Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Picks the Most Dangerous TLDs

Posted by CmdrTaco on from the all-fear-dot-vg dept.

CWRUisTakingMyMoney writes "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are .hk, .cn, and .info. Of all .hk sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of .cn sites and 11.7 percent of .info sites that way. A little more than 5 percent of the sites under the .com domain — the world's most popular — were identified as dangerous."

13 of 184 comments (clear)

  1. Which is more dangerous, then? by Hawthorne01 · · Score: 5, Insightful

    5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.

    Bad math = bad reporting.

    --
    "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
  2. not their problem by Brian+Gordon · · Score: 5, Insightful

    "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others"
    um since when is that the registrar's responsibility? they just point a domain name at an IP address-- that's the extent of the service.

    1. Re:not their problem by aredubya74 · · Score: 5, Insightful

      Exactly. I'd be much more interested in looking at the stats by assigned IP blocks. That way, network admins could blacklist those ranges at their edge, adding exceptions as needed. It's a tough game to play, but it would also give admins an idea as to what ISPs are leaving obvious botnets intact and which ones aren't.

      --

      RW

  3. Age of website? by QuietLagoon · · Score: 5, Insightful

    I'd bet if they would find an even better correlation if they looked at the age of the website's domain registration, not the domain it was registered under.

  4. Stats To Drive Sales? by RavenofNi · · Score: 2, Insightful
    I could be missing something, but the implication here seems to be that McAfee and TFA seem to think that domain registation companies should be responsible for what I do with my domains...

    Hundreds, perhaps thousands, of companies are in the business of registering domain names; some are large and well known, while others are small and less reputable, offering their services on the cheap and with flimsy or no background checks to lure in more customers. I've never had a registration questioned beyond my payment information...nor would I expect any sort of deeper investigation into my desire to register. Granted, most hosting providers specifiy restrictions on content/usage, but TLD registrars? Not in my experience at least...perhaps someone else can enlighten me?

    Not to mention the further implication that the statistics from McAfee apparently weighed

    excessive pop-up ads with the same weight as

    malicious code [and] forms to fill out that actually are tools for harvesting e-mail addresses Seems like another set of stats designed to sell a product to me...
    1. Re:Stats To Drive Sales? by FishWithAHammer · · Score: 2, Insightful

      While your point is good, I lol'd at this from McAfee: "excessive pop-up ads."

      "Excessive" pop-up ads? How about any pop-up ads?

      --
      "You can either have software quality or you can have pointer arithmetic, but you cannot have both at the same time."
  5. Word Problem Alert by Colonel+Korn · · Score: 4, Insightful

    5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.

    Bad math = bad reporting. When solving a word problem, one must find the mathematical expression that best expresses the question. You've got the wrong one.

    You're making the argument that what really matters is the total number of malicious sites in each domain, not the fraction of sites within a domain that are malicious.

    Clearly, however, the fraction is the more important metric. Consider a silly analogy:

    There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. When choosing a safer place for a vacation, by your logic, I'd pick my jail, since the total number of offenders is lower. 50% of my fellows would be violent criminals. By my logic, I'd pick Hawaii, where there would be more criminals, but they'd only make up 0.1% of the people around me. I prefer my odds.
    --
    "I zero-index my hamsters" - Willtor (147206)
    1. Re:Word Problem Alert by pha7boy · · Score: 2, Insightful

      There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. I'd pick your town. your criminals are in jail. the guys in Hawaii are running free. :)

      5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?. True. in cases like that, I think nominal values are better then ratios. fact is you're more likely to end up on a bad dotcom site then a bad dothk or dotcn site. However, there is another metric that would have to be considered: reasons for visiting sites. If you're surfing for legit purposes, how likely are you to click on a bad site? If you're searching for keys, cracks, or other stuff like that, you're more likely to click on a bad link. So then you should look at what percentages of site in the respective domains contain information that is, well, not quite kosher.
      --
      -- All this knowledge is giving me a raging brainer.
  6. Use Linux/Firefox and nobody gets hurt... by drpickett · · Score: 2, Insightful

    What complete non-news. I read TFA, and the most informed statement that it made was don't buy your Prozac from China. Brilliant.

  7. Re:lies, damned lies, and mcafee by mattwarden · · Score: 4, Insightful

    Um, no. You are exactly wrong, in fact. It is true that there are a greater quantity of troublesome .ru sites in your example, but given a .ru domain and a .hk domain, the .hk domain is more likely to be troublesome. The fact that there are more .ru troublesome sites out there is only a result of there being more .ru sites out there. The only thing that affects is the likelihood that a given domain is a .ru domain.

    Consider this:
    Bag 1: 7 of 10 marbles are blue
    Bag 2: 35 of 100 marbles are blue

    There are more blue marbles in bag 2, but you are far more likely to pick a blue marble in the first bag.

    The point of the article is: how much of an indication is it that a .xy domain is dangerous?

  8. Re:You know, Google browses everything by Chief+Camel+Breeder · · Score: 2, Insightful

    The robust-scanner one, almost certainly. This is likely an easier job than hardening an interactive web-browser. Their robot has no need to execute anything it comes across, so downloaded script needn't be allowed to execute anything, ever. It has no need to render any of the media, so none of the image-library attacks can work. They don't have to keep anything that they scan, so no save-to-disc code. In short, they can maintain exceptionally strong separation between their scanner and its host.

    If they were paranoid enough, they could run the robot in a virtual machine and reinstall that after each scanning run. I have no idea if they consider that worthwhile.

  9. Re:5%, I'm surprised by blueskies · · Score: 2, Insightful

    You're a complete idiot. If you are running IE there are sites out there that will compromise your computer. Their plug-in is a free (as in beer) and you get access to why exactly a site is marked as dangerous. They will even show you which downloads they think are bad -- go download them and deal with the exploits and malware if you really think it is BS.

    Sure they are selling security software, but why don't you at least check it out before shooting your mouth off?

  10. Re:5%, I'm surprised by wolf30082 · · Score: 2, Insightful

    What is all this in real numbers, anyway? 5% of .com could be 800 times 20% of .hk This is just a silly-season piece of useless fluff, don't you think?

    --
    Like Linux and Solaris? lsc.hsi-us.com is a solaris/linux comparator in process..