Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Picks the Most Dangerous TLDs

Posted by CmdrTaco on from the all-fear-dot-vg dept.

CWRUisTakingMyMoney writes "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are .hk, .cn, and .info. Of all .hk sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of .cn sites and 11.7 percent of .info sites that way. A little more than 5 percent of the sites under the .com domain — the world's most popular — were identified as dangerous."

6 of 184 comments (clear)

  1. Re:.cx by 192939495969798999 · · Score: 1, Informative

    Obviously, this study was about quantity of dangerous sites, not quality... we all know that .cx has the single 'highest' quality dangerous site.

    --
    stuff |
  2. I used Site advisor once.. by Warll · · Score: 4, Informative

    The thing is far from foolproof. When I was bored one day I decided to start clicking on just about all the Google Adwords adverts I could find. Most of them were for those scam sites, you know the kind "click here to buy Firefox, Buy supsciption to Bittorent now!" Over half the sites were green according to Site Advisor. Really I'm sure that their numbers here at least give an idea as the how "dangrous" these TDLs are, put really they are liekly far off from the truth.

  3. lies, damned lies, and mcafee by the_rev_matt · · Score: 2, Informative

    I agree that crap math is the key to this story. If there are 1,000,000* .ru sites and 6.8% are hostile, that's almost 70000 sites, if there are 25,000 .hk sites and 19% are hostile that's (lemme get my slide rule real quick) 4,750 sites. Clearly the .ru TLD is more likely to cause troubles.

    Note I'm pulling all numbers out of thin air for demonstration purposes, I've no idea if these are the actual numbers but it's safe to assume that McAfee spent less than half the time and effort on their report than I did in writing this comment.

    --
    this is getting old and so are you

    blog

  4. Re:Word Problem Alert by Mr.+Underbridge · · Score: 3, Informative

    He's right. If you pick a single site to interact with, the total number of sites that share that domain doesn't matter. His analogy is spot on.

    In effect, he defined Bayes' rule for you.

  5. A Windows problem, not a computer problem. by westbake · · Score: 2, Informative

    Yeah, it's too bad McAfee Inc acts like there's nothing in the world but Windows. If they were honest, they would have a list of browsers and OS really endangered but they would like to say this is a "computer" problem instead of a Windows problem. The words, "Microsoft" and "Windows" did not occur in the article.

    --
    I am a name troll of Westlake. Visit my homepage to learn why.
  6. Re:Word Problem Alert by mckinnsb · · Score: 2, Informative

    When solving a word problem, one must find the mathematical expression that best expresses the question. You've got the wrong one. You're making the argument that what really matters is the total number of malicious sites in each domain, not the fraction of sites within a domain that are malicious. Clearly, however, the fraction is the more important metric. Consider a silly analogy: There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. When choosing a safer place for a vacation, by your logic, I'd pick my jail, since the total number of offenders is lower. 50% of my fellows would be violent criminals. By my logic, I'd pick Hawaii, where there would be more criminals, but they'd only make up 0.1% of the people around me. I prefer my odds.


    I really don't think that either conclusion - either the GP or the P, is entirely correct, at least in terms of "what does this report mean for the general populace".

    To the post I reply to: you correctly rebuffed your parent post to a degree, but, when choosing an analogy to determine the importance of a metric, you should probably make sure that the analogy you choose shares similar logical interrelationships among its components to the problem you are analyzing, especially with regards to the logical steps you make along the way within the analogy to arrive at a conclusion also contained in the analogy which would then correspond to a reasonable assumption outside of the analogy.

    The problem with your solution based on your choice of odds is that you made an analytic oversimplification at the point you state "When choosing a safer place for vacation."

    Here is where you were right in your rebuff: if I was to follow a link from an email or website, and it ended in ".cn" or ".hk" , I should be more wary because my chances of encountering something malicious on that webpage are higher, based on established researched ratios.

    You admitted your analogy was a little silly, and here is where it could have been a little more complex: concerning security as a whole, you may not necessarily be able to "choose a safer place to vacation" here. When you are attempting to block SPAM, E-mailed malware, or automated bot-nets, *quantity* matters more than ratio. If you set your email filters to aggressively filter all .cn email, but then less aggressively filter .ru email, you would potentially be letting in more spam, assuming that aggressive filters may also destroy legitimate communication and you wouldn't use the highest level on all domains. Concerning botnets, these malicious computers are not necessarily in China or Russia, and the computers they compromise could easily be off these domains, so when it comes to getting rid of these computers or uprooting these nets, pure numbers do matter, because the numbers may lead to a picture of an estimate of "compromised computers based off IP".

    I think it would be interesting if MacAfee found out which Domain Registrars were granting domain names to IP addresses outside of the country that the domain name was requested for more than others. Then we would have some real information we could do something with. This just shows us which domain names are easy to get, and not necessarily because of the laws of a country (someone posted about Hong Kong having strict requirements), but the ease of Domain Registrars to simply register an "offshore IP" with a country-based domain either because of: the architecture of the technology itself and the difficulty of securing it; the lack of delegation of authority to a government or commercial body to monitor domain registry ensuring that IP's are located within their listed country domain; the willingness of some Domain Registrars to register domains outside of a country recklessly (either aware or unaware of their bad indentions) to make money; or potentially, all three of the previously listed hypotheses.