March 3, 2006

By Ryan Naraine

SiteAdvisor Finds Billions of Unsafe Web Visits

An Internet security startup with roots at MIT (Massachusetts Institute of Technology) has slapped a red "X" warning label on approximately 5 percent of all Web traffic and warned that there are one billion monthly visits to Web pages that aren't safe for surfing.

With an ambitious mission to use automated crawlers to test every Web site on the Internet, SiteAdvisor officially rolled out a free trial version of a browser plug-in that places a "safe," "caution" or "warning" label whenever a user visits a Web site.

The idea is to use the color-coded (red, yellow or green) system to mark every Web site and to help Web surfers determine if a site's content includes spyware, spam, viruses, browser-based exploits or online scams.

A green checkmark is appended to sites tested by SiteAdvisor and cleared as having no significant problems. However, if a Web site tries to change the user's browser defaults or send a lot of "non-spammy" e-mail, the service will take a use a yellow exclamation mark to caution users.

Web sites found hosting drive-by exploits, bundling adware/spyware with downloads or hammering inboxes with spam get the dreaded red warning "X."

The browser plug-in, which is available for Internet Explorer and Firefox users, has been in beta testing for three months and, according to data collected over that period, "red" warning ratings were put on for sites representing more than 5 percent of Web traffic.

About 2 percent of all Web traffic was given the "yellow" caution rating.

As expected, many popular Web categories have a much higher percentage of red and yellow sites, said Tom Pinckney, co-founder and VP of Engineering at SiteAdvisor.

For example, on the first page of Google search results for "screensavers," 10 of the 18 sites shown have "red" ratings.

Ben Edelman, a respected anti-spyware activist who is serving as an advisor to the Boston-based start-up, said the company ratings are based on actual tests of executables hosted on destination sites.

In an interview with eWEEK, Edelman said SiteAdvisor uses an automated crawler that surfs billions of Web sites monthly to look for executable downloads.

When an executable is found, it is automatically downloaded onto a virtual machine and installed. The proprietary technology is able to click installation prompts and agree to EULAs (end-user licensing agreements).

Once a file is installed on the virtual machine, the SiteAdvisor technology looks for all new files created, including changes to the file system and registry.

A packet sniffer tracks network monitoring to figure out if a piece of adware/spyware/malware is sending traffic from the machine.

"We put up the rating based on what we find on those sites," Edelman said, stressing that the technology also signs up for e-mail newsletters to track spam that may be sent from that domain.

It will also monitor the process of unsubscribing to warn end-users if a Web site is making it tough to opt out of a mailing list.

In addition to the results from the automated crawler, Edelman said feedback from user comments from Web site owners and analysis from SiteAdvisor staff will help determine the ratings.

In addition to the color-coded ratings on the browser plug-in and on the display of Google, Yahoo, MSN or other search engine results, SiteAdvisor hosts a Site Report page that documents the results of every test on every Web site.

Edelman said new sites are tested daily and previously tested sites are re-tested often. Since its launch, the service has tested Web sites representing more than 95 percent of Web traffic and signed up for e-mail subscriptions from more than 1.3 million registration forms.

More than 475,000 downloads have been analyzed for adware, spyware and viruses.

main page ATTRITION feedback