5% of All Web Traffic Unsafe

OnFour writes "The MIT-backed startup behind SiteAdvisor has slapped a red "X" warning label on approximately 5 percent of all Web traffic and warned that there are roughly one billion monthly visits to Web pages that aren't safe for surfing. About 2 percent of all Web traffic was given the "yellow" caution rating." A more general SiteAdvisor blog entry overview was covered earlier on Slashdot.

What do they mean by safe?

[Slithe]

Do they just mean safe for IE. At least, that is what I gather from TFA. Who cares? Just use Firefox, Mozilla, Opera, or Lynx.

Security company says the internet is unsafe

[putko]

Although this is likely true, is it really news to anyone? I'm not at all surprised that so much traffic is bad in some way: bad traffic pays.

A more interesting question is why people continue to ignore security -- could it perhaps be that security just isn't that important to anyone?

It seems that people only get upset when their bankaccount gets drained. Until then, WHATEVERRRRRR.

Re:What do they mean by safe?

[Phroggy]

Firefox won't stop you from deliberately installing software you're too stupid to realize is malware.

105% of all statistics you see are fake

[Anonymous Coward]

Honestly. Why do people believe any statistics dished out nowadays?

Re:A tad misleading, but SiteAdvisor is still grea

[ThatGeek]

I have a brother who is marred and has 2 kids between the ages of 12 and 15. Those kids killed his last computer, unwittingly installing all sorts of nonsense when they downloaded games and graphics...

Wow, wouldn't it be great if some OS allowed people to give their kids accounts with limited rights? You know so they couldn't screw up an entire install? I don't mean like what BSD, Linux or Mac can do.

Oh wait, yes I do.

I think they're over-reaching

[4e617474]

It took them a year to do a million websites. They're taking the software downloads the sites offer and scanning them. With the shell game of staying ahead of the malware definitions, the period of time in which a site's evaluation is out of date, etc. you're going to have some obsolete data. Not that that in and of itself is vastly different from any other security measure, but really try to put yourself in j6p's shoes:

You go to a site. Ten minutes ago, the site you were on was issued a green checkmark, five minutes ago the bad guys running the site swapped out the good files for the bad, and you get an Active X popup (I said you're j6p!!). You can't trust the green checkmark. You go to a site that has a message board where some a-hole posted a link to malware, triggering a red X. They've caught it, banned him, pulled the link, and gotten the green checkmark back. But you saw the red X; and the person who's going to rip you a new one if he has to spend his weekend de-fouling your PC again told you that the red X should be a skull and crossbones and to stay the hell away from any site where you ever saw one. Now you don't know what to make of the red X.

What about a site that hasn't been scanned yet? Or whose updates have been detected but not audited? A question mark? Nothing? How long until it's just another thing the average user doesn't pay attention to? You can't have an up-to-the-millisecond read on the entire web, and you don't have any margin of error where your security mechanism is the end user knowing what to think.

Five percent dangerous traffic.

[corngrower]

That's about the same percentage of dangerous traffic that's on the road on Friday and Saturday nights.

Re:Job Application?

[Anonymous Coward]

A lot of companies require a college degree, even when the degree has nothing to do with the position posted. My wife's company, for example, will hire someone with a music degree for an analyst position, or someone with a sports management degree as an IT administrator, but absolutely will not hire someone without a college degree.

Why do companies do this? Simple. They believe, rightly, that a college degree is a sign that a person will put themself through hell and beaurocratic bullshit to get what (depending on the degree and the job position) is just a stupid piece of paper. Companies like this because it shows that you can tolerate a certain level of bullshit in order to receive a benefit. This is something they are looking for in all new hires, because they know that their work environment can be unfun at times.

While it is admiral that you got your GED and are probably well trained for a position, your lack of a college degree (and your open disdain for their degree requirement) probably means that you would scoff at some of the silly stuff they would expect you to do on the job. If they have stupid policies, you might get into a position to work to change them, but until you are in that position you are supposed to follow the policies because they are the policies.

If you won't do that (and I assume you wouldn't), then you don't want to work for them, and they don't want to hire you.

Amazingly, their requirement for a degree exactly served its purpose, keeping you from wasting their time with your application.

Re:Ack, worst link ever to click

[ozmanjusri]

Actually, Goatse and Tubgirl are green.

So are the people who clicked the links to them.

Re:Unsafe to whom?

[BCW2]

That's what I try to teach my customers. I install Firefox on all boxes that don't use AOhell, and try to get those to use a real ISP. I inform them that all pop-ups are evil and if you click on one you will get spyware! I also explain that all toolbars are a wast of resources, and every one (except yawhore, and googoo) are spyware. There may be others that are acceptable but I don't care or have time to check (I'm a tech in a white box store and spend 85% + of my time cleaning crapware off of boxes). I also tell them to avoid all banners with all the flashing or strobe type colors that are just annoying, since most of them lead to crap sites anyway. Yes these are almost draconian measures, but they work.

The cool thing? Most of my customers are learning, I only seem to be getting about 10% coming back for a repeat cleanup, a year ago it was over 30%.

Re:Security company says the internet is unsafe

[TubeSteak]

A more interesting question is why people continue to ignore security -- could it perhaps be that security just isn't that important to anyone?

Security is

1. Expensive
2. Hard
3. Both

And when I say hard, I mean 'mentally challenging'

I'm reminded of the Army study that came out & one of their conclusions was that smarter soldiers do better at pretty much everything.

You can teach the average person the basics of computer security... the troubles start when they have to apply them. God help 'em if they run into a situation that doesn't fit with the things you've explained. It's much harder to get people to intelligently apply rules than it is to just say "Do X. No exceptions."

That and things computer oriented people may consider 'obvious' isn't necessarily obvious to non-techies. Haven't you ever tried to do something (even non-computer related stuff) and had someone with more experience show you a shortcut? Even the smartest people can miss 'obviously better' ways to do things.

define "safe"

[fermion]

Much of the internet is unsafe to some degree. For instance, I don't let the students use the production computer because they will invariably go to yahoo, which will install the toolbar, and then magically a few more things get installed. None of this is exactly evil, but since this is an older fragile windows machine, the uptime is already measured in hours, even without the added junk. To be sure, it is easy enough to uninstall the toolbar, and Adaware or spybot takes care of the rest, but the issue still stands.

In reality, for the unsuspecting user, there is hardly a site that is safe. Almost every site uses tracking cookies that violates the original security model that only an original site will acess data about the sesion. If the 12o7 cookie exists at amazon and the fly-by-night-shady-blogger, one must assume that the safety of your amazom stored credit card informaiton is compromised. The yahoo or google toolbar should be safe, but it is now suspected that the google toolbar is collecting personal web traffic, and gathering information that might be corporate sensitive. The 5% number might represent the truly malignant websites, but those are not the problem. As in nature, the truely malignant parasites will have a hard time surviving, as many will kill the host before they spread. It is the subtle parasites, the other 95%, that will continue to cause problems if we do not educate users to wash thier hands and avoid unprotected sex. In other words, do not accept all cookies and do not faoll for a horse or a rabbit, no matte how pretty it might look.

Fun with their analysis graphs

[MonkeyBoyo]

If you look at their site analysis, you can cruise porn sites without visiting them. E.g.
http://www.siteadvisor.com/sites/dirtyplumpers.com /summary/ [siteadvisor.com]
Scroll to where it shows the graph of connected sites. Those sites are clickable to get their analysis, so you can iterate this process.

First I'm amazed at how many of these sites are listed as having "many users".

Second, the only reason I've seen so far for branding a site red is that if you give them your email address they will send you spam.

We can whine and piss and moan

[popeye44]

But the truth is.. MS, and other content providers are trying to make pc's as easy to operate as a television with as little control over the content as we have over TV now. I don't care if your MS or linux or a mozilla browser user.. you have wizards upon wizards and people never have to learn anything to use the internet "have you installed Acrobat reader in Windows lately? How about yahoo toolbar, how about our photocrap suite ooobie doobie shizzle just click next". It's all about getting you hooked up to the pipe and feeding you this and that "It used to be we'd have to have some documentation in some cases actual books to use and install our programs" While a good bit of you myself included may have a clue about the internet. Computers will never be built to our skillset again "they once were to a point" Everytime I install a new program it's giving me less and less control over what I do. AVG JOE USER likes this and prays that all software is so easy and forgiving."never mind that it just put in 400,000 registry links that somehow the uninstaller will miss later" So when AJU pops into crax.fat.happy.vir.org and gets some crap popping up to install he's like sure thats fine okie dokey CLICK! We're not the target of this crap.. mom/pop/uncle joe/ is the target because they don't have to know sh!t about using a pc because they just turn it on and it works. "ala TV" I've got people at work who've thrown out 2.8ghz pc's and bought new ones because they were too slow. This isn't their fault This is because they were told how easy the internet is and just click yes if you need a plugin etc. They've either been told by a friend to go ahead or told by a relative who's the infamous son in law that knows alot about computers that it was ok. It will never get any better until MS or some other content provider type controls everything you see and do on the internet. That or we require a certain amount of training before any user gets on the net. "we need a sandbox internet for training them hehe" All you need to watch TV is a TV.. all you need for the internet is a computer.. simple right? Lets make a rule that all advertisement related to Computers explicitly state these devices are for technically knowledgeable persons and should not be bought frivously to just put up a myspace page for little suzie. Alas.. that will never happen and big biz will continue to program to people without a lick of intelligence and slashdot will be here to cry and whine and piss and moan about the lack of control we have or laugh at the peons who can't seem to keep the spyware off their machines. /end rant/reply hehe.

Re:Ack, worst link ever to click

[rkcallaghan]

Gentoo.org links to cafepress.com which links to cometcursor.com, a red site.

Wouldn't marking Gentoo.org as a Red Site be the proper method of dealing with scum like CometCursor.com?

If every company who supported these scumbags was put on a Red List, CometCursor would be dropped like the rotten meat that it is, and not supported for pay-per-click arrangements that produce money by cracking in to people's systems.

Since the site in question is a Linux Distro page famous for its fanboys, I am sure to get a flamebait/troll mod on this post. I still think it is the right idea, though. Cut off the money, and embarrass those that support this trash.

~Rebecca

Good idea, but pointless

[Opportunist]

The idea is great. Warn users about content that's unsafe. Sounds good, doesn't it? You don't have to be an IT-security expert to discriminate between "good" and "bad" webpages. So far, so good.

The fallacy starts with the question "who'll install it?". Well, who will? You will. I will. Everyone who knows about the problem will. But those who need it most won't. They don't even know that problem exists! So unless you manage to get this item into the fold of Microsoft's standard software, the tool will not make it onto the computer of those who need it worst.

But, against all odds, let's assume the tool gets to our unclued user's computer. Then he'll go to a website offering him a screensaver and the plugin will spew "WARNING!" all over the screen.

Warning?
Why?
A screensaver?

Must be an error. After all, what's dangerous about a harmless screensaver that shows me some cute and cuddly kitty pics? It's not that dreaded sex stuff that they warn me about on TV.

The whole deal is that people are just too friggin' CLUELESS to be left alone in the 'net. They're a danger to themselves and to others. Either get them off the 'net (ok, ok, I may dream... won't happen simply 'cause ISPs would run amok if they didn't have their comfortable low-bandwidth using users, not to mention the billion pages trying to sell you junk that we get (legally) for free), or educate them!

There is no technical solution for social problems!

Re:Ack, worst link ever to click

[rkcallaghan]

How far would you take this? Would Slashdot be a red site, since it links to gentoo.org, which links to cafepress.com which links to cometcursor.com, a red site? What about site that link to Slashdot?

The thread earlier had mentioned two levels of seperation, which I think is fair. That is only asking people (or Gentoo.Org) to say "I won't do business with you, because you do business with scumbags."

~Rebecca