Slashdot Mirror
McAfee Picks the Most Dangerous TLDs
CWRUisTakingMyMoney writes "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are .hk, .cn, and .info. Of all .hk sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of .cn sites and 11.7 percent of .info sites that way. A little more than 5 percent of the sites under the .com domain — the world's most popular — were identified as dangerous."
Home of the goatse. Danger Will Robinson!
You see? You see? Your stupid minds! Stupid! Stupid!
.cx?
Ok, just where can I get a list of these 'Most Dangerous' TLD's to add to a 'block' list?
What the heck? The numbers are less than 20%.. would you block out 80% of a TLD?
complete lack of surprise.
.info site.
I don't think I've ever been to a
5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.
Bad math = bad reporting.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
...would anyone want to take security advice from McAffe?
There is a war going on for your mind.
"Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others"
um since when is that the registrar's responsibility? they just point a domain name at an IP address-- that's the extent of the service.
Is that dangerous to someone running IE on Windows, or dangerous to the person, like scams?
It seems like they kind of mashed the 2 together, but that is McAfee, so I would expect them to exaggerate the dangers of browsing without McAfee.
If I have nothing to hide, don't search me
I wonder where .xxx would've come in if it had been created.
Is there anything in .info worth reading anyway?
Seems like its only purpose is to garner registration fees.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
i live in Hong Kong.
.com.hk, we need business registration to get it registered, same goes for .edu.hk, .org.hk etc.
.hk, but i think the HKNIC (i forgot the name..) does have reasonable abuse TOS that these bad things get cancelled... so i would be glad if they could provide us with the domain names they flagged 'dangerous' and let's see how it goes....
here, if we are to register domain names, especially
the possible exception would be
Not even the malware folks can get a decent domain in .com anymore, they're all in use or squatted upon.
Slashdot Burying Stories About Slashdot Media Owned
I'd bet if they would find an even better correlation if they looked at the age of the website's domain registration, not the domain it was registered under.
The thing is far from foolproof. When I was bored one day I decided to start clicking on just about all the Google Adwords adverts I could find. Most of them were for those scam sites, you know the kind "click here to buy Firefox, Buy supsciption to Bittorent now!" Over half the sites were green according to Site Advisor. Really I'm sure that their numbers here at least give an idea as the how "dangrous" these TDLs are, put really they are liekly far off from the truth.
Um, yes. info is my favorite TLD. com is for commercial, net is for network services, org is for community organizations, us is for patriotfags, name is for 2-page autobiography websites... what do you do if you have a miscellaneous site or a site for hosting a programming project? Drop it in .info! (see sig)
Comment removed based on user account deletion
The problem with .cn domains: 30 minutes after you surf there, you want to surf there again...
Yes well it appears you are embedding a FLASH object with a Javascript object in your .info sig link. I'm onto you...
Disclaimer: I am not god.
We may not be created equal
But we can be treated equal.
Hundreds, perhaps thousands, of companies are in the business of registering domain names; some are large and well known, while others are small and less reputable, offering their services on the cheap and with flimsy or no background checks to lure in more customers. I've never had a registration questioned beyond my payment information...nor would I expect any sort of deeper investigation into my desire to register. Granted, most hosting providers specifiy restrictions on content/usage, but TLD registrars? Not in my experience at least...perhaps someone else can enlighten me?
Not to mention the further implication that the statistics from McAfee apparently weighed excessive pop-up ads with the same weight as malicious code [and] forms to fill out that actually are tools for harvesting e-mail addresses Seems like another set of stats designed to sell a product to me...
5% seems absurdly high.
I wonder how the 5% was chosen? I mean how does one actually sample this in a meaningful way. For example, suppose one enumerated every possible webpage and sampled those randomly. Or, given that that is impossible, suppose one enumerated every TLD and samlpled those.
This still would not accord with user experience. User experience is you start from some place on the web and click outward following links. Usually the starting place is some aggregator like Google.
Following that kind of trajectory is not the same as uniformly sampling TLDs or webapges, but is how users interact.
I can say with certainty that 5% of the links I click are not "dangerous".
Some drink at the fountain of knowledge. Others just gargle.
Bad math = bad reporting. When solving a word problem, one must find the mathematical expression that best expresses the question. You've got the wrong one.
You're making the argument that what really matters is the total number of malicious sites in each domain, not the fraction of sites within a domain that are malicious.
Clearly, however, the fraction is the more important metric. Consider a silly analogy:
There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. When choosing a safer place for a vacation, by your logic, I'd pick my jail, since the total number of offenders is lower. 50% of my fellows would be violent criminals. By my logic, I'd pick Hawaii, where there would be more criminals, but they'd only make up 0.1% of the people around me. I prefer my odds.
"I zero-index my hamsters" - Willtor (147206)
.com
.com TLDs pretty dangerous.
I hear mcafee.com makes the
---
LOL, my confirm-I'm-not-a-script image is "roughest".
Well, the linked article mentioned the report being named Mapping the Mal Web, which is what I searched for on the mcafee.com. Turns out they thought I was looking for Mapping the Mall Web.
Anyway, all I could find was this thing from last spring.
What complete non-news. I read TFA, and the most informed statement that it made was don't buy your Prozac from China. Brilliant.
Those sites are just chock full of advertisements for Norton and download links to NOD32...
I work for the Department of Redundancy Department.
Nothing wrong with mine....
I know they aren't TLD's but has anyone noticed ads on tv that have URLs like www.37CreditHelp.com or www.62CollegeDerees.com I always wondered why they do that. It's kind of a red flag to me when I see that.
In a world of acronyms, the words are the real victims.
I agree that crap math is the key to this story. If there are 1,000,000* .ru sites and 6.8% are hostile, that's almost 70000 sites, if there are 25,000 .hk sites and 19% are hostile that's (lemme get my slide rule real quick) 4,750 sites. Clearly the .ru TLD is more likely to cause troubles.
Note I'm pulling all numbers out of thin air for demonstration purposes, I've no idea if these are the actual numbers but it's safe to assume that McAfee spent less than half the time and effort on their report than I did in writing this comment.
this is getting old and so are you
blog
Security advice coming from a company that embeds Webtrends profiling into their AV (a product supposed to protect you)
resolve sdc.mcafee.com and it points to Webtrends an unconnected third party specialising in tracking (or digital stalking) people, who knows what information is transmitted the user doesnt get a chance to opt out or even asked permission, and guess what app needs a hole in firewall ?
Mcafee is nothing more than a marketing company that makes software (like symantec)
NOT a software company that does marketing.
This article is just a fluff piece to keep their brand name in the public eye, nothing more.
perhaps they are feeling the pinch as more and more consumers wise up to their shady sales tactics
WTF? They left out the most dangerous TLD of them all: .cowboyneal
Well, there's spam egg sausage and spam, that's not got much spam in it.
Don't forget .ng (Nigeria). I don't think anything good ever comes from that domain.
Beware of bugs in the above code; I have only proved it correct, not tried it.
gnuplot.info?
I am TheRaven on Soylent News
Seriously, though, this report doesn't help their credibility.
Why should we care which TLDs are more likely to contain malware? Are we actually going to learn anything from making random correlations like this? Obviously there are also plenty of scammers at "less dangerous" TLDs and plenty of honest folks at the "dangerous" ones, and there are of course vastly more precise ways to determine the safety of a site than by its TLD.
So of what value is this distinction then, apart from an amusing press release to make it look like McAfee is hard at work researching computer security? Are crack houses more likely to have even street numbers? Are blue eyed people more likely to be sex offenders?
Your mind is clear / The things that you fear / Will fade with how much you / Believe what you hear
I let mcgrew.info lapse, so .info should be safe now. However, horror awaits the unsuspecting eyeballs that cruise .org, since I have a journal at slashdot. I'm told it's far worse than goatse.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
I actually have a .info domain that I use for my personal website (mainly because the registration cost for the domain was almost nothing just as they started up the .info TLD), I also know of a few other useful .info sites like growl.info.
/Mikael
Greylisting is to SMTP as NAT is to IPv4
One other interesting note is that .05% of .gov's are listed as dangerous. So is that like from when the www.nsa.gov website left that tracking cookie on your computer or is there a actual government website out there that is actually dangerous to visitors?
www.the-underdogs.info is a good gaming site. They were on .com, but it got cyber squatted. And then .org got cyber squatted too.
http://www.regular-expressions.info/
Ok, now .org is dangerous too.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Home of the complete goatse collection. Enjoy yourselves!
Of all ".hk" sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors . . .
A little more than 5 percent of the sites under the ".com" domain -- the world's most popular -- were identified as dangerous.
If I recall, when I registered my .com domain name, the only thing I had to verify is that I'm human, via captcha. I can't imagine how they could be less secure for other domains. Perhaps, they do away with the captcha?
I doubt this has anything to do with registrars' verification procedures. If I made a wild a55ed guess to explain this, I'd say many of the .com sites are larger and have better security. Sites on other TLDs are smaller, less secure, and have been hacked.
I wonder if the author's explanation of cutting corners was merely a WAG. Unless I missed something, the author did not provide a citation for this explanation.
Comment removed based on user account deletion
So they either have awesome virus scanners,
Or they reinstall regularly
Or they use very robust scanners that are some how immune to the various injection attacks.
Or they are horribly infected.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
...would a link to the full set of Goatse pictures be moderated "Interesting"
If visiting a page could pose a risk, then you would be much better served by upgrading your browser than installing a blacklist. Most browsers should be able to visit the most maliciously-made-as-possible webpage with no risk at all. What are you doing, downloading and executing code from web pages?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Yeah, it's too bad McAfee Inc acts like there's nothing in the world but Windows. If they were honest, they would have a list of browsers and OS really endangered but they would like to say this is a "computer" problem instead of a Windows problem. The words, "Microsoft" and "Windows" did not occur in the article.
I am a name troll of Westlake. Visit my homepage to learn why.
I have another take. Maybe McAfee is trying to grow its reach in China, what with a billion something people and recent fortunes. I have lived in Hong Kong, and telling honkies anything about their society is unsafe will push them to purchase remedies and protections in droves. Same as in any society ;-)
;-)
1 - Scare/insult the Chinese in a phony international ranking and place them in the worst position.
2 - wait for them to fix this, coming to you for help an buying your crap
3 - profit!
Hey! I think McAfee have finally written a correct algorithm, efficient. Too bad, it's malware
Whether registrars are verifying domain owners has NOTHING whatever to do with which TLD the 'dangerous' websites are located in.
.COM with no impact to them whatsoever.
If they believe this article, those 'dangerous' website operators will just put their domain under
I think it's cute how you still think any of the TLDs are still used for their originally intended purposes.
Don't forget .ng (Nigeria). I don't think anything good ever comes from that domain.
.no - Norway
.sh - Saint Helena
.it - Italy
sherlock
"Hannibal's plans never work right. They just work." Amy/A-Team
Did Twitter turn your goatse conversation into one about why the web is dangerous for so many people? Cry me a river.
Well they aren't but they should be.
SiteAdvisor is basically an anti-virus program connected to a web spider; it downloads pages and looks for hostile code. This is valuable as a firewall feature, but it doesn't say much about whether a domain is worth visiting.
PhishTank has a list of sites currently involved in phishing scams. Let's take a look at that. At SiteTruth, we have historical PhishTank data in a database, with 40997 phishing attacks recorded. So when we ask the right question (which is "SELECT SUBSTRING_INDEX(domain,".",-1) AS tld, COUNT(*) as cnt FROM domainnegatives GROUP BY SUBSTRING_INDEX(domain,".",-1) ORDER BY cnt DESC LIMIT 20;"), we get
Here, "com" is by far the most popular TLD with phishers. This reflects the desires by phishers to have a plausible-looking domain name. Some phishers, the ones who register domains in bulk, do pick rather bogus-looking domains (like "0001fyg0.com" "00039cscsgrjc.com" "0003s6tw0wqf70l.com" "0003ureb.com" "0004ssen.com" "0004y1x9.com" "00062lku1ekaj.com"). Others have more plausible choices, (like "americaonllinebank.com").
Top-level domain statistics are more of a curiosity than anything else. They don't help you avoid or deal with attacks. We could generate many other similar statistics, and we've posted some on the SiteTruth blog.
Are you crazy? Prince Abu Madu is in the process right now of sending me a check for $500,000. All I had to do was send him $5000 to cover the bank release charges. So you go ahead and keep thinking nothing good comes from .ng - I'll be laughing at you from my yacht.
yes, yes there is my favorite conspiracy theorist is on a .info www.justtalking.info
You would think that the AP or Yahoo would point out the distinction instead of just running a corporate press release. Who said there was some kind of animosity between Microsoft and Yahoo? Oh yeah, M$ did but both the AP and Yahoo are compliant supplicants who will run an advertisement and call it news.
I am a name troll of Westlake. Visit my homepage to learn why.
Who marked the parent troll? It's true that "Microsoft" and "Windows" are never mentioned in the article and that this is what makes those other sites "dangerous".
Why do you insist on misleading everyone into thinking there is a conversation between multiple people taking place? You've done this "reply to the goatse troll with all my sockpuppets" thing before, and it didn't work out too well then either.
My offtopic moderation is well deserved. Your "insightful" one is not.
The twitter monologues. Click on my homepage and be amazed.
I have nearly 30 years experience and IMHO, the ICANN should authorize a select few companies to scan the Internet looking for harmful pages and give those companies the authority to enter "votes" into a central system that will (after reaching quorum) directly update the root DNS servers to block those hostile domain names, regardless of TLD or country. But we need something a lot more effective than UDRP to get a domain back out of the block list. (Can't tell you how many letters I get from squatters that say "we have .XYZ version of your domain, cost you $5000 just to file papers for trademark dispute ha ha pay us $1000 thru sedo.com and we see.") The Internet is self-healing in a lot of respects and we need to go the extra mile to include auto-shutdown of virus distributing websites which hurt our less technical friends, family and their employers and cost blood by slowing the world economy. This kind of thing could be used as a weapon and may lead to some nations breaking away from ICANN-controlled domain servers, so work needs to be done to ensure that those who break away are not routable without going through explicit gateways which also enforce the block-list. All of this could be paid for by $0.10 increase in domain registration costs but I would bet real money it takes them a decade to implement.
So I lose my registration because I'm not a network?
My local city government uses a .info website. Its a Los Angeles suburb, "Manhattan Beach".
See here: http://www.citymb.info
But yeah, too many cities with Manhattan in their name.
Well, fuck you asshole
I agree with blocking .ru .am to the list of blocked TLDs. .am or .ru site using Internet Explorer. However, Opera or Firefox with Java and Javascript disabled, and the Flash plugin disabled, is reasonably safe for .am and .ru TLDs.
I'd add
Never go to a
Anyone mentioning IE, Windows and the shame of passing off McAffee's press release as news has been modded troll. The people doing this would rather shove goatse in your face. Look at it:
All of these posts had valid and interesting points and a lot of mod points were used to bury it all. Wake up moderators! Do the trolls really have that much over this place?
is karma that important to you? are you that desperate? you remind me of the bad days of vladinator and bonch.
The 19% is still surprising but not that way off if I'm right that they are considering websites easily exploitable.
We have cheap hosting like the US, but I don't see a lot of scaled business around.
It means that we have the technology and the people with the knowledge of security, but FWIW things like keeping updated or duct-taping niches are always considered luxuries in terms of resources for most of the mid-core companies. Sad
BTW, I think these kind of reports are not that completely useless from the point of views of people like me.
No but you're not playing by the rules.
As my username implies I am in Hong Kong.
.gov.hk domains and using .hk Duh!
.com.hk registrations require for companies to file the companies Business registration certificate. After a decade in Hong Kong I can confirm that never anyone with .com.hk has ripped our company off.
.com.hk zone. Bless them.
HKDNR previous laxed policies (profit centered) of anything goes means that there is still a pile of domains out there that are used by non-HK people for dodgy purposes.
Spammers and also lots of China companies use HK domains to ride of HK's reputation as financial center and a country/region with solid legal infrastructure and gain a persons trust.
Spammers used them as originating addresses to get spam through.
If you google on HKDNR you will see lots of posts claiming that it supports or lets spammers and criminals use its domains for anything.
The regulations have changed which allows the registrar to strike off any domain seen doing anything bad. Still that does not mean that there isn't a load of dormant or active domains being used for or will be used for non-legit purposes.
Now even the stupid goverment has started to stop using
http://blog.hk.com/index.php?/archives/69-The-HKSAR-government-should-only-use-gov.hk-domains.html
If you are doing business in HK note that
Bless HKDNR they seem to able to immaculately execute every single cock up in the book. A couple of years ago they managed to delete half of the domains off the
Is it really that difficult to figure out that "westbake" and "Odder" are the same person? twitter is just using some of his ten different accounts to game the moderation system.
30 minutes after you surf there, you want to surf there again...
You must be new here...
http://www.spybot.info/
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Yes, you are, you SAD, SORRY, MISERABLE LITTLE FUCK!
But I want to scream about how Twitter will gladly neglect his friends, his family, and his job, just to get some sick satisfaction out of pissing the rest of us off! ASSHOLE!
www.spybot.info
"The New Age. The New Beginning."
Rules ?
Where we're going, we don't need rules.
-Billco, Fnarg.com
http://blacklist.linuxadmin.org/ will generate netblock lists, which you can use to populate iptables (and others) with the appropriate filtering rules.
-Billco, Fnarg.com
Man, I'm in trouble, I'm neither a network provider nor an organization.
My 0.02 cents
No, of course not. Just a concerned bystander.
The twitter monologues. Click on my homepage and be amazed.
Good. I'll snag your site as well with the block. :P
Yes, Anarchy for all!
Crowd: Booo!
Fine Anarchy for some and miniature flags for others
Crowd: Yay!
Perhaps. The problem is that they're all made by the same person - you. This is not about "shoving goatse" or "Windoze" or "M$", is it.
How longer do you figure you have until a majority of people here figure out that you've been insulting their intelligence and basically calling them idiots to their face?
.info used to sell for like $2, and at the end of 2007 or so .cn used to be like 25 cents - sure everybody who need to change domains frequently due to some inconveniences and googlefuckers got plenty of those, now googlefuckers sell .cn in thousands because google punish .cn for english sites. I do not know about .hk
Damn you HK-47.
When travelling, it's ok if the airlines lose your emotional baggage.
Argh!!! You tricked me, it is not slashdotted at all!!!
My eyes, MY EYES!!!
How else does 6.8% of 1000000 become "almost 70000" rather than the equally quickly calculated and more accurate 68000?
.hk sites even if there were almost 3 times as many hostile .ru sites.
Also, if I replace the 19% figure in your example with say, 99%? Don't know about you, but in that case I'd stay the fuck away from
As you can see, the percentage is less important that the volume, except when it isn't. What fun!
Replying to yourself is almost always redundant. I read that the reason you made so many sockpuppets was to avoid "unfair" moderation, but if that problem did not exist and you posted with the same name, you would still get hammered for replying to yourself MULTIPLE times! You don't need enemies. You are your own worst enemy.
So, that's *not* informative. Let other people speak. Is it possible that you think your views are so important that you need three or four times the space as anyone else?
Those are my principles. If you don't like them I have others. -Groucho Marx
read this, troll.