McAfee SiteAdvisor Blog

Suggestions From An Expert: Self-Denial

Let’s say a friend or family member planned a vacation in a large city you know well, and they asked for some practical advice on how to make it a safe family trip. One answer could be: “Don’t leave your hotel room and don’t talk to anyone." Effective? Probably. Worth the trip? No way.

How about this advice: “Only go to places you’ve already seen, and only eat at national chains which you immediately recognize." What’s the fun in that?

The conventional methods suggested by most security experts to avoid online annoyances and precarious threats are a buzz kill. Check out this "what not to do" spyware preventative checklist by computer security consultant, Joel Dubin. Here are a few of his recommended spyware aversion techniques:

1) Never deliberately download software to your workstation or desktop from the Internet, no matter how helpful or interesting it may appear.
2) Stay away from any questionable sites, including pornography, gambling, hacking or other off-beat sites.
3) Run a native pop-up blocker and block Active X objects.

This restrictive advice, while well intentioned, removes an immeasurable amount of choice and possibility. We don’t believe that your browsing experience has to be this way. What good is the Internet if the only way to remain safe is to prohibit searching for and discovering constructive applications and entertainment content?

At the same time, these guidelines continue to place much of the burden on the user. How is the average Internet user supposed to know if a site is ‘questionable’ or ‘off-beat’? The Web is too large and constantly changing to place this burden on individuals.

Advice From Major PC and Software Companies

Given how many calls they get from customers frustrated by spyware infected machines, I wanted to find out what advice some of the major PC manufacturers have for preventing Web-based security threats, so I called customer service representatives at HP, Dell, and Gateway.

The HP representative recommended I do frequent scans using paid spyware detection and removal utilities. When I asked what pre-emptive recommendations he could provide, expecting typical answers like "turn off your cookies" and "don't steal music," he said running a system check is "the only way" to avoid spyware. One HP Web page said a lot about the bad things spyware can do to a computer (with frequent plugs again for their featured Anti-Virus subscription package), but nothing regarding what could be done to prevent infection. Another page gave the following advice, which seems to imply a need for endless patience by end-users to carefully read every word of legal disclosures, and also omniscience to know the origin and safety of every potential link the user encounters.

The Dell sales representative I spoke with would only refer me to a $79.99 paid virus product subscription. A case of déjà vu ensued when I called Gateway; their sales rep sang the same tune. She pushed a paid subscription and told me running spyware checks was again "the only way" to eliminate spyware. Gateway's Spyware FAQ only mentions symptoms and definitions. None of the reps or sites were able to suggest a single Internet surfing practice I could follow to try and avoid getting spyware on my computer in the first place.

We’re not suggesting for a moment that anyone shouldn’t have anti-spyware programs in place. Web safety is so complex that it requires multiple levels of defense. The advice from the manufacturers is also understandable: the fact that these “clean-up" methods are recommended is largely because until now there haven’t been effective and reliable ways to prevent these types of problems in the first place.

Besides advice on cleaning up the mess after it happens, the other advice frequently given is still “be careful." Dell offers the following advice on their security page:

"Use caution while downloading and installing free software programs found on the Internet. Make sure you only download software from known reputable sources. Read user agreements and privacy statements to get a clear understanding of other software that may be bundled."

Microsoft’s advice is similar: "Only download programs from Web sites you trust. If you're not sure whether to trust a program you are considering downloading, ask a knowledgeable friend…"

That's their way of effectively recommending you never try a new program from any source you haven't already tried. Seems pretty unpractical to me – and it completely ruins the chances of fortuitously discovering something useful, like Firefox, Open Office, or even small but efficient applications like Trillian, SlickRun, and Print Screen . Wasn’t every Web site, Internet service, and computer application you've tried unfamiliar at one time? How can you expect to utilize the maximum potential of the Internet if you're constantly restricting yourself to your immediate comfort zone?

To review, the best how-to avoid Web security threat advice you can get often consists of the following suggestions:

1. Don't use the Internet.
2. If you have to use the Internet, only go to sites you know.
3. If you have to go to sites you don't know, buy software to protect yourself in case your computer is infected.
4. Barring all else, use extreme caution.

The SiteAdvisor Approach

At SiteAdvisor, our mission is to provide you with straight-forward disclosures about the consequences of online actions, especially ones taken at Web sites that aren't forthcoming about their spammy, spyware-installing, or flat-out malicious intentions.

Like many of the Web safety advisors above, we believe that knowledge is power. When properly guided, users can make smart, safe browsing decisions. Where we depart from our friends at Dell or Microsoft is that we simply believe it is our job, not the average consumer’s, to find out whether a new site or service is going to compromise a computer’s safety.

We believe that by taking this burden off of the user's hands, SiteAdvisor inspires confidence to explore the Web again, to discover new services, vendors, programs, activities, and communities. Imagine an uninhibited hippie dancing in the rain at a Grateful Dead concert – that could be you, or at least your online state of mind.

The Web is a vast expanse that's continually getting bigger, and we believe, worth traversing with a sense of confidence and adventure. So, empowered with an advisor by your side, we encourage you to get out there and explore it.

As always, let us know what you think by giving us feedback or by commenting below.