|
Posted by Virus Guy on March 8, 2006, 7:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
What I don't understand is why can't the maliciousness of html content
be analyzed (and blocked) in real time, after the content is
downloaded but before it is handed off to the browser to be rendered?
The method described below would have to entail additional bandwidth
load and latency in rendering search-page results as the individual
URL's are checked and rated (unless the database of known-bad URL's
are stored locally and updated periodically?)
The service described below seems to be tied into the search-page
results of the major search engines.
One wonders why the search engines don't perform their own
content-analysis and throw up their own rating as part of displaying
search results - or go a step further and allow a user to set a
check-box to automatically filter-out results from known-bad domains
or URL's (unless they fear liability issues - or media blow-back if
they erroneously ID a bad URL).
I guess it's only a matter of time until SiteAdvisor is bought by
Google and they tinker with incorporating it into their own search
engine.
---------------------
http://www.linuxpipeline.com/showArticle.jhtml?articleId=181500400
March 01, 2006
Browser Plug-in Warns Of Surfing Risks Before Clicking
By Gregg Keizer Courtesy of TechWeb News
A company founded by several MIT engineers launched free Internet
Explorer and Firefox plug-ins Wednesday that reveal dangerous Web
sites listed by popular search engines.
With the plug-ins installed, users see green, yellow, or red tags
beside hits in search results on Google, MSN, and Yahoo, said
Boston-based SiteAdvisor. The tags -- red represents sites that
heavily spam visitors, host spyware and adware, or hijack browser home
pages -- give users a heads-up before they click on a link.
"We believe consumers want to know, in plain English: 'If I download
this program, will it come with adware?' Or, 'if I sign up here, how
much and what kind of e-mail will I receive?'" said chief executive
Chris Dixon. "SiteAdvisor zeros in on the moment of decision, when
users are about to interact with a dangerous site. We can tell them:
'We've been here before, and here's what happened to us.'"
The company's ratings were with the help of automated Web spiders,
which crawled the millions of sites that represent more than 95
percent of the Internet's total traffic. Nearly half a million
downloads were analyzed for spyware and other malicious code, and 1.3
million registrations were logged using unique e-mail address to track
spam from each site source.
Users need a proactive approach to security, said Dixon, because of
the shift in attackers' strategies, from technical assaults such as
viruses and worms to for-profit attacks such as adware, spyware, spam,
and phishing.
Traditional security software "leaves a big hole in consumers' Web
safety armor because they don't know what's safe to click in the first
place," Dixon added. "We focus on the kinds of attacks that other
companies miss, so consumers can browse with confidence and stay safe
and in control online."
Although the plug-ins are free, SiteAdvisor plans to release more
powerful versions that will carry price tags. "In the future, we will
offer paid versions with additional premium features," the company
said.
The plug-ins can be downloaded from here.
http://www.siteadvisor.com/preview/index.html
Additional details on the inner workings of SiteAdvisor, check out the
recent review on InternetWeek.
http://internetweek.cmp.com/handson/181400665
|
|
Posted by kurt wismer on March 8, 2006, 8:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Virus Guy wrote:
> What I don't understand is why can't the maliciousness of html content
> be analyzed (and blocked) in real time, after the content is
> downloaded but before it is handed off to the browser to be rendered?
how do you define maliciousness programmatically? i'm sure the proxy
half of what you're talking about is possible, but the analysis part
can't be attacked any more intelligently than is currently done with
viruses...
plus, real-time analysis of that sort introduces latency which would be
annoying...
conventionally, net filters filter by domain rather than content, and
even that is prone to false alarms (as anyone at boingboing.net could
tell you)
> The method described below would have to entail additional bandwidth
> load and latency in rendering search-page results as the individual
> URL's are checked and rated (unless the database of known-bad URL's
> are stored locally and updated periodically?)
there *might* be a cache...
> The service described below seems to be tied into the search-page
> results of the major search engines.
that was my experience when i tried it out... it wasn't very useful to
me because of that - i'd rather see it markup all links on all pages the
way it does search result pages...
> One wonders why the search engines don't perform their own
> content-analysis and throw up their own rating as part of displaying
> search results - or go a step further and allow a user to set a
> check-box to automatically filter-out results from known-bad domains
> or URL's (unless they fear liability issues - or media blow-back if
> they erroneously ID a bad URL).
i believe the word is censorship... combine censorship with false alarms
and see what a nasty mess you can make...
> I guess it's only a matter of time until SiteAdvisor is bought by
> Google and they tinker with incorporating it into their own search
> engine.
maybe, maybe not...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
|
|
Posted by Virus Guy on March 8, 2006, 11:24 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> > One wonders why the search engines don't perform their own
> > content-analysis and throw up their own rating as part of
> > displaying search results - or go a step further and allow
> > a user to set a check-box to automatically filter-out results
> > from known-bad domains or URL's
>
> i believe the word is censorship...
So if Google comes across a URL that contains obvious or known browser
hijack tricks (or down-right exploits) hidden among decoy (or legit)
content, then you would consider it censorship if Google didn't list
that URL among it's results?
Doesn't MVP hosts file, or Adaware, or Spybot immunization perform
more or less the same sort of blocking? Do you also call that
censorship?
What if there was a "don't include URL's with dangerous content"
check-box on Google's search page? Would you object to that?
At the very least, Google could throw up an icon beside each URL
result (green, yellow, red) to indicate what it thinks of the URL.
Then the user can decide whether or not to follow any given URL. If
google determined the threat-level at the time it spidered the URL,
then conveying that information as part of the search result would
entail essentially no extra bandwidth or latency, and would require NO
extra software on user's PC's.
|
|
Posted by kurt wismer on March 9, 2006, 12:53 am
If you were Registered and logged in, you could reply and use other advanced thread options
> kurt wismer wrote:
>
>>> One wonders why the search engines don't perform their own
>>> content-analysis and throw up their own rating as part of
>>> displaying search results - or go a step further and allow
>>> a user to set a check-box to automatically filter-out results
>>> from known-bad domains or URL's
>> i believe the word is censorship...
>
> So if Google comes across a URL that contains obvious or known browser
> hijack tricks (or down-right exploits) hidden among decoy (or legit)
> content, then you would consider it censorship if Google didn't list
> that URL among it's results?
yes...
> Doesn't MVP hosts file, or Adaware, or Spybot immunization perform
> more or less the same sort of blocking? Do you also call that
> censorship?
it's not quite the same thing... if google were *only* providing a
filter, as the hosts file and the anti-malware apps do, then it wouldn't
be a big deal... but that's not google - google is an information
provider and if they stop providing some of that information, no matter
how well intentioned, it is censorship...
> What if there was a "don't include URL's with dangerous content"
> check-box on Google's search page? Would you object to that?
if they did it in a manner similar to safesearch (or basically augmented
the functionality of safesearch) then i don't think there's a problem...
> At the very least, Google could throw up an icon beside each URL
> result (green, yellow, red) to indicate what it thinks of the URL.
> Then the user can decide whether or not to follow any given URL. If
> google determined the threat-level at the time it spidered the URL,
> then conveying that information as part of the search result would
> entail essentially no extra bandwidth or latency, and would require NO
> extra software on user's PC's.
it would just make google's reindexing a much more computationally
expensive process...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
|
|
Posted by David W. Hodgins on March 9, 2006, 2:07 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Virus Guy wrote:
>> kurt wismer wrote:
>> So if Google comes across a URL that contains obvious or known browser
>> hijack tricks (or down-right exploits) hidden among decoy (or legit)
>> content, then you would consider it censorship if Google didn't list
>> that URL among it's results?
> yes...
They already do.
>> Doesn't MVP hosts file, or Adaware, or Spybot immunization perform
>> more or less the same sort of blocking? Do you also call that
>> censorship?
>
> it's not quite the same thing... if google were *only* providing a
> filter, as the hosts file and the anti-malware apps do, then it wouldn't
> be a big deal... but that's not google - google is an information
> provider and if they stop providing some of that information, no matter
> how well intentioned, it is censorship...
In order to avoid search stream pollution by spammers, they've had
no choice but to exclude obviously overrated search results.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
|
| Similar Threads | Posted | | Looking for this file: plugin-ignore.zip | October 16, 2005, 1:25 am |
| Disabling AVG Office/Outlook plugin | July 25, 2005, 8:33 am |
| Turn off Office 2000 plugin in AVG? | March 3, 2008, 6:36 pm |
| Expert Warns of Economic 9/11 for U.S. | June 22, 2006, 5:48 pm |
| Google warns on 'unsafe' websites | August 8, 2006, 12:20 am |
| Risks of unblocking Chinese website on my firewall | September 13, 2005, 8:53 am |
| Uploading trojan to online scanner. Any risks? | June 29, 2008, 12:37 am |
| Exploit Prevention Labs Updates LinkScanner Safe Surfing Product Line With Support for Vista and Firefox (SYS-CON Media) | February 11, 2007, 9:02 am |
| Exploit Prevention Labs Updates LinkScanner Safe Surfing Product Line With Support for Vista and Firefox (SYS-CON Media) | February 11, 2007, 9:02 am |
| Exploit Prevention Labs Updates LinkScanner Safe Surfing Product Line With Support for Vista and Firefox (SYS-CON Media) | February 12, 2007, 2:02 am |
|
XML site map