Do the spyware quizz...

Hi malware fighters,

How are you doing in the spyware quizz?
http://www.siteadvisor.com/quizzes/spyware_0306.html

pol


I did good … got 7 of 8 right. I checked all 4 download sites as bad when SireAdvisor says that not all are bad. Well, for me they are all bad.


CharleyO,

You can only judge SiteAdvisor results as a general indicator and not in real time, they depend on user input, and the site could have been hacked recently or malware could be still on the search engine cached page. I prefer DrWeb’s hyperlink av checker plug-in, and as a similar service I prefer finjan’s to MacAfeeSiteAdvisor: https://addons.mozilla.org/en-US/firefox/addon/4892

And also important is your own insight,

polonus


Exactly … user input can be false or prejudiced … but the test is from SiteAdvisor.

I use ScanDoo when I need to check a site. Yes, it may be take a little longer to use than some of the others but I do not mind.


Forget me, if i think this test is stupid.

Hi lusher,

What better way to make the ignorants aware, they cannot click on everything they see?

pol

Why not? I click on everything i see. I mean this in the sense that i visit whatever site i want, without doing all that silly siteadvisor business.

Besides, i think the point of the quiz is that generally you CANNOT tell if a site is malicious or not… Not even an expert can , just by looking at the screenshot…


And why not? All I did was look at the screenshots and evaluate what I saw, what was being offered, and how it was being offered. The only reason i missed one is because, IMHO, all those download sites are bad but that is just my personal opinion. I will grant you that I can not always be right when looking at such pages. But, a little common sense and much experience goes a long way in spotting bad sites.


Hi CharleyO,

And you are so right. Of course everybody can land on a recently hacked site, and the occasional Iframe drive-by can be everybody’s fate, but the chances of this can be reduced considerably. Those that install NoScript and drop their full admin rights, when browsing. In such a way 90% of the known malware cannot get that aggressive with the OS as with ignorants that just surf and click away. Using siteadvisor or finjan, distrust, stealther and Netcraft toolbar, and having Local IP’s of the site you visit, give you a feeling of where you are going online, and then you have that gut feeling to avoid that backward alley where you can be clubbered over the head, some think these plug-ins were just invented for the fun of it, and served no real purpose, wrong, Mr Maone knew what he was doing developing NoScript, and I benefit from this every day…

polonus

Why not? I click on everything i see. I mean this in the sense that i visit whatever site i want, without doing all that silly siteadvisor business.

That’s not the only issue here. There is also the issue of visiting and downloading software. (In fact, only the lyric site attempts a drive-by download- the others all have “spyware” downloads.)

Besides, i think the point of the quiz is that generally you CANNOT tell if a site is malicious or not... Not even an expert can , just by looking at the screenshot...

There are clues: Licence information (Shareware/Freeware): Good; A ‘No spyware’ policy: Good; Licence agreements (By clicking ‘Download now’ you are accepting the End User Licence Agreement): Bad; Free phone/TV banner ads: bad.

But the page clearly states: They say it’s hard to judge a book by its cover. We’d argue that it’s even harder to judge the safety of a Web site by its looks.

If the page is attempting to get over a message you agree with, I think you’re trying to have your cake and eat it by calling it ‘stupid’.

Yes exactly my point. The only conceivable value I can see with services like SA is that they stop you from even visiting malicious sites in the first place hence avoiding problems with drivebys … But there are other substitutes that do better, such as sandboxes, or even possibly http/web shields of AVs…

You argue that the other value they provide lies in protecting users from downloading malicious software on their own free will and running it… My problem here is SA itself using prescanned results that can be months out of date (and the last i checked many such services are using av techniques if not av/as directly anyway to determine maliciousness of downloadable content)… People say antiviruses are reactive and hence cannot keep up, however, SA in comparison are even more reactive… :smiley:

Besides, i think the point of the quiz is that generally you CANNOT tell if a site is malicious or not... Not even an expert can , just by looking at the screenshot...

There are clues: Licence information (Shareware/Freeware): Good; A ‘No spyware’ policy: Good; Licence agreements (By clicking ‘Download now’ you are accepting the End User Licence Agreement): Bad; Free phone/TV banner ads: bad.

Yes, but the point here is any of these “clues” are superficial (and i don’t quite agree that free phone/tv banners are always bad) and aren’t the necessary or defining characteristics of ‘maliciousness’, one can easily change the surface appearance of a website without affecting how malicious the site is… Almost the same argument can be made with phishing sites (though admittedly this is a weaker argument imho).

But the page clearly states: [i]They say it's hard to judge a book by its cover. We'd argue that it's even harder to judge the safety of a Web site by its looks[/i].

If the page is attempting to get over a message you agree with, I think you’re trying to have your cake and eat it by calling it ‘stupid’.

Well I missed that “message” on the first reading…That said, SA obviously wants to convince users of the “right message” (for their own selfish reasons) but is doing it in the wrong way given the reactions of people here…

As such I was reacting more to how the test is perceived on this thread. People are boasting about how they can tell which website is malicious by screenshots alone , which obviously misses the point entirely…

To summarize these are my points

  1. You can’t tell just by screenshots alone whether a site is malicious or not. Absence of “clues” does not mean the site isn’t malicious.

  2. Even given 1), services like SA are not always the answer. SA like services are a shift from blacklisting of downloadable content to a blacklisting of domains. The later lots of people already do on a crude level using hosts files. I have always being doubtful about hosts files and the question as always is, is it really more productive to blacklist domains?

If a widespread windows/java/flash/quicktime etc vulnerability is announced/released, and every blackhat starts to use it on domains all around the world, are services like SA fast enough to blacklist all of them?

Wouldn’t blacklisting of content be a lot more efficient (exploit detection scanning like linkscanner)?

Same goes for malicious content put on websites for users to download and run. Why choose services like SA which use months out of date prescanned results, when you can use various scanners that have the latest signatures?

A site might be clean when SA first analysed it, but it might not be a few months later…

Even if SA class services provided “Real-time” scanning, the question would be whether, such real-time scanning is any better than you just downloading the program and then scanning it on a few online scanners…

Just some “trolling” thoughts…

The value of the exercise is that people realise that not everything that glistens is gold.

On Windows I stick to trusted download sites with a no-spyware policy and research any new program before installing.

Site advisor can be a useful warning- that there are sites out there that don’t have your best interest at heart- but no, it shouldn’t be the last word as to whether a download is safe.

Is there a better way? The bad thing with SiteAdvisor, Scandoo etc. is that it does not give a guarantee about the actual “state” of the site in question. A service like WebShield or a resident scanner as such works “after the fact”, and your only hope is you are protected.
A better way is the protection of NoScript or the known ways of making a browser safer (no ActiveX, etc.).
So it is all risk rating, no giving any or minimal certainty. The best you can get near what you want before you click the hyperlink in question is the DrWeb AV-hyperlink scanner plug-in, and then you depend on what the latest DrWeb scanner engine protects you from or rather what it detects.
There are old fashion methods like special host file lists, white listing and black listing.
When the downloads of a certain software were malicious for a fortnight without the makers of the program being aware, infecting millions of users, you fear the worst for the future. Well and just reckon all the millions just being part of bot nets that compromise others to be part of bot nets. Is not the struggle already lost? Aren’t we fighting windmills or is there someone with a sharp idea who could develop the real time scanner that flags malicious sites or a malicious search cache of a site. Could Google be that best friend, and offer that service?

polonus

It’s still unclear to me, do you agree with the message? I.e you can’t judge a website is malicious or not just by appearances…

I think the test is silly for this reason…

Human nature… You create a test for people to take, the default assumption here is that the test is doable and can be passed and this is exactly how it is taken by most people based on the reaction here (and in similar tests).

Also I’m disappointed … Do you agree with everything I said in the last post?

Dear Polonus

Time for another thread?

create a test for people to take, the default assumption here is that the test is doable and *can be passed* and this is exactly how it is taken by most people based on the reaction here (and in similar tests).

The stated point of the test is to show how difficult it is to tell a safe site from a dangerous one: it’s not meant to be a test you should pass if you’re an ‘expert’. It’s just meant to make people think twice before downloading, and if it does that, more to the good.

The test is s simple multiple choice (with 2-4 options…) so infect you could pass it without having a clue what your doing.

The real idea of the test as far as i can see is to show you not to be “clicky happy”, exercising cation is paramount since alot of infection/exploit problems can be avoided before hand.

Prevention is better then cure

–lee

The problem with this “test” is you know it’s a test. You took the time to really look at the page. Some of the bad ones where very good. In reality, how many people really read the entire page, instead of just looking for a link?

But doing these types of tests should make people aware, there are things out there to be watchful for. Maybe just to be cautious when looking for “freebeies”, if nothing else.

I got 6/8, missed bearshare and kazaa, not because there was anything vivually wrong with the page, but because you get adware as a bonus.

Hi “oldman”,

I think the thing here is that you have the thought simmering at the back of your head, that there could be something wrong. And in the case of a second thought you are urged to check it. When I look at my Netcraft toolbar and I see a full red line at where it says “risk rating”, I want to know why. And when I am stopped by the toolbar going to a link with the remark “this could be a malicious site”, I will not easily ignore it. And I tell you I will feel a lot more secure with NoScript installed inside a FF or Flock browser, and know that it is real “added protection”.
Some things I just cannot understand why they are so? For instance why older versions of Sun Java are left on machines, making them more vulnerable, and an old version is not automatically updated. Some ISP’s care about infected users, and warn, some just go for the money and don’t care a hoot…
Missing updates and patches is making you as a user more vulnerable. Still a lot of users lack this fundamental knowledge, same as with enhanced in-browser security, that is why we are in the predicament we face ourselves in to-day!

pol

I got 3/8. :slight_smile:

But I confess I have to agree with Lusher here, I wouldn’t have any problem visiting any of these sites, no matter of SA says they’re BAD or GOOD.