SiteAdvisor: Know What a Website Really Does

by Ming Chow

Related link: http://www.siteadvisor.com/previewsignup



Technology is a big part of the security problem. Technology is very effective and efficient, and it gets the job done. However, the inner-workings of technology are rarely, if ever, revealed, to describe how it gets the job done. I asked many people the questions: "Do you know what happens to your credit card when you complete an order on Amazon.com?" or "Do you know what happens to your vote when you cast your vote electronically?" The response is usually: "I don't know."



Likewise, when you visit a website, you usually do not know what goes behind the scenes of that site. Is the intent of the website malicious? What are the downloads associated with the website? Is the website notorious for sending annoying e-mails to you? Does the site link to other questionable websites? It takes months and years to have a certain degree of trust for a website. But even then, you still do not have much knowledge of what really goes on behind the website, and disclosure is normally not very prominent.



There is a new web browser plugin that will alleviate many concerns. Meet SiteAdvisor. The SiteAdvisor plugin is currently in the beta-testing phase. The simple premise of the plugin is to identify whether a website is safe or unsafe. The plugin is available for Microsoft Internet Explorer, and Firefox (on all platforms as I tested). Once installed, it serves as a signal light on your browser. When you visit a safe site, the light is green. If you visit a questionable or malicious site, the light is red.



image



Above: The O'Reilly Network website is a safe site.



It also aids searching. There will be a green check icon on safe search results, and a red "X" icon on unsafe results. Try searching for file sharing in Google.



image



Above: Search results for "file sharing" in Google.



However, the plugin goes beyond identifying whether a site is safe or unsafe. You can also see the e-mails sent by the website, the downloads and executables associated with the website, and an analysis of links to other websites from the current site.



image


Above: E-mails and downloads associated with the O'Reilly Network website.



image


Above: Link analysis map for the O'Reilly Network website.



Websites can be looked at as black holes. Very rarely, you know what happens when you submit your e-mail address to the website: it may be used for more than just sending newsletters. When you download a piece of software from a website, you may be getting more than you ask, or don't ask, for. SiteAdvisor is more than a good aid for web surfing. It aims to disclose information about websites through iterations of automated testing and user comments. Even their FAQs is very well written to disclose the changes to your operating system after the plugin is installed (e.g. registry changes). Awareness is still a persisting problem in information security. Informing users on how privacy can be violated, downloads that are malicious, and other annoyances before they happen goes a long way, and prevents fear and headaches.