McAfee SiteAdvisor Blog

Heh, yeah, the lyrics site question got me too. But then again, I don't browse lyrics sites when amaroK fetches them right into the music player. =) And as you can see, I believe in text smileys. =)

And Blubster got me as well - but I would have done some research from outside of that particular site before touching that. Lots of P2P software comes with spyware, without prior knowledge, assume it does. Do your research before using them. And, as the recent eMule site comparison showed, go to the app's *real* site, or a mirror site *they* list or approve of. (*cough* back in the day, some people added spystuff on good, honest open-source P2P apps and then stuck those on Download.com...) Of course, identifying the *true* site is a bit difficult. (So far, I haven't seen any of that stuff on sourceforge.net or like =)

I still think this test isn't that indicative, as what you're testing is not people's ability to recognise unsafe sites, but people's abilities to make a value judgement on whether or not a site is safe using a very limited subset of information - in this case, just a partial screenshot of the website's front page.

Additional information that can be gleaned was not made available, such as the targets of any URLs on the page, information from the status bar, the address bar, or any other dynamic information that may be revealed by the site.

I know I failed to identify some of the sites in the quiz - but then I was being asked to make a value judgement based on insufficient information - in some cases the small print wasn't visible or was barely visible.

I will admit it was an interesting quiz - but it would have been more interesting if more information about each site being shown was given.

The problem with your test is that a) for the lyrics site, you showed images of the sites using Firefox, then asked a question about ActiveX. ActiveX wouldn't work on Firefox, so the question about which site is safe becomes a moot point. Firefox wouldn't run ActiveX scripts (you must be running Internet Explorer for ActiveX to run) so visiting either site would have been safe. B) On the Bearshare screens, there is a link that is clearly visible for an adware-free version of the package. This negates the listing of Bearshare as being adware, as they advertise it directly on the screen that you posted. C) Basing a quiz on just a few screenshots negates the validity of the quiz as you did not provide the full web page for viewing, hiding information that the visitor might have noticed to begin with.

I thought that this test was bogus and performed in completely the wrong manner. The question about lyrics struck me as complete foolishness. The screenshot of the malware site had no possible way of telling that activeX was being used. Where is the ActiveX installation that you agreed to? The safe site it was being compared to had a popup being blocked, which is often used by dishonest sites. Perhaps that would explain why 72% answered incorrectly? It's not the 'simplicity and clean look' of the bad site, it's misleading screenshots. Come on!

Ok, ppl... this test was a joke, right? A really bad joke, in fact. I wonder... how many points would have SiteAdvisor's logic get on this "picture-test"?
You should also add a "small print", stating, that "we just wanna make you look stupid, to get you into buyin' our product"

This is a very poor test that does not present all the variables to the test taker. Identifying spyware/malware takes more than just looking at a web page.

How can I be expected to identify an ActiveX install without being shown how the actual site delivers that?

Also the test taker was expected to make a choice on one of the sites. When being forced to make a choice you can pad your result data set with higher numbers of failings. The true way is to not visit any of these sites at all. The majority of them are breeding pools for nasty spyware.

Boo to your test.

I, for one, think this is a really great quiz.
At least is raises your awareness about ad- and spyware, if nothing else.

How many people do read *all* of the screen before clicking a link or a download-button?
How many people just click "Yes" on that annoying dialogue to coninue their download?

I think the results are even flattering, as people taking this test already have an interest in (blocking) ad- and spyware...

Just my 2cents.

I wouldnt use any of these sites, Im just not interested.

For p2p I use bittorrent or in rare cases, DC.

So I guess Im safe anyway. Especially since I surf with Linux and not windows.

...well,i got 6 out of 8,because I was obliged to choose an answer.It would be 8 out of 8 if i had the right to not choose/trust nothing of both,as i do in my life as a "web citizen".So,regarding the statement "but with SiteAdvisor,you actually CAN find the good,safe and free stuff that’s out there on the Web",my simple reply is that you can find it in just 2 places:Freshmeat and Sourceforge.And there's no need is that there's no need for SiteAdvisor or any other similar "product" either...

Thanks to all of you who have shared your thoughts on SiteAdvisor’s Spyware Quiz. In response to some of your comments, I’d like to clarify that the intention of the Spyware Quiz is to illustrate that there are generally no tell-tale indicators on a site that immediately let casual users know that downloads may contain spyware. We have heard users claim that they can instantly distinguish between safe and dangerous sites just by looking at them, but our quiz shows that this is rarely the case.

Savvy Internet users may be able to make such determinations after closer examination of a site, but we do not think it is reasonable for typical users to always have to dig deeper to find out about a site's risks. Some criticisms made the point that it is the user’s responsibility to investigate the safety of web sites. While we don't advocate ignorance, we believe that it is more efficient for a few security experts to provide advice to the general Web consumer than for individual Web consumers to attempt to become security experts.

SiteAdvisor aims to provide users with immediate information about our experiences at a site to help users surf the Web safely without having to expend extra time and effort investigating whether a site poses any avoidable nuisances.

Once again, thanks for your feedback.

While I loved the quiz, I'm afraid that your conclusions aren't quite valid. I took the quiz without the same scrutiny that I use when browsing, as I would imagine many folks did. In fact, I never browse online file sharing sites like Kazaa, nor free smiley sites. I've been active on the web for a long time. Initially via the old university Bulletin Boards, and then with the Lynx browser. (Showing my age!). I've always used whatever web security was available at the time,and have never been infected by spyware nor virii. I'm sure there is a certain amount of luck involved, but mostly because I am usually sensible and careful.

The care and attention I gave to the quiz does not come close to that which I use when browsing for real. And I would wager that also applies to the majority of those taking the quiz; most here who would take the time to take the quiz are probably much more careful than the average web user - average web users don't visit siteadvisor.com!

I thought the quiz was interesting,noticed most was upset not being able to read it,only had to click at the bottom of the picture on the right,then right hand corner of the little square when a box pops up and you could have been able to read *see* it,this quiz was only for visual.what if you couldn't read and had to recognize visually.questions to think about;you never know what you have til you lose it. Have a blessed day folks!!

While I found aspects of the test lacking as well, especially the "pop-up warning" shot, I will forward it to people I work with who are basically eager to download spyware as long as they get their "pretty screensavers" and their "funny smilies" for free. Perhaps they'll check a site before downloading from it if they know they can do so.

Aside from the obvious huge pinch of salt that any of these results should be taken with (the jpegs are crafted deliberately to try to be ambiguous whereas in real life you would have more information available before downloading or signing up for anything.) I also have a beef with your script. It gave me 5/8 to begin with and then said that I had not provided answers for two of the file sharing question. Indeed I had, and whe I went back and did it again I got the 7/8 I deserved. I wonder how many more people were miscounted in this way.

The one I got "wrong" was the ActiveX one, mwhich since I was using firefox, as was the screenshot, would not have effected me.

A big D- for the advertising-fluff-generation department. Bad questions and answers do not a statistically valid survey make.

anysonglyrics was my "daddy" once upon a time.. and i learned from it.. but there are more and more advertising sites who represent a threat to the browser. i recommend using siteadvisor, FF and some ad-blocker like zone alarm ,ad-aware pro or something similar

Lyric sites fooled me and I checked BearShare as "safe" because I only know the name , Didn't even check it out... And because the web looks so clean...

*Lyric sites question was "HARDCORE" one ! wow :P

Oh man, the lyrics one... What would you think of a site that has a huge advertisement saying "Get the right answer for "Who's this actress?" and earn a FREE CELL PHONE... Poor, poor question. No one that has a minimal of intelligence would click that.

As for the blubster one, well, i really didn't know it, so, i couldn't have answere correctly...

I give you a question: ActiveX controls run on Firefox???

I think that the test is good because it only gives you a screenshot of the page and sometimes thats all that you can see when spyware and other malicious code might be everywhere on the site. I disagree with the first couple of post.

Hello all!

I took the test and managed to get all of them correct. I was a bit concerned about blubster though. That was the only one I had troule with as it did not have any text around it or anything that could easily give it away. You'd have to read the privacy policies on that one ;).

I do think it is sad how so many people are un-able to tell good, clean software from spyware infested crap. Infact, I do random work on people I know or have been aquainted with computers. One of the things I find myself doing too much is either A) Reformating their PC do to a highly corrupted system caused by ignorance, spyware or viruses, B) Removing a motherload of spyware from their pc C)Teaching them how to stay safe on the net.

Don't think that is the only thing I do though, I have also done the usual upgrades, pc builds and misc things on a PC with an operating system.

I only scored 3 out of 8 but then I don't visit or use any of these type of sites. If I download anything I am extremely careful to examine a site and if in doubt I leave it out. As well I research sites and software on the web to see if anyone else has had a problem with it. Also I run anti-spy, anti-ad and anti-virus programs regularly and run programs that let me know if anything is being placed in a Startup directory or registry. Plus I have a router and a firewall. Needless to say I have never had any kind of infection.

The test told me I am at risk however based on my security precautions and perfect record, even though I scored very low on the test, I feel that people like me who employ the proper security software are at very low risk of an infection.

Take care,

Liam

Whenever I am about to download something I make sure that I run a search for that product with "spyware" added and if I find it suspicious then I don't even touch it let alone download it.


Sometime I even download from two or more different sites (if MD5 Checksum is not included by the original site) and then compare and then if match then use it to remove any possibility of viruses.

I agree very limited info, no way to look at source code, and no real way to scope it out. Enumeration, Superscan, these are the tools I use most of the time and they are all freeware.

Still intresting to take the test.

Dayglowdean

PS: sounds like some smart people here(Possible web fourum to members to talk and exchange ideas and methods to help us learn to make this a safer place) This is a great start

Adding the Firefox screenshot was unfair to those of us who have NEVER used Firefox. ANY time a site asks me to run an ActiveX control, I decline and GET OUT!! Therefore, I am most definitely going to choose a site that shows a blocked ActiveX control as unsafe. This test was not just testing our knowledge of sites, but of internet surfing programs also.

AHHAHAHAHAH you didnt fool us! We got 8 out of 8 fools! HAHAHAHAHAH!

Lyrics got me cause I didn't like either site...but the "good one" had a pop-up so I tagged it as bad.

The 4 choice one really stumped me. Yeah, I fell for the clean look on Blubster, which is almost always used by trusted sites. As for the others...I would have never looked at any of them anyway.

Smilies, Games, and Screen savers are easy to determine, cause things like "FREE", "DOWNLOAD NOW" and lack of a Contact page indicate trouble.

Dear Sir/Mdm,

Though I've never been to these sites before. I have always disagree on fancy sites with non-informative info about what is the actual content, so those are the ones that kill. And of course, through experience and helping out friends with some of those shareware programs.

As for this test, I really enjoyed it, especially the one with the ActiveX download, that was the trickiest one. Though, it is tricky, it is true that many sites do not say what they potentially have. I really enjoyed this test.

Sincerely.

Heh, some people said "poor quiz, etc etc". But it's those people that generally get the most and hardest spyware/malware/adware.
"I need to explore the site more to be able to tell if it downloads Spyware"

We tried to WIN at this quiz. That is how you get suckered into websites - to be a WINNER for something FREE. It is human nature to want something for nothing! Thanks for the FREE DOWNLOAD by the way :)

great test... a little to easy though.

"Overall, 95% of users made assessments that, in the real world, would have landed them at an unsafe site." This is just plain wrong in my case.

I got 7 of 8 right but I believe your "math" would say that I was among those who were not safe which is completely wrong. The only one I marked incorrectly was emule. I would not have been at risk due to that choice. I would have been safe I just wouldn't have visited a site that appears to be safe.

I also agree with many others that your quiz isn't terribly useful. I would have avoided all of the types of sites you chose to compare simply because I know so many are unsafe and I don't have any interest in the stuff they offer.

I enjoyed completing the task, however, it's unrealistic.

It was merely impossible to rate the websites through imagery.

i had fun. i wish the second half had a privacy policy. i really f'd up on the second half but i found the emule vs kazaa one extremely easy. i didnt even have to look twice. aah, the power of rumors. i tagged azlyrics as unsafe cuz i use it occasionally and get several pop-ups. oh well it was fun though.

7/8. :-) Got Kazaa wrong, what a joke. As I read through the comments below, I gave myself a little laugh. Come on guys, this is only an illustration of how the Internet can be really bad, not a very accurate test, I must say. It is a fine one, but not the best. But then again, don't take this test too seriously, I mean, if you score like 6/8 and clearly know what you're doing, consider yourself pretty much safe already. Take the test results with a pinch of salt, no test is perfect.

However if you get 6/8 correct through pure luck, then you might wanna re-evaluate your surfing practice. I took this test just to see whether my Internet knowledge has served me well or not, and it at most just give a rough estimation of where I stand.

I scored well, but less well that I expected. If given a real link (dangerous, really) over an image I'd certainly had a perfect score, but I'm paranoid - and it's b*ds like these that made me this way.

I only got 2-out-of-8 correct, good thing I am with McAfee SiteAdvisor!!!!!

Although, I understand where some of you are coming from saying that this quiz was bogus as far as what you expected as a result. But if you think about it, this quiz is a perfect example of why you need to be careful when it comes to sites. You can't judge a book by its cover, nor can you judge a website by its design or look. This quiz showed rather effectively by the bad scores that you can't just look at a website and be able to accurately make a judgement call either way on whether or not it is a safe site.

The Morale of the story is...look into the site and do reearch on it before assuming it is clean and unless you can find concise evidence from a trusted source saying it is clean don't allow it a whole to attack you through (i.e.: don't give e-mail address, download software, etc.)...

"It turns out that in order to view the contents of anysonglyrics.com, you must agree to an ActiveX installation that bundles the Zango Search Assistant and Zango Toolbar."

Are you saying a person using the site has to click "I agree"? That information is not available in the quiz but would be apparent to the user. Or are you saying the first visit to the site constitutes "agreement"? Because these are 2 very different situations.

I'd consider myself to be very well versed in computer security; I aced the phishing test on this site. But I must admit a partial defeat here.

The professional / clean look of the nasty sites is what threw me off. Blubster especially so.

Thankfully I use a web browser that does not use ActiveX (firefox), an extension that I can use to block malicious sites (adblock), a modified hosts file, anti-virus that updates daily, spybot - with all of the advanced stuff let loose, peerguardian, a decent firewall, and of course site advisor. I always turn off Java, JavaScript and Meta Redirects when I'm visiting a site that might be risky.

Still - one must be very careful

I got the lyrics question correct-only because I always go there. Never heard of the other one tho. I actually wronged the screensavers and games questions. To tell you the truth, I never searched for either of them, so I'll probably be blurr about them. I still think these site advisors stuffs are unneeded...

for some reason, I got everything but e-mule correct, it said tightrope walker and I would have gotten spyware. it is weird.

7 out of 8... like all the rest, I get caugth in the lyrics site :(
But I think the test is great, and for everybody here saying that a screenshot hasnt sufficient info to decide, come on!!! will you read ALL the site info before making a single click?
When i'm searching for things I have 20 pages open at once... I can't read every single byte of info of every page before making a click... you need to quickly asset the page in a couple of seconds and decide... that's why this quiz is great!
Of course no one is perfect and that why I have 8.5 + AntiSpyware installed on my machine! I just simple don't surf without McAfee AntiSpyware.
Have a great day!!!

BOY, DO I HAVE A LOT TO LEARN ABOUT PROTCTION!!!!!!! I'M ASHAMED OF MYSELF---AND IS THOUGHT I KNEW PRETTY MUCH ABOUT COMPUTERS AND PROTECTION!!

I think I did pretty well considering I think these were pretty tough (the last 4 questions). But the more you learn the more you know. I thought it was a great quiz, both of them.