Search the Web Safely with McAfee SiteAdvisor

By | February 24, 2009

Most people are aware that opening an email attachment from someone they don’t know can cause their computer to be infected by a virus. However, many people are unaware of the new methods malware writers are using to infect unsuspecting computer users with malicious software. Although virus writers still use email spam to infect PCs, there’s a much more devious and subtle method hackers are using to penetrate computer systems. And that is to infect your computer by simply having you click on a link from a search results page.

You may have firewall and anti-virus software installed already. You may even be careful about the files you download from the web. However, you are still vulnerable to attack just by innocently surfing the web. A web site can be dangerous for a number of reasons. It could:

  • Host downloadable files that are infected with spyware, adware, or trojans
  • Contain links to other dangerous web sites
  • Host web code (html, javascript) that could maliciously try to alter settings on your computer
  • Attempt to automatically infect your computer with malware, just by visiting their page (IE: Drive-by download)

While most websites are harmless, Google has reported that nearly 5-10% of websites on the Internet will attempt to automatically infect your computer with malware. The worst offenders being sites that host free software (games, screensavers), pirated software, and pornography. However, it is possible that a legitimate website could be hacked and programmed to send its visitors malicious code.

There are a few things end users can do to protect themselves from such threats:

  • Keep your web browser up to date. Most of these malicious web sites will try to exploit a known vulnerability in your web browser. When a vulnerability is discovered, the software company (IE: Microsoft, Mozilla, Opera, Apple) will release a patch to fix the security hole. As long as your browser it up to date with the latest patches, the majority of these exploits will not work on your computer. Most browsers update themselves automatically.
  • Use a safer operating system such as MAC or Windows Vista. Windows Vista comes with several new security enhancements that are not present in Windows XP. If you use either Windows Vista or MAC, you are running as a user with limited rights which makes it much more difficult for a web site to penetrate your system.
  • Be careful what sites you visit. As mentioned before, the worst offenders are sites that host free software (games, screensavers), pirated software, and pornography. If you avoid these types of sites, you’re less likely to stumble upon a bad one. However, even a site with good intentions can become the victim of attack and host malicious software.
  • Use a web browser plugin to warn you of malicious sites. I recommend a free one from McAfee called “SiteAdvisor” which I will discuss in this article.

SiteAdvisor works as a “plugin” or extension to your existing web browser. It will check your search results and mark them as either safe or dangerous before you click on them. SiteAdvisor does this by keeping a database of millions of web sites marked as either safe or dangerous. McAfee maintains this database by using an arsenal of computers which regularly test sites to see if they are hosting bad files or malicious code. When you perform a search, SiteAdvisor will compare your search results to the database and mark the site accordingly.

It should be noted that it’s possible for SiteAdvisor to mark a site bad when in fact, it’s good. It’s also possible that it could mark a site good when in fact, it’s bad. This is similar to how an anti-virus program could falsely see a legitimate file as a virus (otherwise known as a false positive). This should not deter you from using the program though, because most of the time, SiteAdvisor is right.

SiteAdvisor can be downloaded for free from http://www.siteadvisor.com . Installation instructions can be found at that site. It will work in either Internet Explorer or Firefox. After installation, it will be visible at the bottom right corner of the web browser:

SiteAdvisor button in Firefox

SiteAdvisor button in Firefox

Normally when you do a search from either Google, Yahoo, or Windows Live, you get a list of results with no indication as to whether the site is safe or dangerous.

For example, let’s say I want to download a new, flashy, and stylish screensaver for my computer. At Google, I search for “screensavers” and it lists some sites where I can download screensavers:

Google results for a search for screensavers

Google Results

At first glance, these sites all seem safe. There’s nothing here that would lead us to believe any of these sites could be potentially dangerous. Most people would probably start clicking on these links and, who knows, maybe even download a screensaver from one of them.

Let’s take a look at the same search results on a web browser with SiteAdvisor installed:

SiteAdvisor warning us of malicious sites

Google Results with SiteAdvisor Enabled

Now we are given some insight as to the trustworthiness of the listed sites. The red ‘X’ beside a search result, placed there by SiteAdvisor, means that particular site is probably doing one or more of the following:

  • Hosting malicious files
  • Linking to other malicious sites
  • Hosting malicious code

In this particular case, screensaver.com has been marked with a red ‘X’ because they are hosting screensaver files that contain spyware. You can get more details by hovering your mouse over the red ‘X’:

SideAdvisor detailed results

SideAdvisor Detailed Results for screensaver.com

SideAdvisor reports that this site contains “10 red downloads”. This means that if you had downloaded and installed a screensaver from screensaver.com, you could have been infected with spyware.

Below are the results from a search for “keygen”, a program used to generate serial numbers for software programs. The worst sites are the ones that try to inject malicious code directly into your computer:

This site will try to automatically make changes to your computer

This site will try to automatically make changes to your computer

“Breached browser security” means this site will attempt to inject malicious software into your computer. If you accessed this site with an out-dated and vulnerable version of Internet Explorer, you could have been automatically infected with spyware, viruses, or a trojan without having to download a thing!

I used Internet Explorer as an example because it is frequently targeted by malware creators. This is because 67% of people are using Internet Explorer to surf the Internet. Now, there are also vulnerabilites in other web browsers such as Firefox, Opera, and Safari. They are just targeted less frequently. In any case, you need to update your web browser on a regular basis (or set it to update automatically)

As you can see, SiteAdvisor is a great tool to add to your security defenses. It will help you steer clear of web sites that are untrustworthy. Although it’s not perfect, it can warn you of most sites which could cause harm to you or your computer. In addition to SiteAdvisor you should also do the following to keep yourself safe:

Further Reading:

CNET Review of SiteAdvisor

McAfee Site Advisor FAQ including information about the paid version

Leave a Reply

Your email address will not be published.

*