Netcraft, for example, is heavily oriented toward collecting URLs of phishing sites - hacker dens that imitate legitimate sites. This may or may not produce faster updates than those generated by Web crawlers, depending on the type of site hosting the malware.Īnother variable is the type of malware site the safe-browsing product monitors. After all, you’re letting the browser maker know what sites you’re visiting. McAfee’s Site Advisor browser add-on and Netcraft’s blocklists are created primarily through feedback from their users. “That’s something you have to decide for yourself,” he states. The SANS Institute’s Ullrich says there’s “no blanket answer” to that concern. After all, you do reveal to the browser maker which sites you’re visiting. However, some observers - such as the Ha.ckers security blog - believe this approach represents a privacy threat. When you visit a new site, the browser sends the URL to a server that determines whether the site is in the malware database. On-demand lists are the default approach in IE 8 and the latest versions of Opera, but you must turn this capability on in Firefox. Safety-conscious users should consult an on-demand database (which, with a broadband connection, shouldn’t impact your overall browser performance). The bottom line is that there’s inevitably a lag time between the discovery of a new malware site and the addition of that site to a blocklist update. Because of the potential for slowing down the browser, the latest version of the API provides ways to customize the frequency of blocklist downloads. The protection depends, therefore, on how frequently the spiders crawl sites and furnish updates to the Safe Browsing blacklist that’s downloaded to Firefox and Chrome. Google’s Safe Browsing API is based almost entirely on what the search engine’s spiders see. When a new malware site comes on line - as they do with alarming frequency - it won’t appear in any malware database for some time.ĭifferent browsers use different malware lists Of course, the resulting databases of malware-serving sites are only as good as their most-recent scans or user contributions. Other safe-browsing products rely on a large number of volunteers whose systems report rogue URLs to the mother ship as they encounter them. For Google’s Safe Browsing API, the sensor network is composed of the search service’s Web crawlers. Johannes Ullrich, director of the SANS Institute’s Internet Storm Center, says all safe-browsing features depend to some extent on what he calls a sensor network. Determining which one works best isn’t easy - or even possible, according to the experts - because their performances in tests will depend heavily on the samples used. The analysts I consulted say each technique is effective, although none is perfect.
These products use different techniques to maintain their data on malware-dispensing sites.
WS senior editor Gizmo Richards described the utility in his March 5 Best Software column (paid content).
You’ll find more information about LinkExtend, plus a download link, on the product’s site.
If you use Firefox, the free LinkExtend add-on combines alerts from several site-rating services.
Opera’s built-in fraud protection depends on malware data assembled by Netcraft. Safe-browsing products and technologies go by different names: Internet Explorer 8 has a SmartScreen Filter, while Firefox and Chrome use the Google Safe Browsing API. One of the ways browsers and their add-ons combat malware is by tracking sites containing infected files and warning you before your browser opens them. The major browsers and security programs all tout their ability to warn you about malware sites before you visit them, but do any of these early-warning systems really work?Įxperts say they’re all useful, but none provides a silver bullet - and any browser-security product’s claims of superiority are extremely difficult to verify. TOP STORY Find safe-browser technologies that really work