Aids to safe surfing

Friday, February 10th 2012

The cold weather continues and overnight we had more snow. The fall was relatively light over the city – 1 to 2 centimetres – but it shows that the cold snap is continuing. This, for me at least, is a time to concentrate on activities at home and, therefore of course, on the computer. One of the things I have been looking at is safety on the Web.

Years ago, my ISP was a very good company that provided an excellent dial-up service and whose knowledgeable if opinionated CEO was an active contributor to the company’s user forums. One of the hot topics at the time was firewalls, which were then just beginning to appear on the market. Friends of mine had installed firewalls and I was wondering whether I should do so as well. I emailed the CEO and asked his opinion. He emailed back, saying that in his opinion, as long as you had a good virus scanner you didn’t need a firewall.

How things have changed since then! Today, no moderately net-savvy person would dream of going online without the protection of a competent firewall to combat attacks with trojans, viruses, malware and all the other nasties that you sometimes feel are pressing around you in an evil throng, waiting for a moment’s lapse of attention to sneak in and corrupt your system. My own firewall regularly throws up messages to say that it has encountered and parried an attempted attack. It also surveys my incoming emails and tags those it thinks are spam, scams or bearers of viruses.

It’s important to remember that the best firewall in the world cannot guarantee 100% protection. Without going into the whole sordid business, let’s just say that there are people out there actively and continually working to find ways of penetrating our defences in order to defraud us or subvert our machines for their own purposes. Call me paranoid if you wish, but then I will reply that a moderate degree of paranoia is essential to survival online!

I think you can to a certain extent compare your firewall to the body’s immune system. If your computer is attacked by a pathogen that the firewall knows about, it will block the attack and destroy or isolate the pathogen. It may also do this with entities that it doesn’t know to be pathogens but which, according to its rules, are acting suspiciously. Sometimes, however, an attack is of such a new kind that the firewall is powerless to stop it. (Think of a mutated flu virus for which the immune system has no antibodies.)

The best way to deal with pathogens is to avoid being exposed to them in the first place. The major threat comes from surfing the Web with your common or garden Web browser and clicking on a link that takes you to a rogue site. These are malignant Web sites containing scripts that will be run by your browser and are designed to damage or infect your computer. With any luck, if you encounter one of these sites, your firewall will deal with the attack and perhaps warn you to quit the site immediately.

Good as that is, the best protection strategy is not to go to that site in the first place. This obviously raises a question: how do you know not to go there? How can you know a site is dangerous before you go to it? There are nowadays a number of applications that advise on the safety of sites. Some work in conjunction with your browser and search engine to affix a symbol beside the links thrown up in the course of a search. A conventional set of symbols, based on the "traffic lights" system, is in general use. Green means "Safe", red means "Dangerous" and orange means that there are causes for concern.

How do these applications "know" whether a site is safe or dangerous? There seem to be two main approaches. The first is the "community" approach: you sign up to join the community and whenever you visit a site, you pass your opinion of it back to the database. Gradually, a picture builds up of the safety or otherwise of sites as people visit them and decide what they think of them. The second is the "analytical" approach: as your browser loads its page of links, the application visits each one and analyses it, much as your firewall does, and reports its findings.

Both of these systems are only as good as the information they use to evaluate the site. Each has its merits and its faults. The "community" approach has the benefit of human experience but also suffers from the weakness of human fallibility. The green "safe" button may result from the mistaken confidence of a small number of people. Also, it cannot react swiftly in the case of a site that was previously safe but has now been taken over by attackers or has been hacked and rendered malignant.

The "analytical" approach has the advantage that it doesn’t need people to examine the site: like your firewall, it checks the content and issues a warning if it finds something dangerous and its database can be continually updated as new threats are discovered. The disadvantage is, firstly, that it works relatively slowly (you may have to wait for it to finish checking the link you are thinking of visiting) and that, just like your firewall, it could miss a new exploit that has not yet been recognized.

Arguably, the best method is the belt-and-braces method, that is, to use both of these approaches, hoping that between them they will catch all potential threats. Happily, there exist a number of applications that can be attached to your browser as add-ons or extensions. The ones I am trying out at the moment work with both Firefox and Google Chrome (and with Chrome-alikes Iron and Comodo Dragon). I am using three, which I detail below.

1. Webutation

Installing Webutation places a shield icon in your browser. (In Firefox this tends to be just to the left of the address window and in Chrome, near the wrench icon.) As you surf the Web, the number on the shield changes. This number is the site’s reputation score, expressed as a percentage. A high reputation results in "100", a lower one results in a proportionately smaller number. The important point to note is that this denotes the site’s reputation, not its safety. While a reputable site would normally also be a safe one, the distinction should, I think, be borne in mind.

If you click on the shield while viewing a site, you will see a page containing the information used by Webutation to calculate its score. It derives this information from various sources.

2. WOT (Web of Trust)

This application adopts the above mentioned "community" approach. Having installed the add-on, you are given the opportunity of signing up for an account and this allows you to add your assessment of sites via a review system. Run a search in your search engine and Webutation will place what might be described as a coloured Polo mint (a disc with a hole in it) to the right of each link. The colours red, orange and green are used in the conventional manner.

If you hover your mouse pointer over the symbol, this brings up a page carrying a more detailed analysis of the site under four headings: Trustworthiness, Vendor reliability, Privacy and Child safety. Each of these is scored individually with a percentage rating. On the left is more information about the site. This 4-dimensional analysis cannot be accurately reflected in the disc symbol beside the link though the shade of this seems to vary according to the overall quality of the site.

3. M86 Security

M86 is an "analytical" device that inserts into your browser’s display a small shield with diagonal stripes in red, orange and green. In Firefox, this appears, accompanied by the M86 logo, at the right end of the status bar (usually at the bottom of the browser window). In Chrome, the shield appears by itself somewhere near the wrench icon. When the search engine loads a page of links, to the left of each, you will see a rotating circle, meaning that that site is being analysed. If analysis is achieved, than the circle is replaced by either a green disc bearing a white tick (meaning "safe") or a red disc bearing a white cross (meaning "dangerous"). If the disc is orange with a question mark on it, this means that M86 failed to analyse the site. Often this is simply because it ran out of time and if you refresh the browser, the orange may be replaced by red or green.

Hover your mouse over the disc and a little window pops up, offering to show you further information (in the case of red or green) or stating that the site could not be analysed. Clicking on the shield brings up a small window offering various functions including a small set of options.

Conclusion

Each of these applications adopts a different approach and it should be remembered that they are measuring different things. Thus it often happens that not all of them necessarily return the same colour for the same site. For example, WOT may gave a site an orange or red disc because it thinks the site untrustworthy or unsafe for children while M86 gives it a green disc because it thinks it safe for your computer. There is no harm in that, of course, and in fact, it is an advantage, because you receive a broader picture of the site.

These three applications are not the only ones available of course. There are various other ones, including the popular McAfee SiteAdvisor. It’s a case of choosing which works best for you.

Having installed one or more of these devices, can you be confident that you will never hit a bad site and be infected or defrauded? Unfortunately, no. These all help you to avoid traps and pitfalls but no reputable manufacturer will ever claim their product offers complete protection. The unknown threat can always be lurking.

Suggestion 

What if you are given an URL, perhaps in an email, and want to know whether it is safe to visit? One way is to enter the identifying part of the URL (for example, "microsoft.com" or "bbc.co.uk") into your browser’s search box. The above mentioned applications will give their opinion on the links that this throws up, including the site itself. URLs provided in this way may be complex and go down several levels and just because the top level is safe doesn’t necessarily mean that the lower levels are safe also. Fraudsters often set up pages in the lower levels of otherwise innocuous sites. The watchword is “Caution at all times!”

Copyright © 2012 SilverTiger, http://tigergrowl.wordpress.com, All rights reserved.