McAfee SiteAdvisor Blog

In 2006, you know you’re famous when your face has been immortalized as a screensaver and is cascading across the screens of millions of PCs worldwide. The extensive selection of screensavers celebrating the wildly popular reality show American Idol exemplifies the celebrity status of the top ranked contestants.

With the aid of a search engine, doting fans can easily find and download screensavers of their favorite Idol hopefuls. But searchers beware. Indulging your desire to create a desktop shrine to your Idol obsession could be extremely detrimental to your PC. Screensaver downloads are notorious for bundling intrusive spyware and adware programs that clutter your PC, slow your system’s functionality, invade your privacy, and serve annoying pop-up advertisements.

Not all searches for American Idol screensavers are created equally, however. Some contestant screensaver searches pose much more risk than others. So who’s the most dangerous American Idol hottie to search for?

Avid American Idol watchers ourselves, we had to find out. We searched Google for the names of top twelve American Idol contestants plus the word screensaver and calculated the percentage of dangerous site links returned on the first page of search results.

And the most dangerous Idol is…

Searching for screensavers for quirky gray-haired Taylor Hicks, still in the running, produced the riskiest results: 46% of first page search results came back red. Recently booted Colorado stud Ace Young came in next with 36% red search results and Bucky, Kellie, and Lisa all followed at 27%.

Percentage of red screensaver search results for American Idol’s top 12 contestants

The safest search was for Melissa McGhee, yielding 0 unsafe results. Her popularity plummeted in mid-March when she was voted off after forgetting the words to Stevie Wonder’s “Lately.” She may have been the first of the top 12 to be sent packing, but she won our screensaver safety contest. Her parents must be so proud.

The most frequent offending link was screensavers.com, which appeared in search results for 8 out of the 12 contestants. Just read our user comments for the site and you will want to stay far away. One user’s one-word summary of the site: “Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.” Ezthemes.com and starpulse.com, two other sites with risky downloads, each showed up in one third of the contestant searches.

Parental Advisory: Explicit Web Sites

Our search for hunky Ace was particularly colorful. The second search results took us to azter.com, a site offering risky downloads galore and some rather sexually explicit content (perhaps inappropriate for Ace’s younger audience?). In addition to red rated spyware sites, Ace’s searches also yielded spammy ohmygoodies.com (coincidently another adult-themed site) as the fourth result. After entering our e-mail address on this site, we ended up with a whopping 1401 e-mails per week! We love you Ace, but we’re not about to venture onto these sites for you.

The Dangers of Idol Worship

A Google search for Taylor Hicks Screensaver returned 46% red sites.

American Idol has certainly become a national phenomenon. Each week over 30 million addicted viewers tune in to watch aspiring rock stars and divas sing their hearts out in the hopes of achieving the American dream. Unfortunately the purity of contestants’ passion and ambition is tainted by the greed of sketchy businesses who swiftly hop on the bandwagon to take advantage of the show’s success. Malicious activity finds a way to exploit any popular craze, and even wholesome entertainment is ripe for rip-offs.

But unlike scavenging paparazzi that plague celebrities with never-ending scrutiny, unscrupulous Web sites victimize the fans too. Fans are especially vital to an American Idol contestant’s success, so it’s rather unfortunate that adoring viewers get punished with spyware and spam after innocently searching for their favorite performer. But rather than shy away from your search completely, let SiteAdvisor’s ratings steer you away from the Web’s dark alleys and guide you to safe venues where you can Idol worship without fear.

Permalink | Comments (1) | TrackBacks (0)

In March, SiteAdvisor challenged Web citizens to test their ability to detect nasty downloads with the Web’s first ever “Spyware Quiz.” One month and 14,000 tests later, the results are clear: 95% of us are just 1 click away from unwittingly infecting ourselves with spyware, adware or some other piece of unwanted software.

Spoilers Ahead

Still haven’t taken our quiz? You may want to check it out before reading on, as we’re about to give away some of the answers. (We’d hate to spoil your fun.) Take SiteAdvisor’s Spyware Quiz.

Our quiz set out to determine how adept users are at visually detecting the presence of intrusive downloads on a site. The test asked users to identify the safe sites in popular categories (screensavers, smileys, free games, lyrics, and file-sharing applications) which are notorious for distributing spyware and adware.

The results indicate:
* Nearly every user (95%) was fooled into thinking at least one dangerous site was safe
* Based on their choices, a majority of users (65%) would have been infected with adware or spyware many times over
* Visual cues which tricked the most quiz takers included the presence of national advertisers and a clean, uncluttered design

Sooner or later, a less than perfect score will getcha

A mere 3% of quiz takers received perfect scores. The average was 4.7 correct answers out of 8, or 59% correct, suggesting that typical users will fail to accurately assess the safety of Web sites 41% of the time.

User Scores: Most users correctly answered between 4 and 6 questions.

Overall, 95% of users made assessments that, in the real world, would have landed them at an unsafe site. It only takes one wrong decision to clutter your PC with intrusive spyware and adware. So even if you have a high Spyware IQ, there’s a good chance that sooner or later you will end up on a malicious site without knowing it.

Ordinary users are clearly at risk from spyware and adware. But so are sophisticated users. Consider a user who correctly identifies risky sites 88% of the time. (That’s the 88th percentile in our data; only 12% of our quiz-takers got one or zero questions wrong.) Let’s run the numbers to see how long such a user can expect to stay safe.

If a user correctly avoids unsafe sites 88% of the time, then that user has only a 77% chance (88% x 88%) of answering correctly twice in a row. After three choices, it’s 68% (77% * 88%). So far, the odds are still pretty good. But the average Internet user makes 43 searches every month. After 30 days, a user’s chance of still being uninfected is just 2.2%. After 45 days, it’s 0.3% - less than one in three hundred.

It’s easy to poke holes in some of the assumptions above (and we’re happy to start). For one thing, searchers don’t only look in dangerous categories such as the ones in our quiz, so they probably won’t be quite as much in danger as we’re implying. On the other hand, the categories we chose are, in fact, extremely popular, and receive tens of millions of searches monthly. According to Yahoo’s keyword inventory tool, the 100 most common variants of the search term “lyrics” received 5.5 million searches in February 2006. Variants of the search term “Kazaa” received nearly 7 million.

The real takeaway is simply a mathematical fact: if you’re not perfectly clairvoyant about Web safety 100% of the time, your repeated decisions are going to put you at a risk approaching 100% as time goes on. That time will be longer for some people and shorter for others depending on their browsing behavior, but the end result is the same.

Users’ ability to judge safety varies widely

It Had to Be You…

The first four questions presented users with pairs of sites and asked them to pick which one of the pair was safe. Users had the most difficulty distinguishing between the two lyrics sites: only 28% of quiz takers successfully identified azlyrics.com as the safe site.

                  anysonglyrics.com                                               azlyrics.com

Perhaps the simplicity and clean look of the anysonglyrics.com home page made it look safer. If so, looks can certainly be deceiving. It turns out that in order to view the contents of anysonglyrics.com, you must agree to an ActiveX installation that bundles the Zango Search Assistant and Zango Toolbar. Users may also be confused by the superficial safety of viewing lyrics: Unlike screensavers and smileys (which by their nature require downloading and installing new programs), lyrics can be viewed inside an ordinary web browser, with no program downloads. Unfortunately, lyrics sites can still be unsafe: ActiveX can install unwanted programs, without users realizing they’re installing anything at all. Finally, we wonder whether advertising from well-known brands like Circuit City and Monster.com served to legitimatize the anysonglyrics.com site.

Beasts of Burden

Our final four questions asked people whether various file sharing sites bundled unwanted software. More than half of the test takers did not realize that the eMule file-sharing application is adware/spyware free. 62% of users answered this question incorrectly. BearShare, Blubster, and Kazaa (the three other file sharing programs we tested) all include adware, but eMule does not. 62% of quiz takers mistakenly tagged Blubster as safe, likely driven by the site’s clean, simple “Skype-y”design.

eMule: a spyware-free file sharing program

BearShare, Blubster, and Kazaa all come bundled with spyware.

A Reason to Smile

People exhibited the most spyware knowledge when choosing between smiley sites. 75% of quiz takers correctly classified getsmile.com as safe. Interestingly enough, the remaining 25% selected smileysource.com despite text on the home page stating that downloads include Best Offers Network software which “will collect information about websites you access and will use that information to display ads.” Clearly it’s easy for Web surfers to miss the fine print.

smileysource.com getsmile.com

Is Abstinence the Only Solution?

Some test takers posted blog comments saying they did not trust either site in our pairings, declaring that the best answer is to avoid sites in these categories altogether. Certainly such avoidance lowers your risk factor, but our findings show that total abstinence is unnecessary if a user has the right information. As we said in a previous blog entry, “the instinct to run from “free” sites is generally a good one, but with SiteAdvisor, you actually CAN find the good, safe and free stuff that’s out there on the Web. Part of why we created this test was to show that even in categories of sites that people consider dangerous, there are actually plenty of upstanding, safe sites.” Our goal is to provide users with information so they can safely take advantage of all the Web has to offer without having to limit themselves.

We know it was a tough test; it’s not easy to judge a site’s safety just by looking at it. But that’s the point. Bad sites are often very good at providing an aura of safety. So no matter how knowledgeable or perceptive you are, you can’t always rely on your instincts. SiteAdvisor can help stop you in your tracks before you stumble onto a dangerous site, and it can also help pave the way to discovering safe venues you might otherwise pass over.

Permalink | Comments (43) | TrackBacks (0)

"Pretty much everything is bad about this site...stay far away..."

Comment about coolwallpaper.com (SiteAdvisor analysis: coolwallpaper.com) by reviewer whotheheckcares.

"Whatever you do, DO NOT ENTER AN E-MAIL... inbox will be flooded with spam and crap. You probably won't get that free* gift."

Comment about freegiftworld.com (SiteAdvisor analysis: freegiftworld.com) by reviewer dylanglada.

As the above user comments indicate, our volunteer reviewers are anything but shy. And we like it that way. I’m David, the developer in charge of our user reviews functionality, and it’s my job to make sure that our users have a way to make their voice heard when it comes to Web safety.

From the beginning, we knew there had to be a forum for people to reaffirm, challenge, and supplement our automated, algorithmic safety testing of Web sites. Not only have user reviews provided a human touch that complements our analytic site data, but they also help keep us on our toes. There have been numerous instances where reviewers have found sites that are behaving badly and we have updated our rating of the sites accordingly.

We added the Reviewer Comments functionality to the Web site back in December of last year. Since then, reviewers have posted more than 16,000 reviews covering 11,000 unique Web sites. In the just the past week we've received about 1,500 new user reviews and ratings.

What’s New?

I’ve just released a new feature on the SiteAdvisor Web site called Reviewer Central. As the name implies, this new section showcases some of the best and most interesting content submitted by our users, and also serves as a forum to recognize reviewers themselves.

Among the new features you’ll find in Reviewer Central are:

• Sites on the brink: Calls attention to cases when a site is on the verge of having its rating changed as a result of user feedback. We look at what people are saying about different sites and try to find patterns where there is a conflict between what our automated results have shown and what people are saying. We then call attention to these sites to encourage additional input and debate among our users.

• Recent Reviews: highlights what sites people are commenting on right now. It shows the most recent posts and allows you to sort by the kind of sites you find most interesting. Do you love to rubberneck at the scenes of tragic computer-ruining exploits? Or do you like to commiserate with others who have been spam-bombed by some rogue ad serving site? Indulge yourself here.

• Top Reviewers: This section gives you an idea of who the most prolific and respected reviewers are and what they're talking about. Each reviewer has a reputation score based on a combination of how long they've been a reviewer, how many reviews they've posted, how accurate their ratings are, and most importantly, how other reviewers rate their reviews. Basic level reviewers can advance to designations of “Experienced” or “Expert” as their reputation increases over time.

I Know you Are, but What am I?

Does it really matter what users say about sites? Do we really care? Absolutely. For example, It was user feedback which alerted us to a whole class of sites which charge consumers for processing entries to the free U.S. green card lottery. Many of those sites were quite misleading in their claims, and after further analysis we gave most of them red ratings.

User feedback can also cause ratings to be upgraded. An example is the site albinoblacksheep.com (SiteAdvisor analysis: albinoblacksheep.com). The site originally received a red rating when our bots flagged a suspect download. The site's owner then wrote to us saying he had removed the bad download. Numerous albinoblacksheep fans also wrote in to say that they considered it a great site with nothing that should give it a red rating. This provided good supporting evidence that the bad download was indeed probably an inadvertent mistake. We have since changed the site's rating to green.

One of the best defenses against less than scrupulous Web sites is the power of a user community to spread the word and help others. Our reviewer areas are designed to give you a powerful way to have your voice heard and to directly affect the safety ratings of Web sites.

Whether you have just one gripe or kudo for a particular site, or whether you're committed to spreading the word about a particular aspect of Web safety for many sites, we hope you'll get involved and become a reviewer if you haven't already.

I'm excited to be releasing this first version of Reviewer Central. I know that we can continue to do more with this section of the Web site, so I'd love to hear your additional ideas and suggestions. Please leave us feedback either by responding to this blog entry below or by using our feedback page.

Thanks and enjoy.

Permalink | Comments (1) | TrackBacks (0)

30GB iPod: Now with more spam!

On March 23, New York Attorney General Elliot Spitzer sued Gratis Internet for allegedly selling its users’ personal information in violation of its own privacy policies. Gratis, better known to consumers as freeipods.com (and freepay.com), has received plenty of media attention, much of it focused on whether consumers actually receive any iPods. By contrast, Spitzer focused on the alleged sale of customers’ e-mail addresses that, his office says, resulted in torrents of spam.

It was the second action involving Gratis in as many weeks. On March 14, Spitzer’s Internet Bureau, led by Ken Dreifach, settled a case against Datran Media, an e-mail marketing firm that was accused of buying lists of personally identifiable information (PII) that it knew were in violation of the seller’s privacy policy. One of the primary sellers of that PII? Allegedly, Gratis Internet.

The two cases were big news on the Web. And that gave us an idea. What if we did a search for free iPods cross referenced with our test results? What would we find? To the data.

Dripping Red

Here’s the first page of my “free iPod” search on Google today:

Shop Here Free is running a free iPod offer. When we signed up, we got 64 e-mails per week. Gift Fiesta is also offering a shot at a free iPod. During a recent crawl of one of their sites, we enjoyed a 21 pop-up fiesta. (Our e-mail testing in still in progress. We’re not hopeful.) The results of our Survey Networks' sign-up were relativly painless. We got just 18 e-mails per week, on average. By contrast, Lookdog’s whopping 170 e-mails per week left our inbox with a permanent hangdog look.

And what about Gratis? The top organic result from our search was freeipods.com, Gratis’ re-direct to freepay.com.

So, aside from a brush with an Elliot Spitzer lawsuit, what does a sign-up with a Gratis site get you? We know that when we signed up here, our inbox looked like this:

The 11 e-mails per week we got from freepay.com and its advertisers is hardly a record for us. But how many potential free iPod customers would click ‘yes’ if they knew their inbox would look like this?

The Shame of It All

Web commentary about Gratis and Datran ranged from "told you so" to "shame on me." One journalist was livid:

I’m removing my referral links to these scumbags...Gratis lied to me for the story I wrote originally about the company, which did wonders for their early credibility, and then lied again for a follow-up story I wrote about its privacy practices…

That said, it seems that word still hasn’t gotten around. Here’s a guy trying to help a cash-strapped friend get a free ipod for her daughter. Two weeks after Spitzer’s I-Team filed the Gratis suit, you can still find folks who'll try anything for a chance at a freebie.

Affirmative Action

We’ll see what happens with the Gratis action. As for Datran, at least good guys won, right? The seemingly far-reaching agreement requires Datran to hire a Chief Privacy Officer who will presumably be the one to:

* Independently review all applicable privacy policies…governing PII
* Independently confirm that…consumers affirmatively opted in to permit such sharing

Has anyone ever met anyone who affirmatively opted in to have their personal information shared in such a way that their inbox filled up with pharmaceutical, mortgage and work-at-home e-mail?

We worry that the concept of affirmative opt-in is poorly defined. For example, does affirmative opt-in apply if a site notifies users on the forty seventh paragraph of a 10,000 word Terms & Conditions document that by clicking "I agree" the user purportedly consents to receive product offerings from 3rd party providers? Does the average user have any idea what "product offerings from 3rd party providers" means? That this is just a complicated way of saying “advertisements” or, less politely, spam? We think these euphemisms and hidden disclosures are bad for consumers. But we worry courts may be unduly deferential to users' supposed "consent."

We remain skeptical that government action alone will solve this problem. We’ll see if Datran honors the agreement. Even Quixote, the eternal optimist, demanded that the "the proof of the pudding is the eating." For us, the proof will be in our inboxes. Or rather, our empty inboxes will be proof that the agreement is being honored.

Permalink | Comments (2) | TrackBacks (1)

File Sharing Software Falls Victim to Clone Wars

eMule is a well regarded open source file sharing client that also happens to be adware and spyware free, and free of charge. At least, it’s free for those who can tell which eMule is the real McCoy.

Take a look at these two images:

Can you tell which one is the real thing? It took us a while, and we do this stuff for a living.

The real eMule is on the bottom, but it suffers from an ungainly URL: emule-project.net (SiteAdvisor Analysis: emule-project.net). The one of the top has a much better domain: eMule.org (SiteAdvisor Analysis: eMule.org). But eMule.org is actually a decoy, a pixel for pixel cut and paste copy of the real thing. Logo, color schemes, fonts -- it’s uncanny. The dot-org is the perfect touch, too. It makes the site feel more like a non-profit, more like an open-source software site. eMule.org even claims to be the "official” eMule site.

No matter where you click on the eMule.org decoy page, you’re sent to into the sales funnel. We decided to take the plunge.

You can imagine what came next. In short: After paying $27.80 for a lifetime subscription, we got a screen with links to popular (and free) file sharing programs like Limewire and iMesh. Click on their links, and get redirected to Download.com. What a business!

The funny thing is, eMule.org doesn’t even offer the real eMule client. We'll cover the site in more detail later, but the most important thing to know is that the decoy eMule’s business model is the same as FreedownloadHQ.com. (Like eMule, FDHQ charged us $37 for a link to download.com to get Firefox.)

68% Infected

11 out of the 19 results are red. 58%. Add in my-free-music.com, a "review” site that’s little more than a link farm to scams like red-rated mymusicinc.com and unlimitedsoftware2download.com (which leads to a high volume e-mailer called SuperbRewards.com), and the first page of results goes up to 68% red.

What this means is that unwitting consumers are playing Russian roulette with more than half of the chambers loaded.

Who Is eMule.org?

Hugo Liu, an advisor to SiteAdvisor and a doctoral candidate at MIT’s Media Lab, helped me trace the origins of eMule.org back to a server that shares its IP address with these other sites:

www.Chena.com
www.Domain-names-webhost.com
www.Filesharingcash.com
www.Legal-mp3-download.com
www.Mesothelioma-websites.com
www.Archivoscompartidos.com
www.Mariasearch.com

WHOIS data show that some of these sites are protected by the same masking service (Whois Privacy Protection Service, Inc.) But Whois history at all of these sites shows that they used to be registered to:

Registrant Name:Mr Christian A. Chena
Registrant Organization:HYPER SRL
Registrant Street1:1 de marzo 368
Registrant City:Lambare
Registrant State/Province:--
Registrant Postal Code:NA
Registrant Country:PY
Registrant Phone:+595.595213332
Registrant Phone Ext.:4

Mr. Chena is 28-year-old Internet entrepreneur from Paraguay and a domain name speculator. According to people who follow this industry, Chena sold a trio of misspelled names in March 2005 for $204,000, a profit of $124,000 over the $80,000 purchase price. The domains?

Downlaod.com, Donwload.com and Dawnload.com.

A little more digging by Hugo revealed that eMule.org is also an affiliate of MarketEngines.com, a Canadian publisher that runs an affiliate management company called CashEngines.com. CashEngines helps populate the Web with gems like freemp3lover.com and other sites that sell users "customer service” and access to free P2P file sharing software.

Is eMule.org still owned by Chena? Follow me (or rather, Hugo, who did the sleuthing) for a second:

eMule’s CashEngines affiliate ID is https://secure3.marketengines.com/04/p2p/join1.aspx?revshare=aff_isidoro

Isidoro Canones is a famous Argentinean cartoon character, the so-called "Play-Boy of Buenos Aires." Now, along with domain speculation, Chena is also the owner of http://www.animacion.com, the "official” portal of Spanish language animation.

We e-mailed Chena’s company asking if they own eMule.org. We’ll let you know if they respond. Otherwise, this is as far as we could get with the coincidences. We invite readers to see if they can push this further.

A Profitable Business Model

As an affiliate of CashEngines, eMule.org earns a bounty every time it sends a customer through CashEngine’s payment system. Payouts for music sites are $20 per customer.

It’s a typical affiliate arrangement. Since CashEngine’s costs to service a customer are near zero, they can afford to pay as much as 75% of their revenue (a $20 bounty on a $27 sale) to the affiliate. And why are the costs near zero? As we previously learned, scam software sites don’t have any significant customer service costs because they provide little, if any, customer service. We will be contacting eMule.org to ask a variety of basic P2P customer service questions. We’ll add a note here if we get anything close to a real response.

eMule Gets Its Ass Kicked

eMule is run as an open-source project. Programmers are volunteers. Hosting costs are shared by mirror sites. They have little time and no money to fight these guys. In fact, they recently added a disclaimer to their site which reads in part:

If you paid for downloading eMule, you have probably been cheated - but not by us. We suggest that you contact the website were you paid for eMule or your credit card company to arrange a refund. However we are unable to assist you in such a case because (again) we are not involved in any way in such payments so please do not mail us about refundings.

They don’t "agree” with eMule.org’s practices, but because they publish under the General Public License which allows others to study, improve, redistribute and charge for GPL software, eMule "can not prohibit such misuse.”

That said, BitTorrent recently began cracking down on sites that misuse the company’s name. And last year, the Center for Democracy and Technology successfully pressured at least one scammy site to remove the "100% legal" claim from its site. The FTC has also begun to act.

But given how easy it is to hot swap domains and press the ‘copy’ button on a site’s HTML, we think government or corporate legal actions are bound to be at least a step behind the scammers. In fact, as long as there is real money to be made by scamming, our bet is that for every site BitTorrent or the CDT is able to close down, two will take its place. That’s why all of us have to step up and do something.

Found more sites like these? Join SiteAdvisor as a reviewer and let us know which ones.

Permalink | Comments (10) | TrackBacks (0)

Dear SiteAdvisor users and blog readers,

We are very excited to share with you that today, McAfee, Inc, a world class leader in information security for more than 15 years, acquired SiteAdvisor.

This is great news for our company and for you, our users. Why?

* Greater reach: McAfee has tens of millions of existing users worldwide. We’re excited about the ability to bring SiteAdvisor’s Web safety protection to existing and new McAfee users around the world.

* Deeper coverage: by teaming with McAfee, we can leverage both McAfee’s world class security technology and leading research capabilities to bring additional layers of protection to SiteAdvisor’s already extensive safety database.

* Greater resources: McAfee will be working with us to accelerate feature development and bring you new ways to use SiteAdvisor and to stay safe and in control online.

We greatly admire the technology and people behind McAfee, and we can’t think of a better partner to help take SiteAdvisor to the next level.

As we begin to integrate with McAfee, you’ll notice lots of improvements over the coming months. But a few things won’t be changing:

* The free features in the current SiteAdvisor software. They will remain free to our current users and will continue to be available for free on our Web site for new users.
* Our commitment to provide objective safety ratings which are free from conflicts of interest.
* Our willingness to probe deeply into the actions of the malicious players on the Web and to work hand in hand with you, the SiteAdvisor community, to expose them.

I’d like to again thank all our existing users, from our pioneering Preview Version testers, to the many current users who read about SiteAdvisor or heard about us from a friend, and decided to try our software themselves.

We’re very excited about this next phase in SiteAdvisor’s development. I'm sure this news will prompt important questions. As always, please feel free to comment. I'll endeavor to provide as much feedback as I can.

Sincerely,

Chris Dixon
CEO, SiteAdvisor

Permalink | Comments (15) | TrackBacks (7)