1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unknowable risk at potentially untrustworthy sites

Discussion in 'Technical Discussions' started by VopThis, Mar 14, 2009.

  1. VopThis

    VopThis Senior Member (Canada)

    Almost every site you visit is more than just the text or images you see on that page. The page content can be composed of scripts and linked content sites that deliver those associated images, ads, user optional content such as cookies, or other content. Should you really be trusting each and every optional link and script contained on that link page? How would it be if all the optional stuff were turned off by default? If you click a link on that page and nothing happens then you would need to consider enabling the needed feature. See FireFox add-on ‘NoScript’: https://addons.mozilla.org/en-US/firefox/addon/722


    Some sites may ask you to allow an ActiveX add-on (a common source of many powerful/useful tools but also unfortunately the source of thousands of malware exploits specific to IE). This can become a common skill-testing question posed to many a user. Do you consistently do your homework to know exactly what the advisability of that decision should be?


    Typos & Link Similarity:
    Consider the following similar looking (or mistype opportune prone) links – how potentially bad sites can ride on/steal someone else’s success or worse. The first is a highly trusted and indispensable malware research link that I frequent, and the 2nd link is more likely a mostly opportunistic and/or a potential pretender or wannabe:

    www.virustotal.com’ …. ‘WWW.VIRUSTOAL.COM’ … (TOTAL vs TOAL***)



    Both sites have substantial presence on Google (980K+ hits each):

    [985K] virustotal - Google Search
    [984K] virustoal - Google Search


    What ARE THE POTENTIAL CONSEQUENCES if the 2nd site was to eventually be acquired by ‘undesirables’? That is how it might pay just to get and build traffic to your site however harmless or marginal the content. That traffic, in turn, could then be even more attractive to another even less trustworthy party.​

    www.robotnik.com’ ….’WWW.ROBOTNIC.COM’ … (NIK VS NIC)

    The 1st site is a local PC Vendor in my community and the other ‘Under Construction’. 2nd site may in fact be legitimate except for the fact it has been in that state for quite some time now.​



    Q: How might one check out the LIKELY SAFETY and/or TRUSTWORTHINESS of a given site?

    Here is one ‘inspection service’ possibility, if you'd rather be relatively more safe than sorry. The downloaded tool is much more convenient (right click on any link):
    ONLINE: Exploit Prevention Labs: LinkScanner
    DOWNLOAD: Exploit Prevention Labs | LinkScanner - Keep Your Surfing Safe
     
    1 person likes this.
  2. rokytnji

    rokytnji Dedicated Member

    I agree. I run No Scripts even though I am a Linux user. Scripts can play hell with a browser. Even in Linux.
     
  3. dobhar

    dobhar Technical Guest

    Thanks Vincent...good info here... :)
     
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Thanks Vince :)
    Personally, I use WOT.
    I used to use McAfee Site Advisor, but after last couple of updates, it looks like McAfee messed up their only product, which was worth anything. They created another bloat.
    So....I moved to WOT.