McAfee Picks the Most Dangerous TLDs

CWRUisTakingMyMoney writes "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are .hk, .cn, and .info. Of all .hk sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of .cn sites and 11.7 percent of .info sites that way. A little more than 5 percent of the sites under the .com domain — the world's most popular — were identified as dangerous."

Which is more dangerous, then?

[Hawthorne01]

5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.

Bad math = bad reporting.

not their problem

[Brian+Gordon]

"Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others"
um since when is that the registrar's responsibility? they just point a domain name at an IP address-- that's the extent of the service.

Re:not their problem

[aredubya74]

Exactly. I'd be much more interested in looking at the stats by assigned IP blocks. That way, network admins could blacklist those ranges at their edge, adding exceptions as needed. It's a tough game to play, but it would also give admins an idea as to what ISPs are leaving obvious botnets intact and which ones aren't.

Age of website?

[QuietLagoon]

I'd bet if they would find an even better correlation if they looked at the age of the website's domain registration, not the domain it was registered under.

Word Problem Alert

[Colonel+Korn]

5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.

Bad math = bad reporting. When solving a word problem, one must find the mathematical expression that best expresses the question. You've got the wrong one.

You're making the argument that what really matters is the total number of malicious sites in each domain, not the fraction of sites within a domain that are malicious.

Clearly, however, the fraction is the more important metric. Consider a silly analogy:

There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. When choosing a safer place for a vacation, by your logic, I'd pick my jail, since the total number of offenders is lower. 50% of my fellows would be violent criminals. By my logic, I'd pick Hawaii, where there would be more criminals, but they'd only make up 0.1% of the people around me. I prefer my odds.

Re:lies, damned lies, and mcafee

[mattwarden]

Um, no. You are exactly wrong, in fact. It is true that there are a greater quantity of troublesome .ru sites in your example, but given a .ru domain and a .hk domain, the .hk domain is more likely to be troublesome. The fact that there are more .ru troublesome sites out there is only a result of there being more .ru sites out there. The only thing that affects is the likelihood that a given domain is a .ru domain.

Consider this:
Bag 1: 7 of 10 marbles are blue
Bag 2: 35 of 100 marbles are blue

There are more blue marbles in bag 2, but you are far more likely to pick a blue marble in the first bag.

The point of the article is: how much of an indication is it that a .xy domain is dangerous?