The Web Is A Very Dangerous Place

“The security industry is in general agreement that the web has grown to become the primary delivery mechanism for malware and other malicious activity” – McAfee, Inc.[1]

The web today is a dangerous place, and it is only getting worse. On top of that, most internet users have no idea how bad it is. Even worse, some users will fool themselves into thinking they are safe when they are not. This article examines the current state of the web, along with shortcomings of traditional solutions.

How dangerous is it out there?

In 2009, McAfee Inc. did a study to try and identify risky websites. The study found that 5.8% of all tested websites were found to be risky, with 4.5% delivering some sort of malicious download. These included browser exploits, also known as drive-by-downloads, which can enable viruses, keystroke loggers (keyloggers), or spyware to be installed on a consumer’s computer without their consent and often without their knowledge.[1]

The study also found that the .com domain was the second riskiest of all, behind only .cm (for Cameroon). Why is .cm the most dangerous? .cm sites are commonly used for “typo squatting”.[1] The idea is that a user intending to go to facebook.com might accidentally type facebook.cm, causing them to land on a likely malicious site.

Hackers are also very good at getting search engines to guide unsuspecting users to their malicious sites. In the first quarter of 2011, McAfee found that 49% of the daily search terms in the top 100 results lead to a malicious website.[2]

“We find that web-based risk is pervasive and growing” – McAfee, Inc.[1]

 

Traditional Recommendations

McAfee says the following: “The best way to protect yourself is by maintaining up-to-date, reputable computer security software with safe search functionality.”[1]

They also rightly point out that “even the most experienced users need the assistance of a comprehensive security software suite with safe search functionality to more safely search and surf.”[1]

While we agree that everyone should have up-to-date antivirus software, we are not confident in the ability of safe search technology to be secure. The underlying principle of safe search technology is that a comprehensive list of all websites can be created that can say if any given site is safe or not. Because there are so many websites, this list would have to be created and maintained by a computer. This computer would have to regularly check every site to see if it found anything malicious.

The problem is that the rate at which new malware is being created is staggering. In just the first quarter of 2011, McAfee identified over 6 million new unique malware samples[2]. The theory that any organization can build a complete list of all malware to use to identify a malicious site is simply impossible. In addition, in the same time frame, they found an average of 8,600 new malicious sites PER DAY![2] As much as anyone may try, it is simply unreasonable to trust that an organization can find ALL of the malicious sites on the web.

 

How is Light Point Web Different?

When using Light Point Web, you don’t have to care if a site is malicious or not. You can view and interact with any site however you want, but it NEVER reaches your computer. While we cannot stop you from voluntarily handing over personal information to a site, we can stop that site from accessing your computer in any way that you don’t explicitly authorize.

Accidentally stumbling onto a malicious site by mistyping a website address or clicking a booby-trapped search result or shortened URL is no longer something to worry about.

“The scammers, spammers, phishers, and hackers have stepped up a notch. We all must do the same.” – McAfee, Inc.[1]

 

Sources:

[1] McAfee: Mapping the Mal Web (http://us.mcafee.com/en-us/local/docs/Mapping_Mal_Web.pdf)
[2] McAfee: Quarterly Threat Report – Quarter 1, 2011