Forgot your password?
typodupeerror

5% of All Web Traffic Unsafe 204

Posted by ScuttleMonkey
from the conservative-estimates dept.
OnFour writes "The MIT-backed startup behind SiteAdvisor has slapped a red "X" warning label on approximately 5 percent of all Web traffic and warned that there are roughly one billion monthly visits to Web pages that aren't safe for surfing. About 2 percent of all Web traffic was given the "yellow" caution rating." A more general SiteAdvisor blog entry overview was covered earlier on Slashdot.
This discussion has been archived. No new comments can be posted.

5% of All Web Traffic Unsafe

Comments Filter:
  • by Mr Krinkle (112489) on Sunday March 05, 2006 @12:31AM (#14852369) Homepage
    "roughly one billion monthly visits to Web pages "
    OK, and the "one billion monthly visits" is clickable?
    Dear god does anyone else think that is the epitomy of where you could actually post tubgirl or worse and have it not only be on topic, but insightful? :(
    ermm
    crap, I think I just justified tubgirl as insightful or interesting.
    I quit.
    (and no, there are NO LINKS in this comment, if for no other reason than I might end up drunk and click on one of them)
  • 5% not safe (Score:3, Funny)

    by Lehk228 (705449) on Sunday March 05, 2006 @12:33AM (#14852375) Journal
    and 50% of web surfing is not safe for work.
    • That's a bit generous; I'd go with 90% of the internet being NWS.
      • Depends on where you work.

        One place I worked the CEO would send things like pictures of coke cans being stored places they were never designed to, etc... The only unwritten rule was don't get caught with anything really dodgy.

        The occasional breast etc. was normal - some even had that as their background (in fact I've never been anywhere where a bit of breast caused offence, but then I never worked in the US - they're a lot more prudish over there).

    • I'm surprised they marke 5% as "red" and only 2% as yellow.

      You'd think that the safety rating wouldn't be so... unbalanced.

      Like, 88% green, 7% yellow, 5% red or something along that line.
    • Web trafficis unsafe! I lost my leg in aterrible packet collision!
  • by Slithe (894946) on Sunday March 05, 2006 @12:35AM (#14852382) Homepage Journal
    Do they just mean safe for IE. At least, that is what I gather from TFA. Who cares? Just use Firefox, Mozilla, Opera, or Lynx.
  • Unsafe to whom? (Score:3, Interesting)

    by Penguinoflight (517245) on Sunday March 05, 2006 @12:38AM (#14852395) Homepage Journal
    It is critical to understand what component is actually unsafe before any action can be taken to counter it. Likely of the 5% of "unsafe" internet traffic, 4% of it is from a perspective of sites that are not safe for MSIE. Of course there is no reason for any traffic to go to a "unsafe" site, as they do not have good content. OTOH, I could probably get away with saying that 20% of the web is useless, and not get a counter argument.

    This study really only shows that most web users do not think about their safety; We already knew that considering they are using MSIE.
    • Re:Unsafe to whom? (Score:4, Insightful)

      by BCW2 (168187) on Sunday March 05, 2006 @01:31AM (#14852530) Journal
      That's what I try to teach my customers. I install Firefox on all boxes that don't use AOhell, and try to get those to use a real ISP. I inform them that all pop-ups are evil and if you click on one you will get spyware! I also explain that all toolbars are a wast of resources, and every one (except yawhore, and googoo) are spyware. There may be others that are acceptable but I don't care or have time to check (I'm a tech in a white box store and spend 85% + of my time cleaning crapware off of boxes). I also tell them to avoid all banners with all the flashing or strobe type colors that are just annoying, since most of them lead to crap sites anyway. Yes these are almost draconian measures, but they work.

      The cool thing? Most of my customers are learning, I only seem to be getting about 10% coming back for a repeat cleanup, a year ago it was over 30%.
      • Re:Unsafe to whom? (Score:2, Interesting)

        by Siffy (929793)
        You could offer them a hosts file that'd block most that garbage. But that'd take money away from your business. Your dialup customers would love you for it though. The hosts file on my firewall/router/fileserver has 10148 lines in it now (I can send it to you if you'd like). That many somestimes makes a windows box crap itself unfortunately.
        • The stability issue is why I quit doing that. I don't want returning revenue for cleanups, I like it when they come back to buy a new box or get an upgrade, or even a hardware repair, anything different.
  • by putko (753330) on Sunday March 05, 2006 @12:42AM (#14852402) Homepage Journal
    Although this is likely true, is it really news to anyone? I'm not at all surprised that so much traffic is bad in some way: bad traffic pays.

    A more interesting question is why people continue to ignore security -- could it perhaps be that security just isn't that important to anyone?

    It seems that people only get upset when their bankaccount gets drained. Until then, WHATEVERRRRRR.
    • A more interesting question is why people continue to ignore security -- could it perhaps be that security just isn't that important to anyone?

      Security is

      1. Expensive
      2. Hard
      3. Both

      And when I say hard, I mean 'mentally challenging'

      I'm reminded of the Army study that came out & one of their conclusions was that smarter soldiers do better at pretty much everything.

      You can teach the average person the basics of computer security... the troubles start when they have to apply them. God help 'em if they run into a sit

    • Until recently, the biggest threat that came from such sites and downloads was bundled adware spam. Adware popups that flicked a window open where some sex-site was hoping you'd want to see some girls in a bathtub or something like that. Annoying, sure. But people simply thought that's the way the 'net works. What did they know? What do they know? All they know is that their ISP tells them that it's now so easy and cool to get on the 'net. They don't know jack about security, about adware, about spyware, ab
  • A point to remember (Score:5, Informative)

    by techno-vampire (666512) on Sunday March 05, 2006 @12:43AM (#14852409) Homepage
    Site Advisor is in the business of finding dangerous sites, warning you of them and possibly blocking them. It's in their best interest to call as many sites as possible unsafe, on the thinnest excuse. It's the same thing as how some anti-virus companies count every variant of a known virus as a new one, to make the number they can detect/remove as high as they can.

    For that matter, it's like the people feeding mega-doses of different things to lab rats that have been bred to be suseptable to cancer, then announcing that Yet Another Chemical Causes Cancer. You never hear about things that they couldn't manage to "prove" a carcinogen, any more than you're ever told that there's no evidence their rat experiments are relevant to humans. Sorry about the bit of a rant, there, but I do think those "researchers" need to be taken down a peg and forced to demonstrate a relationship between what they're doing and what happens in a human being.

    • Actually, in such cases it generally isn't the researchers at fault, but our drain-bamaged, ignorant, "blow everything out of proportion to sell more advertising" media. That started with saccharin ... the researchers simply reported their results and went on to the next thing, but some reporter got wind of their study and turned it into a media circus. It got so ridiculous that the FDA bowed to political pressure and banned the stuff, which was unfortunate for diabetics like my father that were willing to
  • by sulli (195030) * on Sunday March 05, 2006 @12:47AM (#14852418) Journal
    "Safe 95% Of All Web Sites" logos [naples.net] on people's homepages?
    • Re:so now we'll see (Score:3, Interesting)

      by hackstraw (262471) *
      And the continuation link http://www.bottom95.com/ [bottom95.com] takes you to an "Appliance" page.

      For fun, try this: http://yahoosucks.com/ [yahoosucks.com] Its a "Search the Web" site. "yahoosucks.com What you need, when you need it" Yes, the site says that!

      Then follow the "Yahoo Sucks" [domainsponsor.com] link which is hidden away in a frame.

      Of course, you can buy "Yahoo Sucks" on eBay. But further down the list of useful links there is Find yahoo sucks [upspiral.com] link which exclaims, "Your relevant result is a click away!" So click on it, and you will end up h [upspiral.com]
  • by Russ Nelson (33911) <slashdot@russnelson.com> on Sunday March 05, 2006 @12:50AM (#14852426) Homepage
    Many years ago on the com-priv mailing list, I posted a message "announcing" the creation of a company which would sit on your network, watching the sites that your users visited. When a "bad" site was visited, it would forge a TCP RST to close down the connection. Various categories of badness were proposed, with varying fees. I thought "This is an idea too stupid for words, so I'll put it into words so everyone can see how stupid it is." Well, I had several parties contact me for availability and pricing, because they WANTED to censor their users' browsing. I was so naive.
    -russ
    • by geminidomino (614729) * on Sunday March 05, 2006 @01:35AM (#14852540) Journal
      You fucker! From your idea was born that which is so evil, the demons of hell (Blocked: Occult) tremble; so soulless that Paris Hilton(Blocked: Entertainment) seems a better use of oxygen. So cruel and unforgiving that John McCain(Blocked: Politics) would speak out agaisnt it!

      Fellow Slashdotters! May God(Blocked: Traditional Religions) have mercy on his soul! We have found he who has spawned the unholy beast that is Websense(Access Granted)!
    • Well, I had several parties contact me for availability and pricing, because they WANTED to censor their users' browsing. I was so naive.

      Apparently, still are. Why didn't you take your "stupid idea" and implement it? Compare your idea with "Dan's Guardian [dansguardian.org] and tell me how your product is in any way, effectively different.

      In various contexts, products like Dan's Guardian are required by law. You could've made it big. Instead, you made some angry posts after the fact, it seems.

      Th American way starts with the
  • by Anonymous Coward
    Set the evil bit [faqs.org] on such traffic, so that it may be filtered out via firewalls.
  • by 4e617474 (945414) on Sunday March 05, 2006 @01:04AM (#14852455)
    It took them a year to do a million websites. They're taking the software downloads the sites offer and scanning them. With the shell game of staying ahead of the malware definitions, the period of time in which a site's evaluation is out of date, etc. you're going to have some obsolete data. Not that that in and of itself is vastly different from any other security measure, but really try to put yourself in j6p's shoes:

    You go to a site. Ten minutes ago, the site you were on was issued a green checkmark, five minutes ago the bad guys running the site swapped out the good files for the bad, and you get an Active X popup (I said you're j6p!!). You can't trust the green checkmark. You go to a site that has a message board where some a-hole posted a link to malware, triggering a red X. They've caught it, banned him, pulled the link, and gotten the green checkmark back. But you saw the red X; and the person who's going to rip you a new one if he has to spend his weekend de-fouling your PC again told you that the red X should be a skull and crossbones and to stay the hell away from any site where you ever saw one. Now you don't know what to make of the red X.

    What about a site that hasn't been scanned yet? Or whose updates have been detected but not audited? A question mark? Nothing? How long until it's just another thing the average user doesn't pay attention to? You can't have an up-to-the-millisecond read on the entire web, and you don't have any margin of error where your security mechanism is the end user knowing what to think.
  • by corngrower (738661) on Sunday March 05, 2006 @01:20AM (#14852500) Journal
    That's about the same percentage of dangerous traffic that's on the road on Friday and Saturday nights.
  • Helping user (Score:2, Interesting)

    by michelcultivo (524114)
    This is a great initiative to help user surfing the (insecure) webb today, I have a lot of examples of users that only click "Yes" on every website that asks to install something because if you don't do that you can't see the pr0n. Someone known anothers projects like this or this is the first?
  • 5% of all security advisories cause ophthalmitis [answers.com].
  • The last thing we need is people thinking they've got the odds on their side.
  • define "safe" (Score:5, Insightful)

    by fermion (181285) on Sunday March 05, 2006 @02:05AM (#14852601) Homepage Journal
    Much of the internet is unsafe to some degree. For instance, I don't let the students use the production computer because they will invariably go to yahoo, which will install the toolbar, and then magically a few more things get installed. None of this is exactly evil, but since this is an older fragile windows machine, the uptime is already measured in hours, even without the added junk. To be sure, it is easy enough to uninstall the toolbar, and Adaware or spybot takes care of the rest, but the issue still stands.

    In reality, for the unsuspecting user, there is hardly a site that is safe. Almost every site uses tracking cookies that violates the original security model that only an original site will acess data about the sesion. If the 12o7 cookie exists at amazon and the fly-by-night-shady-blogger, one must assume that the safety of your amazom stored credit card informaiton is compromised. The yahoo or google toolbar should be safe, but it is now suspected that the google toolbar is collecting personal web traffic, and gathering information that might be corporate sensitive. The 5% number might represent the truly malignant websites, but those are not the problem. As in nature, the truely malignant parasites will have a hard time surviving, as many will kill the host before they spread. It is the subtle parasites, the other 95%, that will continue to cause problems if we do not educate users to wash thier hands and avoid unprotected sex. In other words, do not accept all cookies and do not faoll for a horse or a rabbit, no matte how pretty it might look.

    • Maybe someone would care to elaborate:

      If the 12o7 cookie exists at amazon and the fly-by-night-shady-blogger, one must assume that the safety of your amazom stored credit card informaiton is compromised.

      I don't quite understand why people rate cookies as a security risk; it is correct they are a privacy risk, but it is not like colluding web sites could not construct a different attack on your privacy.

      Maybe you could explain your scenario on how the shady blogger gets the credit card number?

    • As an adult and a Linux user the only sites I consider unsafe have excessive advertising or religious political agendas.
  • no way... (Score:3, Funny)

    by Bombula (670389) on Sunday March 05, 2006 @02:19AM (#14852631)
    5 percent? No way. Porn accounts for way more than 5 percent of internet traffic...
  • by MonkeyBoyo (630427) on Sunday March 05, 2006 @02:26AM (#14852642)
    If you look at their site analysis, you can cruise porn sites without visiting them. E.g.
    http://www.siteadvisor.com/sites/dirtyplumpers.com /summary/ [siteadvisor.com]
    Scroll to where it shows the graph of connected sites. Those sites are clickable to get their analysis, so you can iterate this process.

    First I'm amazed at how many of these sites are listed as having "many users".

    Second, the only reason I've seen so far for branding a site red is that if you give them your email address they will send you spam.
  • But the truth is.. MS, and other content providers are trying to make pc's as easy to operate as a television with as little control over the content as we have over TV now. I don't care if your MS or linux or a mozilla browser user.. you have wizards upon wizards and people never have to learn anything to use the internet "have you installed Acrobat reader in Windows lately? How about yahoo toolbar, how about our photocrap suite ooobie doobie shizzle just click next". It's all about getting you hooked up
  • "The MIT-backed startup behind SiteAdvisor has slapped a red "X" warning label on approximately 5 percent of all Web traffic"
    In other news, MADP* slapped a red "XXX" warning label on approximately 50 percent of all Web traffic.

    *Mothers Against Downloading Pr0n
  • by flooey (695860)
    I took a look at SiteAdvisor and I actually think it'll be useful for me, as an experienced user, as well, surprisingly. I don't think I'll have much use for the red X junk, I know not to install random crap on my computer, but their analysis of downloads could be quite useful. You can pull up the list of all the modifications a program makes to your system, even for green files. If you ever wanted to know exactly what registry keys Google Desktop adds, for instance, you can just look it up [siteadvisor.com].
  • Way out of date (Score:4, Interesting)

    by harlows_monkeys (106428) on Sunday March 05, 2006 @03:06AM (#14852743) Homepage
    They are using PestPatrol's database, from way before CA bought PestPatrol. It's woefully inaccurate and out of date. SiteAdvisor is an interesting idea, but worthless in its current form.
  • by Anonymous Coward
    I work in a company that SiteAdvisor marked with big red "X" and I question the analysis by SiteAdvisor. For example, the SiteAdvisor claims that our site was spamming. Last time I checked, our site doesn't even take any "and I mean ANY" user info except whatever is being logged in Apache (click, hit, IP for organic traffic count). We even have corporate policy and network operation policy against sending out any smtp traffic from any of our machines without explicit end user consent (there used to be tw
    • I work in a company that SiteAdvisor marked with big red "X" and I question the analysis by SiteAdvisor.

      Since you don't mention what site you work for your comment is completly worthless - no way for anybody to evaluate what you are saying
  • Here is what I use (Score:4, Interesting)

    by hairyfeet (841228) <{bassbeast1968} {at} {gmail.com}> on Sunday March 05, 2006 @04:35AM (#14852892) Journal
    This is great for those folks that refuse to give up Internet Exploiter(TM)(Like my Mom,Unfortunatly) Or click yes to everything--http://www.webattack.com/get/sandboxie .html [webattack.com] Basically I just install all their browsers into the sandbox then when they bring it back to be cleaned I can just delete the sandbox folder after backing up their bookmarks.It really does help with the ActiveX/Toolbar style crap that so many people fall for.
  • I once knew this guy who went to this one sight on the interscope or whatever its called and what do you know but a big fat dwarf came out of his cdrom drive and kicked him in the nuts! Theres another sight where an elf drives to his chateau and slaps you with shoes its really something you should see it some time. (BTW elf has hideous crooked nose you know I saw his face for real.)

    Anyway you have to be careful when you surf the intrawebs now so serious. latezzz

  • by Opportunist (166417) on Sunday March 05, 2006 @09:46AM (#14853389)
    The idea is great. Warn users about content that's unsafe. Sounds good, doesn't it? You don't have to be an IT-security expert to discriminate between "good" and "bad" webpages. So far, so good.

    The fallacy starts with the question "who'll install it?". Well, who will? You will. I will. Everyone who knows about the problem will. But those who need it most won't. They don't even know that problem exists! So unless you manage to get this item into the fold of Microsoft's standard software, the tool will not make it onto the computer of those who need it worst.

    But, against all odds, let's assume the tool gets to our unclued user's computer. Then he'll go to a website offering him a screensaver and the plugin will spew "WARNING!" all over the screen.

    Warning?
    Why?
    A screensaver?

    Must be an error. After all, what's dangerous about a harmless screensaver that shows me some cute and cuddly kitty pics? It's not that dreaded sex stuff that they warn me about on TV.

    The whole deal is that people are just too friggin' CLUELESS to be left alone in the 'net. They're a danger to themselves and to others. Either get them off the 'net (ok, ok, I may dream... won't happen simply 'cause ISPs would run amok if they didn't have their comfortable low-bandwidth using users, not to mention the billion pages trying to sell you junk that we get (legally) for free), or educate them!

    There is no technical solution for social problems!
  • A DNS project that has a "blacklist" ...but that opens a whole 'nuther can o worms...
  • Surely this [xerox.com] is the Big Red X...

"No matter where you go, there you are..." -- Buckaroo Banzai

Working...