Wednesday, August 23, 2006
Spyware Fight
In a pretty innovative attempt to prevent users from ending up with spyware infestations, Google started popup warnings when you attempt to visit a site known to distribute malware. This is built right into their search results rather than relying on a toolbar or extension.
That might be old (early August) news for those who keep up on search engine news, but what surprises me is I have not yet seen it in action and I do visit slimy sites quite frequently in my tracking down spam. I wonder if they decided to take it offline to rethink it.
A visit to StopBadware.org which maintains the malware database shows an example of one of the sites in their list, ThemeXP.org. Yet in Google's search results there is no popup, just google ThemeXP. Does that mean the warning popup is offline?
I have also yet to see Firefox 2.0 beta warn me of a Web Forgery with its new anti-phishing technology. I have even followed clearly deceptive links in bank phishing emails and not seen the warning. It is based on Google's Safe Browsing extension if you want to try it out before Firefox 2.0 is released.
What I have been using that is working pretty well is McAfee SiteAdvisor. It is available for both Firefox and IE for free. It advises you of the status of the site you are visiting by color coding its button. It also puts indicator icons on search results (Google, Yahoo and MSN) so you know before you even click (even on ads). When you hover the icons it gives you a brief summary of why the site got its rating. This service not only warns you about malware, it warns you when a site is likely to spam you if you sign up, I really like that.
Of course, there are privacy issues to think about when you add this protection to your browser. For the best protection, every URL you visit gets transmitted to the database provider. With Safe Browsing and Firefox 2.0's anti-phishing there are local checking options which provide some protection, but I would rather the best protection I can get.
Update: In early August, a Mozilla representative pointed out that 2.0's phishing filter isn't working yet. So I guess I shouldn't have uninstalled Safe Browsing yet. This post says you now get Safe Browsing as part of Google Toolbar. He also suggests you try OpenDNS, which reportedly corrects obviously mistyped URLs and warns about possible phishing sites.
Update 2: I found an example of Google's warning popup still working from another blog. Maybe StopBadware.org removed TweakXP from the list and just haven't updated the site with a better example.
That might be old (early August) news for those who keep up on search engine news, but what surprises me is I have not yet seen it in action and I do visit slimy sites quite frequently in my tracking down spam. I wonder if they decided to take it offline to rethink it.
A visit to StopBadware.org which maintains the malware database shows an example of one of the sites in their list, ThemeXP.org. Yet in Google's search results there is no popup, just google ThemeXP. Does that mean the warning popup is offline?
I have also yet to see Firefox 2.0 beta warn me of a Web Forgery with its new anti-phishing technology. I have even followed clearly deceptive links in bank phishing emails and not seen the warning. It is based on Google's Safe Browsing extension if you want to try it out before Firefox 2.0 is released.
What I have been using that is working pretty well is McAfee SiteAdvisor. It is available for both Firefox and IE for free. It advises you of the status of the site you are visiting by color coding its button. It also puts indicator icons on search results (Google, Yahoo and MSN) so you know before you even click (even on ads). When you hover the icons it gives you a brief summary of why the site got its rating. This service not only warns you about malware, it warns you when a site is likely to spam you if you sign up, I really like that.
Of course, there are privacy issues to think about when you add this protection to your browser. For the best protection, every URL you visit gets transmitted to the database provider. With Safe Browsing and Firefox 2.0's anti-phishing there are local checking options which provide some protection, but I would rather the best protection I can get.
Update: In early August, a Mozilla representative pointed out that 2.0's phishing filter isn't working yet. So I guess I shouldn't have uninstalled Safe Browsing yet. This post says you now get Safe Browsing as part of Google Toolbar. He also suggests you try OpenDNS, which reportedly corrects obviously mistyped URLs and warns about possible phishing sites.
Update 2: I found an example of Google's warning popup still working from another blog. Maybe StopBadware.org removed TweakXP from the list and just haven't updated the site with a better example.
