Slithe (894946) on Saturday March 04 2006, @11:35PM (#14852382) Homepage Journal
    Do they just mean safe for IE. At least, that is what I gather from TFA. Who cares? Just use Firefox, Mozilla, Opera, or Lynx.

  • Unsafe to whom? (Score:3, Interesting)

    by Penguinoflight (517245) on Saturday March 04 2006, @11:38PM (#14852395) Homepage Journal
    It is critical to understand what component is actually unsafe before any action can be taken to counter it. Likely of the 5% of "unsafe" internet traffic, 4% of it is from a perspective of sites that are not safe for MSIE. Of course there is no reason for any traffic to go to a "unsafe" site, as they do not have good content. OTOH, I could probably get away with saying that 20% of the web is useless, and not get a counter argument.

    This study really only shows that most web users do not think about their safety; We already knew that considering they are using MSIE.

    • Re:Unsafe to whom? (Score:4, Insightful)

      by BCW2 (168187) on Sunday March 05 2006, @12:31AM (#14852530) Journal
      That's what I try to teach my customers. I install Firefox on all boxes that don't use AOhell, and try to get those to use a real ISP. I inform them that all pop-ups are evil and if you click on one you will get spyware! I also explain that all toolbars are a wast of resources, and every one (except yawhore, and googoo) are spyware. There may be others that are acceptable but I don't care or have time to check (I'm a tech in a white box store and spend 85% + of my time cleaning crapware off of boxes). I also tell them to avoid all banners with all the flashing or strobe type colors that are just annoying, since most of them lead to crap sites anyway. Yes these are almost draconian measures, but they work.

      The cool thing? Most of my customers are learning, I only seem to be getting about 10% coming back for a repeat cleanup, a year ago it was over 30%.
      • You could offer them a hosts file that'd block most that garbage. But that'd take money away from your business. Your dialup customers would love you for it though. The hosts file on my firewall/router/fileserver has 10148 lines in it now (I can send it to you if you'd like). That many somestimes makes a windows box crap itself unfortunately.

  • Security company says the internet is unsafe (Score:3, Insightful)

    by putko (753330) on Saturday March 04 2006, @11:42PM (#14852402) Homepage Journal
    Although this is likely true, is it really news to anyone? I'm not at all surprised that so much traffic is bad in some way: bad traffic pays.

    A more interesting question is why people continue to ignore security -- could it perhaps be that security just isn't that important to anyone?

    It seems that people only get upset when their bankaccount gets drained. Until then, WHATEVERRRRRR.

    • A more interesting question is why people continue to ignore security -- could it perhaps be that security just isn't that important to anyone?

      Security is

      1. Expensive
      2. Hard
      3. Both

      And when I say hard, I mean 'mentally challenging'

      I'm reminded of the Army study that came out & one of their conclusions was that smarter soldiers do better at pretty much everything.

      You can teach the average person the basics of computer security... the troubles start when they have to apply them. God help 'em if they run into a sit

  • A point to remember (Score:5, Informative)

    by techno-vampire (666512) on Saturday March 04 2006, @11:43PM (#14852409) Homepage
    Site Advisor is in the business of finding dangerous sites, warning you of them and possibly blocking them. It's in their best interest to call as many sites as possible unsafe, on the thinnest excuse. It's the same thing as how some anti-virus companies count every variant of a known virus as a new one, to make the number they can detect/remove as high as they can.

    For that matter, it's like the people feeding mega-doses of different things to lab rats that have been bred to be suseptable to cancer, then announcing that Yet Another Chemical Causes Cancer. You never hear about things that they couldn't manage to "prove" a carcinogen, any more than you're ever told that there's no evidence their rat experiments are relevant to humans. Sorry about the bit of a rant, there, but I do think those "researchers" need to be taken down a peg and forced to demonstrate a relationship between what they're doing and what happens in a human being.

  • so now we'll see (Score:3, Funny)

    by sulli (195030) * on Saturday March 04 2006, @11:47PM (#14852418) Journal
    "Safe 95% Of All Web Sites" logos [naples.net] on people's homepages?
    • And the continuation link http://www.bottom95.com/ [bottom95.com] takes you to an "Appliance" page.

      For fun, try this: http://yahoosucks.com/ [yahoosucks.com] Its a "Search the Web" site. "yahoosucks.com What you need, when you need it" Yes, the site says that!

      Then follow the "Yahoo Sucks" [domainsponsor.com] link which is hidden away in a frame.

      Of course, you can buy "Yahoo Sucks" on eBay. But further down the list of useful links there is Find yahoo sucks [upspiral.com] link which exclaims, "Your relevant result is a click away!" So click on it, and you will end up h [upspiral.com]

  • site blocking predicted (Score:4, Interesting)

    by Russ Nelson (33911) on Saturday March 04 2006, @11:50PM (#14852426) Homepage
    Many years ago on the com-priv mailing list, I posted a message "announcing" the creation of a company which would sit on your network, watching the sites that your users visited. When a "bad" site was visited, it would forge a TCP RST to close down the connection. Various categories of badness were proposed, with varying fees. I thought "This is an idea too stupid for words, so I'll put it into words so everyone can see how stupid it is." Well, I had several parties contact me for availability and pricing, because they WANTED to censor their users' browsing. I was so naive.
    -russ

    • Re:site blocking predicted (Score:5, Funny)

      by geminidomino (614729) * on Sunday March 05 2006, @12:35AM (#14852540) Homepage Journal
      You fucker! From your idea was born that which is so evil, the demons of hell (Blocked: Occult) tremble; so soulless that Paris Hilton(Blocked: Entertainment) seems a better use of oxygen. So cruel and unforgiving that John McCain(Blocked: Politics) would speak out agaisnt it!

      Fellow Slashdotters! May God(Blocked: Traditional Religions) have mercy on his soul! We have found he who has spawned the unholy beast that is Websense(Access Granted)!

  • Obvious solution (Score:2, Funny)

    by Anonymous Coward
    Set the evil bit [faqs.org] on such traffic, so that it may be filtered out via firewalls.

  • I think they're over-reaching (Score:5, Insightful)

    by 4e617474 (945414) on Sunday March 05 2006, @12:04AM (#14852455)
    It took them a year to do a million websites. They're taking the software downloads the sites offer and scanning them. With the shell game of staying ahead of the malware definitions, the period of time in which a site's evaluation is out of date, etc. you're going to have some obsolete data. Not that that in and of itself is vastly different from any other security measure, but really try to put yourself in j6p's shoes:

    You go to a site. Ten minutes ago, the site you were on was issued a green checkmark, five minutes ago the bad guys running the site swapped out the good files for the bad, and you get an Active X popup (I said you're j6p!!). You can't trust the green checkmark. You go to a site that has a message board where some a-hole posted a link to malware, triggering a red X. They've caught it, banned him, pulled the link, and gotten the green checkmark back. But you saw the red X; and the person who's going to rip you a new one if he has to spend his weekend de-fouling your PC again told you that the red X should be a skull and crossbones and to stay the hell away from any site where you ever saw one. Now you don't know what to make of the red X.

    What about a site that hasn't been scanned yet? Or whose updates have been detected but not audited? A question mark? Nothing? How long until it's just another thing the average user doesn't pay attention to? You can't have an up-to-the-millisecond read on the entire web, and you don't have any margin of error where your security mechanism is the end user knowing what to think.

  • Five percent dangerous traffic. (Score:5, Insightful)

    by corngrower (738661) on Sunday March 05 2006, @12:20AM (#14852500) Journal
    That's about the same percentage of dangerous traffic that's on the road on Friday and Saturday nights.
  • This is a great initiative to help user surfing the (insecure) webb today, I have a lot of examples of users that only click "Yes" on every website that asks to install something because if you don't do that you can't see the pr0n. Someone known anothers projects like this or this is the first?
  • 5% of all security advisories cause ophthalmitis [answers.com].

  • define "safe" (Score:5, Insightful)

    by fermion (181285) on Sunday March 05 2006, @01:05AM (#14852601) Homepage Journal
    Much of the internet is unsafe to some degree. For instance, I don't let the students use the production computer because they will invariably go to yahoo, which will install the toolbar, and then magically a few more things get installed. None of this is exactly evil, but since this is an older fragile windows machine, the uptime is already measured in hours, even without the added junk. To be sure, it is easy enough to uninstall the toolbar, and Adaware or spybot takes care of the rest, but the issue still stands.

    In reality, for the unsuspecting user, there is hardly a site that is safe. Almost every site uses tracking cookies that violates the original security model that only an original site will acess data about the sesion. If the 12o7 cookie exists at amazon and the fly-by-night-shady-blogger, one must assume that the safety of your amazom stored credit card informaiton is compromised. The yahoo or google toolbar should be safe, but it is now suspected that the google toolbar is collecting personal web traffic, and gathering information that might be corporate sensitive. The 5% number might represent the truly malignant websites, but those are not the problem. As in nature, the truely malignant parasites will have a hard time surviving, as many will kill the host before they spread. It is the subtle parasites, the other 95%, that will continue to cause problems if we do not educate users to wash thier hands and avoid unprotected sex. In other words, do not accept all cookies and do not faoll for a horse or a rabbit, no matte how pretty it might look.

          • Re:define "safe" (Score:5, Informative)

            by h4rm0ny (722443) <.h4rm0ny. .at. .tarddell.net.> on Sunday March 05 2006, @08:43AM (#14853383) Journal

            Ah, thank-you very much! I'd never guessed that it was in Firefox itself. It seems that Mozilla builds default to pre-fetching whatever a website tells them to, and that Google tells it to pre-fetch the top link.

            Seeing as I don't like my browser silently downloading websites that I may not have visited (let alone setting cookies), I've disabled this. For anyone who is interested, enter about:config in the address bar, and set network.prefetch-next to false.

  • no way... (Score:3, Funny)

    by Bombula (670389) on Sunday March 05 2006, @01:19AM (#14852631)
    5 percent? No way. Porn accounts for way more than 5 percent of internet traffic...

  • Fun with their analysis graphs (Score:3, Insightful)

    by MonkeyBoyo (630427) on Sunday March 05 2006, @01:26AM (#14852642)
    If you look at their site analysis, you can cruise porn sites without visiting them. E.g.
    http://www.siteadvisor.com/sites/dirtyplumpers.com /summary/ [siteadvisor.com]
    Scroll to where it shows the graph of connected sites. Those sites are clickable to get their analysis, so you can iterate this process.

    First I'm amazed at how many of these sites are listed as having "many users".

    Second, the only reason I've seen so far for branding a site red is that if you give them your email address they will send you spam.

  • Way out of date (Score:4, Interesting)

    by harlows_monkeys (106428) on Sunday March 05 2006, @02:06AM (#14852743) Homepage
    They are using PestPatrol's database, from way before CA bought PestPatrol. It's woefully inaccurate and out of date. SiteAdvisor is an interesting idea, but worthless in its current form.

  • Here is what I use (Score:4, Interesting)

    by hairyfeet (841228) <[bassbeast1968] [at] [gmail.com]> on Sunday March 05 2006, @03:35AM (#14852892)
    This is great for those folks that refuse to give up Internet Exploiter(TM)(Like my Mom,Unfortunatly) Or click yes to everything--http://www.webattack.com/get/sandboxie .html [webattack.com] Basically I just install all their browsers into the sandbox then when they bring it back to be cleaned I can just delete the sandbox folder after backing up their bookmarks.It really does help with the ActiveX/Toolbar style crap that so many people fall for.

  • Good idea, but pointless (Score:3, Insightful)

    by Opportunist (166417) on Sunday March 05 2006, @08:46AM (#14853389)
    The idea is great. Warn users about content that's unsafe. Sounds good, doesn't it? You don't have to be an IT-security expert to discriminate between "good" and "bad" webpages. So far, so good.

    The fallacy starts with the question "who'll install it?". Well, who will? You will. I will. Everyone who knows about the problem will. But those who need it most won't. They don't even know that problem exists! So unless you manage to get this item into the fold of Microsoft's standard software, the tool will not make it onto the computer of those who need it worst.

    But, against all odds, let's assume the tool gets to our unclued user's computer. Then he'll go to a website offering him a screensaver and the plugin will spew "WARNING!" all over the screen.

    Warning?
    Why?
    A screensaver?

    Must be an error. After all, what's dangerous about a harmless screensaver that shows me some cute and cuddly kitty pics? It's not that dreaded sex stuff that they warn me about on TV.

    The whole deal is that people are just too friggin' CLUELESS to be left alone in the 'net. They're a danger to themselves and to others. Either get them off the 'net (ok, ok, I may dream... won't happen simply 'cause ISPs would run amok if they didn't have their comfortable low-bandwidth using users, not to mention the billion pages trying to sell you junk that we get (legally) for free), or educate them!

    There is no technical solution for social problems!
    • I have a brother who is marred and has 2 kids between the ages of 12 and 15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics...

      Wow, wouldn't it be great if some OS allowed people to give their kids accounts with limited rights? You know so they couldn't screw up an entire install? I don't mean like what BSD, Linux or Mac can do.

      Oh wait, yes I do.
      • Wow, wouldn't it be great if some OS allowed people to give their kids accounts with limited rights? You know so they couldn't screw up an entire install? I don't mean like what BSD, Linux or Mac can do.

        Oh wait, yes I do.

        Yes, and how does one "kill" a computer? The worst that you can do is corrupt your OS and force a reinstall. The grandparent post sounds like blatant astroturfing for SiteAdvisor.

        In fact, the whole story does.

        Are they hoping to make money off of hyping "unsafe websites" like Norto

    • Re:A tad misleading, but SiteAdvisor is still grea (Score:5, Informative)

      by Tezkah (771144) on Sunday March 05 2006, @03:51AM (#14852917)
      I have a brother who is marred and has 2 kids between the ages of 12 and 15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics. That was on a Windows 98 machine which, as hard as I tried, simply could not secure or revive from all of the trojan horses and malware that had infected it.
        Wayne_Knight (958917)

      this sounds familiar...
      from here [slashdot.org]:
      I have a brother who is marred and has 2 kids between the ages of 12-15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics. That was on a Win98 SP2 machine which, as hard as I tried, I simply could not secure or revive from all of the trojans and malware that had infected it.
      tokengeekgrrl (105602)

      I am calling astroturf on these shens.

      1. Get story posted on slashdot
      2. ???
      3. Profit!!!

      step 2? Its actually post a dupe of the story and astroturf the comments section.
    • agreed, let's give up on statistics all-together. Anecdotal evidence is evidence enough for me. I coudda got through college quicker without all those stats classes anyway. Hey, could you pass me that revolver? What do you call this game - Russian roo-lett? Seems awfully dull to me, I just seen you five gents pointn' n' clickin' just like thiiiiiiiiiiiiiiiiiiii

    • Re:Job Application? (Score:2, Insightful)

      by Anonymous Coward
      A lot of companies require a college degree, even when the degree has nothing to do with the position posted. My wife's company, for example, will hire someone with a music degree for an analyst position, or someone with a sports management degree as an IT administrator, but absolutely will not hire someone without a college degree.

      Why do companies do this? Simple. They believe, rightly, that a college degree is a sign that a person will put themself through hell and beaurocratic bullshit to get what (de
    • I find it fairly ironic that the article is on eweek -- which according to SiteAdvisor is "kind of spammy"
      After entering our e-mail address on this site we received 3.2 e-mails per week. They were somewhat spammy. We also had difficuly unsubscribing.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.