5% of All Web Traffic Unsafe

OnFour writes "The MIT-backed startup behind SiteAdvisor has slapped a red "X" warning label on approximately 5 percent of all Web traffic and warned that there are roughly one billion monthly visits to Web pages that aren't safe for surfing. About 2 percent of all Web traffic was given the "yellow" caution rating." A more general SiteAdvisor blog entry overview was covered earlier on Slashdot.

Ack, worst link ever to click

"roughly one billion monthly visits to Web pages "
OK, and the "one billion monthly visits" is clickable?
Dear god does anyone else think that is the epitomy of where you could actually post tubgirl or worse and have it not only be on topic, but insightful? :(
ermm
crap, I think I just justified tubgirl as insightful or interesting.
I quit.
(and no, there are NO LINKS in this comment, if for no other reason than I might end up drunk and click on one of them)

Re:Ack, worst link ever to click

Looks like it's safe. According to siteadvisor:
http://www.siteadvisor.com/sites/tubgirl.com [siteadvisor.com]

tubgirl.com
[Green]

We tested this site and didn't find any significant problems.

Re:Ack, worst link ever to click

http://goatse.ca/ [goatse.ca]

5% not safe

and 50% of web surfing is not safe for work.

What do they mean by safe?

Do they just mean safe for IE. At least, that is what I gather from TFA. Who cares? Just use Firefox, Mozilla, Opera, or Lynx.

Re:What do they mean by safe?

Firefox won't stop you from deliberately installing software you're too stupid to realize is malware.

Unsafe to whom?

It is critical to understand what component is actually unsafe before any action can be taken to counter it. Likely of the 5% of "unsafe" internet traffic, 4% of it is from a perspective of sites that are not safe for MSIE. Of course there is no reason for any traffic to go to a "unsafe" site, as they do not have good content. OTOH, I could probably get away with saying that 20% of the web is useless, and not get a counter argument.

This study really only shows that most web users do not think about their safety; We already knew that considering they are using MSIE.

Re:Unsafe to whom?

That's what I try to teach my customers. I install Firefox on all boxes that don't use AOhell, and try to get those to use a real ISP. I inform them that all pop-ups are evil and if you click on one you will get spyware! I also explain that all toolbars are a wast of resources, and every one (except yawhore, and googoo) are spyware. There may be others that are acceptable but I don't care or have time to check (I'm a tech in a white box store and spend 85% + of my time cleaning crapware off of boxes). I also tell them to avoid all banners with all the flashing or strobe type colors that are just annoying, since most of them lead to crap sites anyway. Yes these are almost draconian measures, but they work.

The cool thing? Most of my customers are learning, I only seem to be getting about 10% coming back for a repeat cleanup, a year ago it was over 30%.

Security company says the internet is unsafe

Although this is likely true, is it really news to anyone? I'm not at all surprised that so much traffic is bad in some way: bad traffic pays.

A more interesting question is why people continue to ignore security -- could it perhaps be that security just isn't that important to anyone?

It seems that people only get upset when their bankaccount gets drained. Until then, WHATEVERRRRRR.

A point to remember

Site Advisor is in the business of finding dangerous sites, warning you of them and possibly blocking them. It's in their best interest to call as many sites as possible unsafe, on the thinnest excuse. It's the same thing as how some anti-virus companies count every variant of a known virus as a new one, to make the number they can detect/remove as high as they can.

For that matter, it's like the people feeding mega-doses of different things to lab rats that have been bred to be suseptable to cancer, then announcing that Yet Another Chemical Causes Cancer. You never hear about things that they couldn't manage to "prove" a carcinogen, any more than you're ever told that there's no evidence their rat experiments are relevant to humans. Sorry about the bit of a rant, there, but I do think those "researchers" need to be taken down a peg and forced to demonstrate a relationship between what they're doing and what happens in a human being.

105% of all statistics you see are fake

Honestly. Why do people believe any statistics dished out nowadays?

so now we'll see

"Safe 95% Of All Web Sites" logos [naples.net] on people's homepages?

site blocking predicted

Many years ago on the com-priv mailing list, I posted a message "announcing" the creation of a company which would sit on your network, watching the sites that your users visited. When a "bad" site was visited, it would forge a TCP RST to close down the connection. Various categories of badness were proposed, with varying fees. I thought "This is an idea too stupid for words, so I'll put it into words so everyone can see how stupid it is." Well, I had several parties contact me for availability and pricing, because they WANTED to censor their users' browsing. I was so naive.
-russ

Re:site blocking predicted

You fucker! From your idea was born that which is so evil, the demons of hell (Blocked: Occult) tremble; so soulless that Paris Hilton(Blocked: Entertainment) seems a better use of oxygen. So cruel and unforgiving that John McCain(Blocked: Politics) would speak out agaisnt it!

Fellow Slashdotters! May God(Blocked: Traditional Religions) have mercy on his soul! We have found he who has spawned the unholy beast that is Websense(Access Granted)!

Obvious solution

Set the evil bit [faqs.org] on such traffic, so that it may be filtered out via firewalls.

I think they're over-reaching

It took them a year to do a million websites. They're taking the software downloads the sites offer and scanning them. With the shell game of staying ahead of the malware definitions, the period of time in which a site's evaluation is out of date, etc. you're going to have some obsolete data. Not that that in and of itself is vastly different from any other security measure, but really try to put yourself in j6p's shoes:

You go to a site. Ten minutes ago, the site you were on was issued a green checkmark, five minutes ago the bad guys running the site swapped out the good files for the bad, and you get an Active X popup (I said you're j6p!!). You can't trust the green checkmark. You go to a site that has a message board where some a-hole posted a link to malware, triggering a red X. They've caught it, banned him, pulled the link, and gotten the green checkmark back. But you saw the red X; and the person who's going to rip you a new one if he has to spend his weekend de-fouling your PC again told you that the red X should be a skull and crossbones and to stay the hell away from any site where you ever saw one. Now you don't know what to make of the red X.

What about a site that hasn't been scanned yet? Or whose updates have been detected but not audited? A question mark? Nothing? How long until it's just another thing the average user doesn't pay attention to? You can't have an up-to-the-millisecond read on the entire web, and you don't have any margin of error where your security mechanism is the end user knowing what to think.

Minority.

5% constitutes as a minority, and not following the crowd is cool. So, if I put a boob ob my website, can I be cool by not following the crowd?

Five percent dangerous traffic.

That's about the same percentage of dangerous traffic that's on the road on Friday and Saturday nights.

Helping user

This is a great initiative to help user surfing the (insecure) webb today, I have a lot of examples of users that only click "Yes" on every website that asks to install something because if you don't do that you can't see the pr0n. Someone known anothers projects like this or this is the first?

5% of all security advisories

5% of all security advisories cause ophthalmitis [answers.com].

What I do...

I didn't know it was as high as 5%, but that's one reason why I disable a lot of scripting by default and enable on a per site basis.

Astalavista, baby

http://www.siteadvisor.com/lookup/?q=www.astalavis ta.box.sk [siteadvisor.com]
Results 0 - 0 of 0 total results for www.astalavista.box.sk.

Seniors need this

I'm not being condescending in any way. Many people have gotten their parents online and inevitably they download games like bridge etc. and compound that with the grandkids coming over and installing their crapware and you now have a part time job as their I.T. department. This might at least help turn it into seasona (Xmas) employment only

Never say web surfing is safe.

The last thing we need is people thinking they've got the odds on their side.

define "safe"

Much of the internet is unsafe to some degree. For instance, I don't let the students use the production computer because they will invariably go to yahoo, which will install the toolbar, and then magically a few more things get installed. None of this is exactly evil, but since this is an older fragile windows machine, the uptime is already measured in hours, even without the added junk. To be sure, it is easy enough to uninstall the toolbar, and Adaware or spybot takes care of the rest, but the issue still stands.

In reality, for the unsuspecting user, there is hardly a site that is safe. Almost every site uses tracking cookies that violates the original security model that only an original site will acess data about the sesion. If the 12o7 cookie exists at amazon and the fly-by-night-shady-blogger, one must assume that the safety of your amazom stored credit card informaiton is compromised. The yahoo or google toolbar should be safe, but it is now suspected that the google toolbar is collecting personal web traffic, and gathering information that might be corporate sensitive. The 5% number might represent the truly malignant websites, but those are not the problem. As in nature, the truely malignant parasites will have a hard time surviving, as many will kill the host before they spread. It is the subtle parasites, the other 95%, that will continue to cause problems if we do not educate users to wash thier hands and avoid unprotected sex. In other words, do not accept all cookies and do not faoll for a horse or a rabbit, no matte how pretty it might look.

Re:define "safe"

Ah, thank-you very much! I'd never guessed that it was in Firefox itself. It seems that Mozilla builds default to pre-fetching whatever a website tells them to, and that Google tells it to pre-fetch the top link.

Seeing as I don't like my browser silently downloading websites that I may not have visited (let alone setting cookies), I've disabled this. For anyone who is interested, enter about:config in the address bar, and set network.prefetch-next to false.

no way...

5 percent? No way. Porn accounts for way more than 5 percent of internet traffic...

Fun with their analysis graphs

If you look at their site analysis, you can cruise porn sites without visiting them. E.g.
http://www.siteadvisor.com/sites/dirtyplumpers.com /summary/ [siteadvisor.com]
Scroll to where it shows the graph of connected sites. Those sites are clickable to get their analysis, so you can iterate this process.

First I'm amazed at how many of these sites are listed as having "many users".

Second, the only reason I've seen so far for branding a site red is that if you give them your email address they will send you spam.

We can whine and piss and moan

But the truth is.. MS, and other content providers are trying to make pc's as easy to operate as a television with as little control over the content as we have over TV now. I don't care if your MS or linux or a mozilla browser user.. you have wizards upon wizards and people never have to learn anything to use the internet "have you installed Acrobat reader in Windows lately? How about yahoo toolbar, how about our photocrap suite ooobie doobie shizzle just click next". It's all about getting you hooked up to the pipe and feeding you this and that "It used to be we'd have to have some documentation in some cases actual books to use and install our programs" While a good bit of you myself included may have a clue about the internet. Computers will never be built to our skillset again "they once were to a point" Everytime I install a new program it's giving me less and less control over what I do. AVG JOE USER likes this and prays that all software is so easy and forgiving."never mind that it just put in 400,000 registry links that somehow the uninstaller will miss later" So when AJU pops into crax.fat.happy.vir.org and gets some crap popping up to install he's like sure thats fine okie dokey CLICK! We're not the target of this crap.. mom/pop/uncle joe/ is the target because they don't have to know sh!t about using a pc because they just turn it on and it works. "ala TV" I've got people at work who've thrown out 2.8ghz pc's and bought new ones because they were too slow. This isn't their fault This is because they were told how easy the internet is and just click yes if you need a plugin etc. They've either been told by a friend to go ahead or told by a relative who's the infamous son in law that knows alot about computers that it was ok. It will never get any better until MS or some other content provider type controls everything you see and do on the internet. That or we require a certain amount of training before any user gets on the net. "we need a sandbox internet for training them hehe" All you need to watch TV is a TV.. all you need for the internet is a computer.. simple right? Lets make a rule that all advertisement related to Computers explicitly state these devices are for technically knowledgeable persons and should not be bought frivously to just put up a myspace page for little suzie. Alas.. that will never happen and big biz will continue to program to people without a lick of intelligence and slashdot will be here to cry and whine and piss and moan about the lack of control we have or laugh at the peons who can't seem to keep the spyware off their machines. /end rant/reply hehe.

In other news...

"The MIT-backed startup behind SiteAdvisor has slapped a red "X" warning label on approximately 5 percent of all Web traffic"

In other news, MADP* slapped a red "XXX" warning label on approximately 50 percent of all Web traffic.

*Mothers Against Downloading Pr0n

Useful tool for me, too

I took a look at SiteAdvisor and I actually think it'll be useful for me, as an experienced user, as well, surprisingly. I don't think I'll have much use for the red X junk, I know not to install random crap on my computer, but their analysis of downloads could be quite useful. You can pull up the list of all the modifications a program makes to your system, even for green files. If you ever wanted to know exactly what registry keys Google Desktop adds, for instance, you can just look it up [siteadvisor.com].

Way out of date

They are using PestPatrol's database, from way before CA bought PestPatrol. It's woefully inaccurate and out of date. SiteAdvisor is an interesting idea, but worthless in its current form.

SiteAdvisor isn't that accurate

I work in a company that SiteAdvisor marked with big red "X" and I question the analysis by SiteAdvisor. For example, the SiteAdvisor claims that our site was spamming. Last time I checked, our site doesn't even take any "and I mean ANY" user info except whatever is being logged in Apache (click, hit, IP for organic traffic count). We even have corporate policy and network operation policy against sending out any smtp traffic from any of our machines without explicit end user consent (there used to be two "share with friend" and "contact support/webmaster" mailer code snippet). Matter of fact, long time ago, few smartass users found a hack for that mailer function and started to spam us and other people randomly, and since we found out, we alerted programmers and completely removed the mailer code snippet. And that was long ass time ago and no longer exists.

The funny part is that our site database doesn't even collect email address. So where does this spam comment comes from is just beyond me. Some comments even included virus and spyware!? I mean, wtf? The widgets and software are scanned twice with two different AVs and phones home for updates like RSS feed and software updates for bug fixes. How in the world does that constitute virus and spyware??? SiteAdvisor even put our site in one of their ads as "dangerous" site.

The way it looks, that 5% doesn't even sound that credible to me at this point. If you can't even get one site analysis correct, rest of their analysis would just as well be inaccurate. FYI, SiteAdvisor marked Yahoo! as safe. Some how that's funny to me in this regard.

Another way of checking...

... is to filter for the Evil Bit [faqs.org].

Here is what I use

This is great for those folks that refuse to give up Internet Exploiter(TM)(Like my Mom,Unfortunatly) Or click yes to everything--http://www.webattack.com/get/sandboxie .html [webattack.com] Basically I just install all their browsers into the sandbox then when they bring it back to be cleaned I can just delete the sandbox folder after backing up their bookmarks.It really does help with the ActiveX/Toolbar style crap that so many people fall for.

Can't be that great

They green-flagged a major malware [siteadvisor.com] site. ;)

Yeah, I've heard of those web sights.

I once knew this guy who went to this one sight on the interscope or whatever its called and what do you know but a big fat dwarf came out of his cdrom drive and kicked him in the nuts! Theres another sight where an elf drives to his chateau and slaps you with shoes its really something you should see it some time. (BTW elf has hideous crooked nose you know I saw his face for real.)

Anyway you have to be careful when you surf the intrawebs now so serious. latezzz

Good idea, but pointless

The idea is great. Warn users about content that's unsafe. Sounds good, doesn't it? You don't have to be an IT-security expert to discriminate between "good" and "bad" webpages. So far, so good.

The fallacy starts with the question "who'll install it?". Well, who will? You will. I will. Everyone who knows about the problem will. But those who need it most won't. They don't even know that problem exists! So unless you manage to get this item into the fold of Microsoft's standard software, the tool will not make it onto the computer of those who need it worst.

But, against all odds, let's assume the tool gets to our unclued user's computer. Then he'll go to a website offering him a screensaver and the plugin will spew "WARNING!" all over the screen.

Warning?
Why?
A screensaver?

Must be an error. After all, what's dangerous about a harmless screensaver that shows me some cute and cuddly kitty pics? It's not that dreaded sex stuff that they warn me about on TV.

The whole deal is that people are just too friggin' CLUELESS to be left alone in the 'net. They're a danger to themselves and to others. Either get them off the 'net (ok, ok, I may dream... won't happen simply 'cause ISPs would run amok if they didn't have their comfortable low-bandwidth using users, not to mention the billion pages trying to sell you junk that we get (legally) for free), or educate them!

There is no technical solution for social problems!

On my wishlist...

A DNS project that has a "blacklist" ...but that opens a whole 'nuther can o worms...

American Jibberish

HAHAHA, Like someone can actually decide what is safe on the internet and what isn't. The uhh... level yellow B.S. made me really laugh. This, in a most American sense is what we call ,'an opinion poll', which has, to their apperant misfortune, been lobbied by the staff responsible for this rediculous blunder. If opinions are worth anything it is of an equal worth. So to this funny bit of stupidity from one of the most intelligent centers of the collegiate architecture I say ,'Pfffffft!' Best regards, Jerid

Big Red X

Surely this [xerox.com] is the Big Red X...

Malware delivery, Virus delivery, POP UP traps

The 5% they are talking about is virus/malware delivery, sites etc. I don't think anyone is ignorant enough to consider a porn site as unsafe unless you are in the heart of Bible country where 90% of the people are just plain idiots. Somehow this became a discussion of morality and porn and really it is more a discussion of malware delivery. There is no debate that malware and virus sites are unsafe so drop it. While we are on the discussion, no scientific study has ever proven porn can harm kids. The people that think this, will cover their kids eyes when 2 dogs are copulating, which I think is more against any God than just letting the kids see the dogs copulating and explaining to them that this is the process that causes baby dogs to be born. Of course only parents with real balls explain copulation to their kids, the others cover their eyes and assume any knowledge or vision of animal or human copulation is harmful. Actually, I think lack of knowledge is more harmful in any topic presented. An example is a kid who has been sexually assulted that does not even know how to describe it, or thinks it is too ashaming, to even mention. A knowledgeable kid would say, "Uncle Denny stuck his penis in my butt, will I now have a baby in my tummy?" This would alert parents of a sexual assult and they could respond by calling the police. A child that has been sheilded from knowledge may not even realize something bad has happened and will not even discuss it because it involves penises and butts, which have been forbidden to discuss and the child did what they expect during copulation exposure, which was to cover their eyes, and forget about it. Always consider that lack of knowledge is more destructive than knowledge itself!

Web BROWSERS are unsafe

There is no such thing as an unsafe website. If a website poses a risk, then your real problem is that your browser is treating advisory data as instructions.

In other news...

95% of websites freaking suck. - Drew

Re:Yellow

Actually, Mozilla does not use yellow. Specifically, it uses RGB values 245, 246, and 190 respectively. SiteAdvisor uses a more pure yellow with less blue light and far more equal red and green light.

In related news, yellow means warning. Orange means caution. Mozilla has defined the color peach to mean "secure web site". But hey, nobody else claimed peach!

Re:A tad misleading, but SiteAdvisor is still grea

I have a brother who is marred and has 2 kids between the ages of 12 and 15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics...

Wow, wouldn't it be great if some OS allowed people to give their kids accounts with limited rights? You know so they couldn't screw up an entire install? I don't mean like what BSD, Linux or Mac can do.

Oh wait, yes I do.

Re:Job Application?

A lot of companies require a college degree, even when the degree has nothing to do with the position posted. My wife's company, for example, will hire someone with a music degree for an analyst position, or someone with a sports management degree as an IT administrator, but absolutely will not hire someone without a college degree.

Why do companies do this? Simple. They believe, rightly, that a college degree is a sign that a person will put themself through hell and beaurocratic bullshit to get what (depending on the degree and the job position) is just a stupid piece of paper. Companies like this because it shows that you can tolerate a certain level of bullshit in order to receive a benefit. This is something they are looking for in all new hires, because they know that their work environment can be unfun at times.

While it is admiral that you got your GED and are probably well trained for a position, your lack of a college degree (and your open disdain for their degree requirement) probably means that you would scoff at some of the silly stuff they would expect you to do on the job. If they have stupid policies, you might get into a position to work to change them, but until you are in that position you are supposed to follow the policies because they are the policies.

If you won't do that (and I assume you wouldn't), then you don't want to work for them, and they don't want to hire you.

Amazingly, their requirement for a degree exactly served its purpose, keeping you from wasting their time with your application.

Re:Job Application?

An IQ test is better for eventual job performance evaluation than looking at educational background. And that only takes a couple hours, versus 4 years. It's also illegal for hiring purposes in the U.S. because the Supreme Court says IQ testing is racist towards blacks. So everyone needs 4-year degrees...

eWeek -- "Yellow" according to SiteAdvisor

I find it fairly ironic that the article is on eweek -- which according to SiteAdvisor is "kind of spammy"

After entering our e-mail address on this site we received 3.2 e-mails per week. They were somewhat spammy. We also had difficuly unsubscribing.

Re:The most dangerous and ugly site ever:

Site advisor gives it a big old green symbol. Don't worry folks, it's clear.

Re:A tad misleading, but SiteAdvisor is still grea

Why didn't you just tell them to stop using the garbage software they were using instead? I have several friends who I've switched over. None of them have complained, and none of them ever get viruses.

Re:Use a condom...

like this??? [folk.ntnu.no]

Re:A tad misleading, but SiteAdvisor is still grea

I have a brother who is marred and has 2 kids between the ages of 12 and 15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics. That was on a Windows 98 machine which, as hard as I tried, simply could not secure or revive from all of the trojan horses and malware that had infected it.
  Wayne_Knight (958917)

this sounds familiar...
from here [slashdot.org]:
I have a brother who is marred and has 2 kids between the ages of 12-15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics. That was on a Win98 SP2 machine which, as hard as I tried, I simply could not secure or revive from all of the trojans and malware that had infected it.
tokengeekgrrl (105602)

I am calling astroturf on these shens.

1. Get story posted on slashdot
2. ???
3. Profit!!!

step 2? Its actually post a dupe of the story and astroturf the comments section.

Re:A tad misleading, but SiteAdvisor is still grea

Are games with hidden malware comparable to trick or treat candy with poison or razor blades in them?

Unsafe is not the same as Dangerous

... which is fortunate as nothing enjoyable is completely safe. It's Illegal It's Immoral Or It Makes You Fat [ebay.co.uk]