Slashdot Mirror
5% of All Web Traffic Unsafe
OnFour writes "The MIT-backed startup behind SiteAdvisor has slapped a red "X" warning label on approximately 5 percent of all Web traffic and warned that there are roughly one billion monthly visits to Web pages that aren't safe for surfing. About 2 percent of all Web traffic was given the "yellow" caution rating." A more general SiteAdvisor blog entry overview was covered earlier on Slashdot.
"roughly one billion monthly visits to Web pages " :(
OK, and the "one billion monthly visits" is clickable?
Dear god does anyone else think that is the epitomy of where you could actually post tubgirl or worse and have it not only be on topic, but insightful?
ermm
crap, I think I just justified tubgirl as insightful or interesting.
I quit.
(and no, there are NO LINKS in this comment, if for no other reason than I might end up drunk and click on one of them)
I am 31337 or something.
and 50% of web surfing is not safe for work.
Snowden and Manning are heroes.
Do they just mean safe for IE. At least, that is what I gather from TFA. Who cares? Just use Firefox, Mozilla, Opera, or Lynx.
---- "XML is like violence. If it doesn't fix the problem, you aren't using enough."
It is critical to understand what component is actually unsafe before any action can be taken to counter it. Likely of the 5% of "unsafe" internet traffic, 4% of it is from a perspective of sites that are not safe for MSIE. Of course there is no reason for any traffic to go to a "unsafe" site, as they do not have good content. OTOH, I could probably get away with saying that 20% of the web is useless, and not get a counter argument.
This study really only shows that most web users do not think about their safety; We already knew that considering they are using MSIE.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Although this is likely true, is it really news to anyone? I'm not at all surprised that so much traffic is bad in some way: bad traffic pays.
A more interesting question is why people continue to ignore security -- could it perhaps be that security just isn't that important to anyone?
It seems that people only get upset when their bankaccount gets drained. Until then, WHATEVERRRRRR.
http://www.thebricktestament.com/the_law/when_to_
For that matter, it's like the people feeding mega-doses of different things to lab rats that have been bred to be suseptable to cancer, then announcing that Yet Another Chemical Causes Cancer. You never hear about things that they couldn't manage to "prove" a carcinogen, any more than you're ever told that there's no evidence their rat experiments are relevant to humans. Sorry about the bit of a rant, there, but I do think those "researchers" need to be taken down a peg and forced to demonstrate a relationship between what they're doing and what happens in a human being.
Good, inexpensive web hosting
"Safe 95% Of All Web Sites" logos on people's homepages?
sulli
RTFJ.
Many years ago on the com-priv mailing list, I posted a message "announcing" the creation of a company which would sit on your network, watching the sites that your users visited. When a "bad" site was visited, it would forge a TCP RST to close down the connection. Various categories of badness were proposed, with varying fees. I thought "This is an idea too stupid for words, so I'll put it into words so everyone can see how stupid it is." Well, I had several parties contact me for availability and pricing, because they WANTED to censor their users' browsing. I was so naive.
-russ
Don't piss off The Angry Economist
Set the evil bit on such traffic, so that it may be filtered out via firewalls.
I have a brother who is marred and has 2 kids between the ages of 12 and 15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics...
Wow, wouldn't it be great if some OS allowed people to give their kids accounts with limited rights? You know so they couldn't screw up an entire install? I don't mean like what BSD, Linux or Mac can do.
Oh wait, yes I do.
What are you eating? isItVeg?.
It took them a year to do a million websites. They're taking the software downloads the sites offer and scanning them. With the shell game of staying ahead of the malware definitions, the period of time in which a site's evaluation is out of date, etc. you're going to have some obsolete data. Not that that in and of itself is vastly different from any other security measure, but really try to put yourself in j6p's shoes:
You go to a site. Ten minutes ago, the site you were on was issued a green checkmark, five minutes ago the bad guys running the site swapped out the good files for the bad, and you get an Active X popup (I said you're j6p!!). You can't trust the green checkmark. You go to a site that has a message board where some a-hole posted a link to malware, triggering a red X. They've caught it, banned him, pulled the link, and gotten the green checkmark back. But you saw the red X; and the person who's going to rip you a new one if he has to spend his weekend de-fouling your PC again told you that the red X should be a skull and crossbones and to stay the hell away from any site where you ever saw one. Now you don't know what to make of the red X.
What about a site that hasn't been scanned yet? Or whose updates have been detected but not audited? A question mark? Nothing? How long until it's just another thing the average user doesn't pay attention to? You can't have an up-to-the-millisecond read on the entire web, and you don't have any margin of error where your security mechanism is the end user knowing what to think.
Finally modding someone offtopic when they rant about what "Begging the Question" means: priceless.
Wow, wouldn't it be great if some OS allowed people to give their kids accounts with limited rights? You know so they couldn't screw up an entire install? I don't mean like what BSD, Linux or Mac can do.
Oh wait, yes I do.
Yes, and how does one "kill" a computer? The worst that you can do is corrupt your OS and force a reinstall. The grandparent post sounds like blatant astroturfing for SiteAdvisor.
In fact, the whole story does.
Are they hoping to make money off of hyping "unsafe websites" like Norton and McAfee have with "unsafe programs"?
That's about the same percentage of dangerous traffic that's on the road on Friday and Saturday nights.
A lot of companies require a college degree, even when the degree has nothing to do with the position posted. My wife's company, for example, will hire someone with a music degree for an analyst position, or someone with a sports management degree as an IT administrator, but absolutely will not hire someone without a college degree.
Why do companies do this? Simple. They believe, rightly, that a college degree is a sign that a person will put themself through hell and beaurocratic bullshit to get what (depending on the degree and the job position) is just a stupid piece of paper. Companies like this because it shows that you can tolerate a certain level of bullshit in order to receive a benefit. This is something they are looking for in all new hires, because they know that their work environment can be unfun at times.
While it is admiral that you got your GED and are probably well trained for a position, your lack of a college degree (and your open disdain for their degree requirement) probably means that you would scoff at some of the silly stuff they would expect you to do on the job. If they have stupid policies, you might get into a position to work to change them, but until you are in that position you are supposed to follow the policies because they are the policies.
If you won't do that (and I assume you wouldn't), then you don't want to work for them, and they don't want to hire you.
Amazingly, their requirement for a degree exactly served its purpose, keeping you from wasting their time with your application.
This is a great initiative to help user surfing the (insecure) webb today, I have a lot of examples of users that only click "Yes" on every website that asks to install something because if you don't do that you can't see the pr0n. Someone known anothers projects like this or this is the first?
http://www.michel.eti.br
The last thing we need is people thinking they've got the odds on their side.
In reality, for the unsuspecting user, there is hardly a site that is safe. Almost every site uses tracking cookies that violates the original security model that only an original site will acess data about the sesion. If the 12o7 cookie exists at amazon and the fly-by-night-shady-blogger, one must assume that the safety of your amazom stored credit card informaiton is compromised. The yahoo or google toolbar should be safe, but it is now suspected that the google toolbar is collecting personal web traffic, and gathering information that might be corporate sensitive. The 5% number might represent the truly malignant websites, but those are not the problem. As in nature, the truely malignant parasites will have a hard time surviving, as many will kill the host before they spread. It is the subtle parasites, the other 95%, that will continue to cause problems if we do not educate users to wash thier hands and avoid unprotected sex. In other words, do not accept all cookies and do not faoll for a horse or a rabbit, no matte how pretty it might look.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
5 percent? No way. Porn accounts for way more than 5 percent of internet traffic...
A-Bomb
If you look at their site analysis, you can cruise porn sites without visiting them. E.g.m /summary/
http://www.siteadvisor.com/sites/dirtyplumpers.co
Scroll to where it shows the graph of connected sites. Those sites are clickable to get their analysis, so you can iterate this process.
First I'm amazed at how many of these sites are listed as having "many users".
Second, the only reason I've seen so far for branding a site red is that if you give them your email address they will send you spam.
But the truth is.. MS, and other content providers are trying to make pc's as easy to operate as a television with as little control over the content as we have over TV now. I don't care if your MS or linux or a mozilla browser user.. you have wizards upon wizards and people never have to learn anything to use the internet "have you installed Acrobat reader in Windows lately? How about yahoo toolbar, how about our photocrap suite ooobie doobie shizzle just click next". It's all about getting you hooked up to the pipe and feeding you this and that "It used to be we'd have to have some documentation in some cases actual books to use and install our programs" While a good bit of you myself included may have a clue about the internet. Computers will never be built to our skillset again "they once were to a point" Everytime I install a new program it's giving me less and less control over what I do. AVG JOE USER likes this and prays that all software is so easy and forgiving."never mind that it just put in 400,000 registry links that somehow the uninstaller will miss later" So when AJU pops into crax.fat.happy.vir.org and gets some crap popping up to install he's like sure thats fine okie dokey CLICK! We're not the target of this crap.. mom/pop/uncle joe/ is the target because they don't have to know sh!t about using a pc because they just turn it on and it works. "ala TV" I've got people at work who've thrown out 2.8ghz pc's and bought new ones because they were too slow. This isn't their fault This is because they were told how easy the internet is and just click yes if you need a plugin etc. They've either been told by a friend to go ahead or told by a relative who's the infamous son in law that knows alot about computers that it was ok. It will never get any better until MS or some other content provider type controls everything you see and do on the internet. That or we require a certain amount of training before any user gets on the net. "we need a sandbox internet for training them hehe" All you need to watch TV is a TV.. all you need for the internet is a computer.. simple right? Lets make a rule that all advertisement related to Computers explicitly state these devices are for technically knowledgeable persons and should not be bought frivously to just put up a myspace page for little suzie. Alas.. that will never happen and big biz will continue to program to people without a lick of intelligence and slashdot will be here to cry and whine and piss and moan about the lack of control we have or laugh at the peons who can't seem to keep the spyware off their machines. /end rant/reply hehe.
Inane Comments are Generously Disregarded
*Mothers Against Downloading Pr0n
I took a look at SiteAdvisor and I actually think it'll be useful for me, as an experienced user, as well, surprisingly. I don't think I'll have much use for the red X junk, I know not to install random crap on my computer, but their analysis of downloads could be quite useful. You can pull up the list of all the modifications a program makes to your system, even for green files. If you ever wanted to know exactly what registry keys Google Desktop adds, for instance, you can just look it up.
They are using PestPatrol's database, from way before CA bought PestPatrol. It's woefully inaccurate and out of date. SiteAdvisor is an interesting idea, but worthless in its current form.
I work in a company that SiteAdvisor marked with big red "X" and I question the analysis by SiteAdvisor. For example, the SiteAdvisor claims that our site was spamming. Last time I checked, our site doesn't even take any "and I mean ANY" user info except whatever is being logged in Apache (click, hit, IP for organic traffic count). We even have corporate policy and network operation policy against sending out any smtp traffic from any of our machines without explicit end user consent (there used to be two "share with friend" and "contact support/webmaster" mailer code snippet). Matter of fact, long time ago, few smartass users found a hack for that mailer function and started to spam us and other people randomly, and since we found out, we alerted programmers and completely removed the mailer code snippet. And that was long ass time ago and no longer exists.
The funny part is that our site database doesn't even collect email address. So where does this spam comment comes from is just beyond me. Some comments even included virus and spyware!? I mean, wtf? The widgets and software are scanned twice with two different AVs and phones home for updates like RSS feed and software updates for bug fixes. How in the world does that constitute virus and spyware??? SiteAdvisor even put our site in one of their ads as "dangerous" site.
The way it looks, that 5% doesn't even sound that credible to me at this point. If you can't even get one site analysis correct, rest of their analysis would just as well be inaccurate. FYI, SiteAdvisor marked Yahoo! as safe. Some how that's funny to me in this regard.
like this???
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
That may have been true a long time ago, but is no longer.
How long have you been reading Slashdot? You must have missed this and this. And that's just in the recent past.
IIRC, at various times in the past, doing things like setting the wrong scan rate for flat panel displays for long enough periods have been known to cause hardware damage. The oldest such report I remember was from IBM, who discovered that if the heads of one of their multiplatter hard disk drives were driven in and out at a certain frequency for a long enough time, the vibrations could be transfered to the rotating media, causing head crashes. They actually patched the firmware to prevent any such periodic seeking.
This is great for those folks that refuse to give up Internet Exploiter(TM)(Like my Mom,Unfortunatly) Or click yes to everything--http://www.webattack.com/get/sandboxie .html
Basically I just install all their browsers into the sandbox then when they bring it back to be cleaned I can just delete the sandbox folder after backing up their bookmarks.It really does help with the ActiveX/Toolbar style crap that so many people fall for.
ACs don't waste your time replying, your posts are never seen by me.
I have a brother who is marred and has 2 kids between the ages of 12 and 15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics. That was on a Windows 98 machine which, as hard as I tried, simply could not secure or revive from all of the trojan horses and malware that had infected it.
Wayne_Knight (958917)
this sounds familiar...
from here:
I have a brother who is marred and has 2 kids between the ages of 12-15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics. That was on a Win98 SP2 machine which, as hard as I tried, I simply could not secure or revive from all of the trojans and malware that had infected it.
tokengeekgrrl (105602)
I am calling astroturf on these shens.
1. Get story posted on slashdot
2. ???
3. Profit!!!
step 2? Its actually post a dupe of the story and astroturf the comments section.
The vast majority of the time, IE is, quite literally, unsafe to use on the web (this includes browsers which really use IE internally, such as Maxthon). Although other browsers also have issues too, like all software, the same isn't generally true of Firefox etc.
Anyway you have to be careful when you surf the intrawebs now so serious. latezzz
The idea is great. Warn users about content that's unsafe. Sounds good, doesn't it? You don't have to be an IT-security expert to discriminate between "good" and "bad" webpages. So far, so good.
The fallacy starts with the question "who'll install it?". Well, who will? You will. I will. Everyone who knows about the problem will. But those who need it most won't. They don't even know that problem exists! So unless you manage to get this item into the fold of Microsoft's standard software, the tool will not make it onto the computer of those who need it worst.
But, against all odds, let's assume the tool gets to our unclued user's computer. Then he'll go to a website offering him a screensaver and the plugin will spew "WARNING!" all over the screen.
Warning?
Why?
A screensaver?
Must be an error. After all, what's dangerous about a harmless screensaver that shows me some cute and cuddly kitty pics? It's not that dreaded sex stuff that they warn me about on TV.
The whole deal is that people are just too friggin' CLUELESS to be left alone in the 'net. They're a danger to themselves and to others. Either get them off the 'net (ok, ok, I may dream... won't happen simply 'cause ISPs would run amok if they didn't have their comfortable low-bandwidth using users, not to mention the billion pages trying to sell you junk that we get (legally) for free), or educate them!
There is no technical solution for social problems!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.