Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Picks the Most Dangerous TLDs

Posted by CmdrTaco on from the all-fear-dot-vg dept.

CWRUisTakingMyMoney writes "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are .hk, .cn, and .info. Of all .hk sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of .cn sites and 11.7 percent of .info sites that way. A little more than 5 percent of the sites under the .com domain — the world's most popular — were identified as dangerous."

44 of 184 comments (clear)

  1. .cx by Junior+J.+Junior+III · · Score: 4, Funny

    Home of the goatse. Danger Will Robinson!

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  2. Re:Where can I get a list of these TLD to block ou by Brian+Gordon · · Score: 3, Interesting

    What the heck? The numbers are less than 20%.. would you block out 80% of a TLD?

  3. Which is more dangerous, then? by Hawthorne01 · · Score: 5, Insightful

    5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.

    Bad math = bad reporting.

    --
    "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
  4. Why the hell... by Jaysyn · · Score: 5, Funny

    ...would anyone want to take security advice from McAffe?

    --
    There is a war going on for your mind.
  5. not their problem by Brian+Gordon · · Score: 5, Insightful

    "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others"
    um since when is that the registrar's responsibility? they just point a domain name at an IP address-- that's the extent of the service.

    1. Re:not their problem by aredubya74 · · Score: 5, Insightful

      Exactly. I'd be much more interested in looking at the stats by assigned IP blocks. That way, network admins could blacklist those ranges at their edge, adding exceptions as needed. It's a tough game to play, but it would also give admins an idea as to what ISPs are leaving obvious botnets intact and which ones aren't.

      --

      RW

  6. Define "Dangerous" by corsec67 · · Score: 4, Interesting

    Is that dangerous to someone running IE on Windows, or dangerous to the person, like scams?

    It seems like they kind of mashed the 2 together, but that is McAfee, so I would expect them to exaggerate the dangers of browsing without McAfee.

    --
    If I have nothing to hide, don't search me
  7. I wonder... by computerman413 · · Score: 2, Interesting

    I wonder where .xxx would've come in if it had been created.

    1. Re:I wonder... by cryptodan · · Score: 5, Funny

      I wonder where .xxx would've come in if it had been created. It would be 69%.
  8. sorry, but i just don't get it... by ketamine-bp · · Score: 5, Interesting

    i live in Hong Kong.

    here, if we are to register domain names, especially .com.hk, we need business registration to get it registered, same goes for .edu.hk, .org.hk etc.

    the possible exception would be .hk, but i think the HKNIC (i forgot the name..) does have reasonable abuse TOS that these bad things get cancelled... so i would be glad if they could provide us with the domain names they flagged 'dangerous' and let's see how it goes....

    1. Re:sorry, but i just don't get it... by gad_zuki! · · Score: 3, Interesting

      This issue may not be the number of shady TLD registrants, it may be the number of compromised hosts. If .hk has too many hackers or a culture of crime then they may prey on local resources and use those for international spamming/phishing. Or it may be a target for other reasons (lax computer crime laws, etc).

  9. Because there are no more good dot-coms. by Rob+T+Firefly · · Score: 4, Funny

    Not even the malware folks can get a decent domain in .com anymore, they're all in use or squatted upon.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  10. Age of website? by QuietLagoon · · Score: 5, Insightful

    I'd bet if they would find an even better correlation if they looked at the age of the website's domain registration, not the domain it was registered under.

  11. I used Site advisor once.. by Warll · · Score: 4, Informative

    The thing is far from foolproof. When I was bored one day I decided to start clicking on just about all the Google Adwords adverts I could find. Most of them were for those scam sites, you know the kind "click here to buy Firefox, Buy supsciption to Bittorent now!" Over half the sites were green according to Site Advisor. Really I'm sure that their numbers here at least give an idea as the how "dangrous" these TDLs are, put really they are liekly far off from the truth.

  12. Chinese domains by Anonymous Coward · · Score: 5, Funny

    The problem with .cn domains: 30 minutes after you surf there, you want to surf there again...

  13. Stats To Drive Sales? by RavenofNi · · Score: 2, Insightful
    I could be missing something, but the implication here seems to be that McAfee and TFA seem to think that domain registation companies should be responsible for what I do with my domains...

    Hundreds, perhaps thousands, of companies are in the business of registering domain names; some are large and well known, while others are small and less reputable, offering their services on the cheap and with flimsy or no background checks to lure in more customers. I've never had a registration questioned beyond my payment information...nor would I expect any sort of deeper investigation into my desire to register. Granted, most hosting providers specifiy restrictions on content/usage, but TLD registrars? Not in my experience at least...perhaps someone else can enlighten me?

    Not to mention the further implication that the statistics from McAfee apparently weighed

    excessive pop-up ads with the same weight as

    malicious code [and] forms to fill out that actually are tools for harvesting e-mail addresses Seems like another set of stats designed to sell a product to me...
    1. Re:Stats To Drive Sales? by FishWithAHammer · · Score: 2, Insightful

      While your point is good, I lol'd at this from McAfee: "excessive pop-up ads."

      "Excessive" pop-up ads? How about any pop-up ads?

      --
      "You can either have software quality or you can have pointer arithmetic, but you cannot have both at the same time."
  14. 5%, I'm surprised by goombah99 · · Score: 3, Interesting

    5% seems absurdly high.

    I wonder how the 5% was chosen? I mean how does one actually sample this in a meaningful way. For example, suppose one enumerated every possible webpage and sampled those randomly. Or, given that that is impossible, suppose one enumerated every TLD and samlpled those.

    This still would not accord with user experience. User experience is you start from some place on the web and click outward following links. Usually the starting place is some aggregator like Google.

    Following that kind of trajectory is not the same as uniformly sampling TLDs or webapges, but is how users interact.

    I can say with certainty that 5% of the links I click are not "dangerous".

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:5%, I'm surprised by gnuman99 · · Score: 3, Funny

      The 5% number cames straight out of goatse.cx's ass

    2. Re:5%, I'm surprised by blueskies · · Score: 2, Insightful

      You're a complete idiot. If you are running IE there are sites out there that will compromise your computer. Their plug-in is a free (as in beer) and you get access to why exactly a site is marked as dangerous. They will even show you which downloads they think are bad -- go download them and deal with the exploits and malware if you really think it is BS.

      Sure they are selling security software, but why don't you at least check it out before shooting your mouth off?

    3. Re:5%, I'm surprised by wolf30082 · · Score: 2, Insightful

      What is all this in real numbers, anyway? 5% of .com could be 800 times 20% of .hk This is just a silly-season piece of useless fluff, don't you think?

      --
      Like Linux and Solaris? lsc.hsi-us.com is a solaris/linux comparator in process..
  15. Word Problem Alert by Colonel+Korn · · Score: 4, Insightful

    5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.

    Bad math = bad reporting. When solving a word problem, one must find the mathematical expression that best expresses the question. You've got the wrong one.

    You're making the argument that what really matters is the total number of malicious sites in each domain, not the fraction of sites within a domain that are malicious.

    Clearly, however, the fraction is the more important metric. Consider a silly analogy:

    There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. When choosing a safer place for a vacation, by your logic, I'd pick my jail, since the total number of offenders is lower. 50% of my fellows would be violent criminals. By my logic, I'd pick Hawaii, where there would be more criminals, but they'd only make up 0.1% of the people around me. I prefer my odds.
    --
    "I zero-index my hamsters" - Willtor (147206)
    1. Re:Word Problem Alert by pha7boy · · Score: 2, Insightful

      There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. I'd pick your town. your criminals are in jail. the guys in Hawaii are running free. :)

      5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?. True. in cases like that, I think nominal values are better then ratios. fact is you're more likely to end up on a bad dotcom site then a bad dothk or dotcn site. However, there is another metric that would have to be considered: reasons for visiting sites. If you're surfing for legit purposes, how likely are you to click on a bad site? If you're searching for keys, cracks, or other stuff like that, you're more likely to click on a bad link. So then you should look at what percentages of site in the respective domains contain information that is, well, not quite kosher.
      --
      -- All this knowledge is giving me a raging brainer.
    2. Re:Word Problem Alert by Mr.+Underbridge · · Score: 3, Informative

      He's right. If you pick a single site to interact with, the total number of sites that share that domain doesn't matter. His analogy is spot on.

      In effect, he defined Bayes' rule for you.

    3. Re:Word Problem Alert by mckinnsb · · Score: 2, Informative

      When solving a word problem, one must find the mathematical expression that best expresses the question. You've got the wrong one. You're making the argument that what really matters is the total number of malicious sites in each domain, not the fraction of sites within a domain that are malicious. Clearly, however, the fraction is the more important metric. Consider a silly analogy: There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. When choosing a safer place for a vacation, by your logic, I'd pick my jail, since the total number of offenders is lower. 50% of my fellows would be violent criminals. By my logic, I'd pick Hawaii, where there would be more criminals, but they'd only make up 0.1% of the people around me. I prefer my odds.


      I really don't think that either conclusion - either the GP or the P, is entirely correct, at least in terms of "what does this report mean for the general populace".

      To the post I reply to: you correctly rebuffed your parent post to a degree, but, when choosing an analogy to determine the importance of a metric, you should probably make sure that the analogy you choose shares similar logical interrelationships among its components to the problem you are analyzing, especially with regards to the logical steps you make along the way within the analogy to arrive at a conclusion also contained in the analogy which would then correspond to a reasonable assumption outside of the analogy.

      The problem with your solution based on your choice of odds is that you made an analytic oversimplification at the point you state "When choosing a safer place for vacation."

      Here is where you were right in your rebuff: if I was to follow a link from an email or website, and it ended in ".cn" or ".hk" , I should be more wary because my chances of encountering something malicious on that webpage are higher, based on established researched ratios.

      You admitted your analogy was a little silly, and here is where it could have been a little more complex: concerning security as a whole, you may not necessarily be able to "choose a safer place to vacation" here. When you are attempting to block SPAM, E-mailed malware, or automated bot-nets, *quantity* matters more than ratio. If you set your email filters to aggressively filter all .cn email, but then less aggressively filter .ru email, you would potentially be letting in more spam, assuming that aggressive filters may also destroy legitimate communication and you wouldn't use the highest level on all domains. Concerning botnets, these malicious computers are not necessarily in China or Russia, and the computers they compromise could easily be off these domains, so when it comes to getting rid of these computers or uprooting these nets, pure numbers do matter, because the numbers may lead to a picture of an estimate of "compromised computers based off IP".

      I think it would be interesting if MacAfee found out which Domain Registrars were granting domain names to IP addresses outside of the country that the domain name was requested for more than others. Then we would have some real information we could do something with. This just shows us which domain names are easy to get, and not necessarily because of the laws of a country (someone posted about Hong Kong having strict requirements), but the ease of Domain Registrars to simply register an "offshore IP" with a country-based domain either because of: the architecture of the technology itself and the difficulty of securing it; the lack of delegation of authority to a government or commercial body to monitor domain registry ensuring that IP's are located within their listed country domain; the willingness of some Domain Registrars to register domains outside of a country recklessly (either aware or unaware of their bad indentions) to make money; or potentially, all three of the previously listed hypotheses.
  16. Use Linux/Firefox and nobody gets hurt... by drpickett · · Score: 2, Insightful

    What complete non-news. I read TFA, and the most informed statement that it made was don't buy your Prozac from China. Brilliant.

  17. of course they're dangerous by v1 · · Score: 2, Funny

    Those sites are just chock full of advertisements for Norton and download links to NOD32...

    --
    I work for the Department of Redundancy Department.
  18. lies, damned lies, and mcafee by the_rev_matt · · Score: 2, Informative

    I agree that crap math is the key to this story. If there are 1,000,000* .ru sites and 6.8% are hostile, that's almost 70000 sites, if there are 25,000 .hk sites and 19% are hostile that's (lemme get my slide rule real quick) 4,750 sites. Clearly the .ru TLD is more likely to cause troubles.

    Note I'm pulling all numbers out of thin air for demonstration purposes, I've no idea if these are the actual numbers but it's safe to assume that McAfee spent less than half the time and effort on their report than I did in writing this comment.

    --
    this is getting old and so are you

    blog

    1. Re:lies, damned lies, and mcafee by mattwarden · · Score: 4, Insightful

      Um, no. You are exactly wrong, in fact. It is true that there are a greater quantity of troublesome .ru sites in your example, but given a .ru domain and a .hk domain, the .hk domain is more likely to be troublesome. The fact that there are more .ru troublesome sites out there is only a result of there being more .ru sites out there. The only thing that affects is the likelihood that a given domain is a .ru domain.

      Consider this:
      Bag 1: 7 of 10 marbles are blue
      Bag 2: 35 of 100 marbles are blue

      There are more blue marbles in bag 2, but you are far more likely to pick a blue marble in the first bag.

      The point of the article is: how much of an indication is it that a .xy domain is dangerous?

  19. Re:Where can I get a list of these TLD to block ou by TheRaven64 · · Score: 2, Interesting

    gnuplot.info?

    --
    I am TheRaven on Soylent News
  20. Not helping things by StreetStealth · · Score: 2, Interesting

    Seriously, though, this report doesn't help their credibility.

    Why should we care which TLDs are more likely to contain malware? Are we actually going to learn anything from making random correlations like this? Obviously there are also plenty of scammers at "less dangerous" TLDs and plenty of honest folks at the "dangerous" ones, and there are of course vastly more precise ways to determine the safety of a site than by its TLD.

    So of what value is this distinction then, apart from an amusing press release to make it look like McAfee is hard at work researching computer security? Are crack houses more likely to have even street numbers? Are blue eyed people more likely to be sex offenders?

    --
    Your mind is clear / The things that you fear / Will fade with how much you / Believe what you hear
  21. They're just slow by sm62704 · · Score: 2, Funny

    I let mcgrew.info lapse, so .info should be safe now. However, horror awaits the unsuspecting eyeballs that cruise .org, since I have a journal at slashdot. I'm told it's far worse than goatse.

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  22. Interesting bits by rock56501 · · Score: 5, Interesting
    I am willing to bet that there are a lot more .com site's registered than .cn or .info or whatnot, so the fact that 5% of the .com's are flagged is huge, seeing that most people think about going to .com's before anything else.

    One other interesting note is that .05% of .gov's are listed as dangerous. So is that like from when the www.nsa.gov website left that tracking cookie on your computer or is there a actual government website out there that is actually dangerous to visitors?

  23. But what about .nu? by mangu · · Score: 5, Interesting

    Home of the complete goatse collection. Enjoy yourselves!

    1. Re:But what about .nu? by Daimanta · · Score: 5, Funny

      My God, I though you were joking. And here I was, thinking that goatse was only 1 image.

      Thanks dude, that's 12 extra therapy sessions for me.

      --
      Knowledge is power. Knowledge shared is power lost.
    2. Re:But what about .nu? by Junior+J.+Junior+III · · Score: 4, Funny

      Home of the complete goatse collection. Enjoy yourselves! <darthvader>Nuuuuuuuuuuuuuu!</darthvader>
      --
      You see? You see? Your stupid minds! Stupid! Stupid!
    3. Re:But what about .nu? by css-hack · · Score: 5, Funny

      I don't know what's worse. The fact that I clicked, or the fact that it's already slashdotted.

  24. WAG explanation by jdh3.1415 · · Score: 2, Interesting

    Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, . . .

    Of all ".hk" sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors . . .

    A little more than 5 percent of the sites under the ".com" domain -- the world's most popular -- were identified as dangerous.

    If I recall, when I registered my .com domain name, the only thing I had to verify is that I'm human, via captcha. I can't imagine how they could be less secure for other domains. Perhaps, they do away with the captcha?

    I doubt this has anything to do with registrars' verification procedures. If I made a wild a55ed guess to explain this, I'd say many of the .com sites are larger and have better security. Sites on other TLDs are smaller, less secure, and have been hacked.

    I wonder if the author's explanation of cutting corners was merely a WAG. Unless I missed something, the author did not provide a citation for this explanation.

  25. Only on Slashdot... by Anonymous Coward · · Score: 5, Funny

    ...would a link to the full set of Goatse pictures be moderated "Interesting"

  26. A Windows problem, not a computer problem. by westbake · · Score: 2, Informative

    Yeah, it's too bad McAfee Inc acts like there's nothing in the world but Windows. If they were honest, they would have a list of browsers and OS really endangered but they would like to say this is a "computer" problem instead of a Windows problem. The words, "Microsoft" and "Windows" did not occur in the article.

    --
    I am a name troll of Westlake. Visit my homepage to learn why.
  27. Re:Where can I get a list of these TLD to block ou by eln · · Score: 4, Funny

    I think it's cute how you still think any of the TLDs are still used for their originally intended purposes.

  28. Re:Where can I get a list of these TLD to block ou by zeromorph · · Score: 3, Funny

    Here is the list: cz info nl ru st up id net biz org

    Don't forget .ng (Nigeria). I don't think anything good ever comes from that domain.

    .no - Norway

    .sh - Saint Helena
    .it - Italy

    sherlock

    --
    "Hannibal's plans never work right. They just work." Amy/A-Team
  29. Re:Numbers in names by camperdave · · Score: 3, Interesting

    I think part of it is marketing research. They know which timeslot, and which show, a particular ad with a particular numbered website is going to appear. The number of hits that they gather off of a numbered website will tell them how effective that particular ad is. That way, they can tweak their marketing strategy: ie. buy more time on certain channels, or in certain time slots, or against certain types of shows.

    --
    When our name is on the back of your car, we're behind you all the way!
  30. Re:You know, Google browses everything by Chief+Camel+Breeder · · Score: 2, Insightful

    The robust-scanner one, almost certainly. This is likely an easier job than hardening an interactive web-browser. Their robot has no need to execute anything it comes across, so downloaded script needn't be allowed to execute anything, ever. It has no need to render any of the media, so none of the image-library attacks can work. They don't have to keep anything that they scan, so no save-to-disc code. In short, they can maintain exceptionally strong separation between their scanner and its host.

    If they were paranoid enough, they could run the robot in a virtual machine and reinstall that after each scanning run. I have no idea if they consider that worthwhile.