McAfee SiteAdvisor Blog

For the past couple of weeks, we've been seeing an increase in spam advertising a fake application called WinFixer.

This particular wave of spam claims to come from a man named Pierre Boutin and is aimed at Francophones. We've also seen versions in English but the product is the same - a rogue program which gives you false warnings about viruses, then encourages you to buy the fake anti-spyware software -- which may even make things worse, according to research from Sunbelt Software.

The application has been around for awhile in a variety of forms. For example, you may have seen popups that look like Windows warning dialogs and say "If your computer has been running slower than normal, it may be infected with Viruses, Adware, or Spyware."

That's the same application. It also goes by the names ErrorSafe, DriveCleaner, WinAntiSpyware, ECsecured and WinAntiVirus. Sunbelt has also found Winfixer promoted on a series of fake security sites.

Another variant of the same application goes under the name of PrivacyProtector. The PrivacyProtector website is currently rated green by SiteAdvisor, because it hasn't had any downloads for us to test. However, we'll be overriding that to red shortly, based on its association with WinFixer.

There's already a class-action lawsuit against the makers and distributors of the program. The lawyer who leads the action (quoted in this Silicon Valley television news investigation) claims that WinFixer generates as much as $34 million per year in ill-gotten revenue:

The plaintiffs are having trouble locating the actual scammers, though: according to Wikipedia, the application and its associated domains have an ownership trail that runs through the UK, the Ukraine, and Belize.

At any rate, if you find an offer to install WinFixer or any of its relatives, don't. And if it installs itself, don't pay for it-- look for a way to get rid of it, instead. You can protect yourself by using SiteAdvisor, and also by using the Firefox web browser, which may be somewhat more resistant to automatic installation attacks.

Permalink | Comments (12) | TrackBacks (0)

Hey, you know what would be fun? Taking the kids to one of those renaissance fairs. We'll be able to walk around outside, and the kids will enjoy the candy apples and costumes. They might even learn something. I think it's next weekend-- it's called King Richard's Park, right?

Uh oh.

There are numerous renaissance festivals named after King Richard, most of which are good family fun. But one fairground, King Richard' s Park.com, isn't exactly worth a trip. Instead, it's a site that behaves in a most unchivalrous fashion: when we visited, it installed a toolbar on our system without even asking for permission.

Rogue toolbars can do just about anything (see this Ars Technica article on malware for background and some examples) but in this case, it's serving up unrequested, unwanted advertising as part of the notorious CoolWebSearch system.

But to be honest, we don't even have to know what it does to know that it's up to no good. If you found an intruder in your living room at three in the morning, you'd know something was wrong. If they had any business being in your home, they would have knocked.

King Richard's Park is a great example of a site that uses two tricks at once. It attracts visitors by using a URL and keywords which are confusingly similar to legitimate pages, and then uses a broswer exploit to install software without permission.

Who suffers? The consumer who makes the typing mistake and the legitimate business that lost a potential customer. In this case, most visitors are probably looking for King Richard's Family Fun Park, or a renaissance festival like the one described at kingrichardsfaire.net. If you're looking for 16th-century-themed fairs and events in your area, try the list at renaissancefestival.com.

Note: as of press time, the exploit seems to have been removed from the website, but it remains a misleading URL.

Permalink | Comments (2) | TrackBacks (0)

Ranking the Riskiness of MTV Music Video Award Nominees

And the award goes to… Yung Joc and Nitty! The MTV Video Music Awards won't air until August 31, but the results from the McAfee SiteAdvisor "Most Dangerous Lyrics Sites" Survey are already in. So whether or not Yung Joc and Nitty take home one of the coveted "Moon Men" trophies at this year's VMAs, they have already outranked the competition by having the most hazardous lyrics to search for online.

While casting your vote for the best videos and watching the MTV awards show may be a fun and entertaining way to celebrate your favorite musical artists, searching for the lyrics to your favorite songs might leave you in a bit of a funk. (And we're not talking about explicit lyrics content.) With more than 22.3 million searches for lyrics terms being conducted each month (more on this later), this site genre is a prime target for malicious players. Unsafe lyrics sites pose serious dangers: browser exploits, Active X controls that install spyware or adware, excessive pop-ups, and links to other unsafe sites.

The McAfee SiteAdvisor Most Dangerous Lyrics survey ranks the MTV VMA nominees by the danger of their lyrics searches. After searching Google for each of the nominated artists and songs plus the word "lyrics," we analyzed the safety of the search results using McAfee SiteAdvisor's ratings database of 6.4 million popular Web sites.

The most dangerous lyrics search was for Yung Joc and Nitty's song "It's Goin Down," for which 70% of search results were rated red or yellow by McAfee SiteAdvisor. Christina Aguilera's love profession "Ain't No Other Man," came in second with 60% risky results, earning her the title for Most Dangerous Female Video and Most Dangerous Pop Video. Tied with Aguilera for second place overall, Common's "Testify," and Three 6 Mafia's "Stay Fly" also won for Most Dangerous Hip-Hop Video. On average, 36% of lyrics search results for the nominated songs were links to risky sites and all searches for the nominated songs returned at least one risky site on the first page of results. Green Day's "Wake Me When September Ends" returned the safest lyrics sites with only 10% risky results. Read the full results.

SOS (save our systems)

One of the most frequent search result offenders was Anysonglyrics.com, which appeared in searches for 22 of the 44 nominated songs. Anysonglyrics.com insists that its users install an ActiveX control from Zango – giving users Zango's pop-up ads and a Zango toolbar, as well as sending detailed information to Zango about what users search for and what web sites and pages users visit. The site attempts to justify this download by claiming that Zango allows the site's content to be free. But we think the Zango adware installation is misleading for a few reasons.

* The content at Anysonglyrics.com is already available elsewhere for free.
* Accepting Zango may give some users the false impression that money from Zango (and its advertisers) flows through to songwriters, in compensation for reproduction of their lyrics. Zango says "This website is free thanks to Zango … because it's paid for by advertising." But it's just not true: Zango's advertising payments do not flow through to the songwriters who wrote the words on the site. As best we can tell, Anysonglyrics pockets the money it gets from Zango; it doesn't pay that money out to songwriters or music publishers. We're not here to opine on the question of whether Anysonglyrics needs to pay for the lyrics it presents; the music industry says a license is required, and the EFF disagrees. But whatever the answer, Zango's inclusion doesn't help the legality of the Anysonglyrics site.
* Zango's adware and toolbar are completely unrelated to Anysonglyrics.com's content and functionality.

ActiveX controls are frequent nuisances on lyrics sites. Lyricsmine.com also requires the Zango-bundled ActiveX control to view the site's lyrics. The ActiveX controls that we've found on duble.com and lyricsandsongs.com were even more noxious. In our tests, these ActiveX control downloads included, ImIServer, IEPlugin, Roings, and istbar. Once users have visited these sites, Rihanna won't be the only one singing "SOS."

What's Left of Me… and My PC

Just as Nick Lachey mourns his marriage in "What's Left of Me," fans of the soulful stud may be singing a sour tune after searching for his lyrics. His lyrics search results included exploit site Lyricsandsongs.com. This site served excessive pop-ups, which on occasion breached browser security on our test PCs. VMA fans run a very high risk of landing on this site: Lyricsandsongs.com appeared in search results for 70% of the nominated songs, providing ample opportunity for user click through. Emp3world.com, found in our lyrics search for Shakira and Wyclef Jean's "Hips Don't Lie," also made unauthorized changes to our test PCs. Using a hidden iframe, emp3world.com attempted security breaches including cursor and WMF vulnerabilities. This allows malicious code to install a trojan downloader onto the system which can then be used to install other unauthorized programs. For these exploit-infested sites, simply browsing can be harmful to your system. Steer clear.

Who's been linking up?

Relationships between Web sites can help boost traffic. They can also make or break a site's safety rating. Lyrics sites are often rated red due to links to other dangerous lyrics and mp3 sites. Lyriczz.com, found in searches for Black Eyed Peas' "My Humps" and Chamillionaire's "Ridin'," has a red link score for linking to other red lyrics sites, including duble.com and lyricsandsongs.com. Its link analysis also reveals that users are only a click away muzlyrics.com, which then links to malware site coolwebsearch.com.

Nothing to Sing About

Some of our previous surveys have assessed the dangers of searching for screensavers of American Idol contestants, summer blockbusters, and World Cup and baseball players. Our lyrics survey confirms our earlier findings that malicious activity often follows pop culture to take advantage of innocent fans. According to Yahoo!'s keyword selector tool, there were 5.1 million searches in June 2006 for the keyword "lyrics" and its top 100 variants. Since Yahoo! search accounts for 23% of all searches, we estimate that there are over 22.3 million total searches per month for lyrics search terms. It's no wonder that scammers have invaded the lyrics space.

The prevalence of dangerous results found in popular lyrics searches is alarming, but music fans need not abstain from searching for their favorite prose. SiteAdvisor's ratings show can help steer users to safe lyrics venues. Stay in control of your PC as you gear up for this year's VMAs. Let the show's celebrity antics and wild outfits supply the shock value instead.

Red Carpet, Red Sites

Chart 1: MTV MVA: Top 10

Chart 2: MTV VMA: By Nominee

Chart 3: MTV VMA: By Category

Permalink | Comments (1) | TrackBacks (0)

Are screensavers really a problem?

For a parent, there's nothing quite like watching your monitor morph into a Power Ranger as the screensaver kicks in. Little Jimmy or Janey's been downloading software again! If only it were all fun, games and kung-fu.

We in the technical community are aware that screensaver downloads often come with potentially unwanted programs. Yet typical consumers conduct 15 million searches for screensavers every month. The problem, in our view, is that the screensaver "freebie" often comes with adware strings attached. And it's not just consumers. Major advertisers continue to use adware vendors. Remember the recent episode with Warner Bros. and Zango?

Using SiteAdvisor data, we decided to measure the prevalence of adware distribution on sites distributing screensavers associated with kids TV shows. The results were not pretty.

Kids TV Shows graded by the safety of their screensaver searches

We counted 318 children’s television programs currently airing on English language networks in the United States. We decided to search for screensavers for each of these shows to see how risky it is to put a Rugrat, a Powerpuff Girl or a Flintstone on a desktop.

Each of the three aforementioned programs all returned 50% or more risky sites on Google’s first page of search results. And that’s just the tip of the iceberg. A staggering 85% of all kids TV show screensavers searches returned at least one dangerous site on the first page. 20% of all shows returned search results where half or more of the sites were risky. A child or parent who searches for a Gilmore Girl or Kenny the Shark screensaver and clicks randomly on the results has a 60% chance of landing at a risky site.

The Center for Exploited Cartoon Characters

SiteAdvisor rates sites red and yellow for a variety of security threats and annoyances including spyware, viruses, pop-ups, e-mail practices like spam, scams and browser exploits. What follows are the 50 most risky shows to search for, ranked by the percentage of links to red and yellow sites found on the first page of Google search results.

Rank Television Program Risky Sites 1 Power Rangers 81.8% 2 Ren and Stimpy 80.0% Rugrats 80.0% Yogi Bear 80.0% 3 Smurfs 72.7% 4 2 Stupid dogs 70.0% All Grown Up 70.0% Boy Meets World 70.0% Hey Arnold 70.0% Phil Of The Future 70.0% 5 All That 66.7% Pokemon  66.7% Teenage Mutant Ninja Turtles 66.7% 6 Cow And Chicken 63.7% Kenny The Shark 63.7% Little Bear 63.7% 7 7th Heaven 63.6% 8 Gilmore Girls 61.5% 9 Berenstain Bears 60.0% Cabbage Patch 60.0% Courage The Cowardly Dog 60.0% Full House 60.0% Jack's Music Show 60.0% Josie And The Pussycats 60.0% Justice League 60.0%

Rank Television Program Risky Sites Sabrina the Teenage Witch 60.0% Yu Yu Hakusho 60.0% 10 Mickey Mouse 58.8% 11 Bob The Builder 58.3% 12 Amanda Show 54.6% Croc Files 54.6% Curious George 54.6% Batman: The Animated Series 54.5% Powerpuff Girls 54.5% 13 Dora The Explorer 53.8% 14 Barney 50.0% Bear in the Big Blue House 50.0% Code Lyoko 50.0% Dexter's Laboratory 50.0% Dungeons and Dragons 50.0% Flintstones 50.0% Foster's Home For Imaginary Friends 50.0% Franklin 50.0% Huckleberry Hound 50.0% Jay Jay 50.0% Johnny Bravo 50.0% Kim Possible 50.0% Lilo & Stitch 50.0% One Piece 50.0% Popeye Show 50.0%

The full list can be found here. How unsafe are the screensavers for your child’s favorite TV show?

Go Go Mighty Morphin’ Screensaver Spyware

The Power Rangers franchise is a 13-year old mega-hit that currently airs on various Disney networks like ABC Family and Toon Disney. It’s also this survey’s most risky screensaver search – more than 80% of results link through to risky sites.



One first page “organic” (non-sponsored) link for “Power Rangers Screensavers” leads to starpulse.com (McAfee site analysis), a celebrity Web site that uses screensavers.com (McAfee site analysis) as its desktop theme provider.

Every time a starpulse user installs a program from screensavers.com, starpulse earns an "affiliate" commission. Screensavers.com then earns its own commissions by bundling an adware program called Starware (McAfee program analysis) and a tracking program called Relevant Knowledge (McAfee program analysis).



After we installed Starware, we noticed that the SiteAdvisor plug-in mysteriously vanished from Internet Explorer. Why? It could be intentional, or it could be some kind of toolbar incompatibility. But we’ve tested SiteAdvisor on systems with plenty of other toolbars, and we’ve never seen any other toolbar make our plug-in disappear. We then installed Starware with both SiteAdvisor and Google toolbars in our browser and both disappeared.

SpongeBob SquarePants Soaks Up Red

SpongeBob SquarePants is a highly rated show that airs on Nickelodeon. A crossover hit that also attracts adult watchers, the cartoon sponge starred in his own film in 2004, grossing $140 million internationally. This underwater phenomenon is also popular with adware vendors. Fifty percent of all first page screensaver searches for ‘SpongeBob SquarePants screensaver’ lead to red and yellow rated sites.

The Sketchy Five

appleblossomart.com (McAfee site analysis) is the first organic search result for ‘SpongeBob SquarePants screensaver.’ At first glance, the site appears to offer free desktop themes. Perhaps anticipating users’ skepticism, the site offers a link labeled "click to see why my Screensavers are free". But the resulting page inexplicably offers no information about the site, its business model, or why or whether its screensavers are free. Instead the page merely offers what appears to be a sincere request for donations to groups trying to find a cure for Fibromyalgia.

On the actual download page, Spongebob fans learn that “the first few downloads have advertising software which pay for the file storage and can be easily removed in Add/Remove programs.” It turns out that www.appleblossomart.com is a distributor of adware-bundled screensavers from ezthemes.com (McAfee site anaysis). Five unrelated programs are included with this screensaver.

Potentially Unwanted Program #1:



Potentially Unwanted Program #2:

Potentially Unwanted Program #3:

Potentially Unwanted Program #4:

Potentially Unwanted Program #5:

The Screensaver:

Some adults may take the time to learn about these programs. But children are especially vulnerable to blindly clicking “yes” at each prompt – then the family PC is infected with adware and worse.

Explaining our Report Card

This is our first investigation regarding children’s television TV shows, and some readers may be new to SiteAdvisor’s testing and rating methods. Here’s a brief synopsis:

We establish a Web site's rating by examining a wide variety of information. First, we evaluate a Web site's e-mail practices by signing up with a unique, one-time-use e-mail address and tracking what e-mail arrives at this inbox. Then, we download any files offered by the site and test them for adware, spyware, viruses and more. Next, we inspect the Web site to see if it employs annoying practices such as excessive pop-ups, and we analyze a site's links to find connections with other sites our tests flag as red. We also test sites for so-called "drive by downloads" or breaches of browser security. Finally, we combine our own review with user feedback.

For this survey we collected the titles of 318 kids shows airing on the following networks: ABC Family, Cartoon Network, Discovery, Disney, Fox’s 4Kids TV, Kids WB, the N, NBC, Nick GAS, Nick Jr., Nickelodeon, Nicktoons, Noggin, PBS Kids, TLC, and Toon Disney. We then added the word 'screensaver’ to each title (e.g. 'Dora the explorer screensaver'), and we ran each phrase through Google. We ranked the results by the percentage of first page listings pointing to red or yellow rated sites. We weigh sponsored and natural links equally. (Research indicates that typical users make no distinction between the two types of results.)

We acknowledge some limitations with this survey. We limited our search to Google, and we only checked one page of results. We did not use common Google "hacks" like putting names in quotes to improve accuracy. And we recognize that people use many different keyword combinations in search of the perfect screensaver, combinations that yield safe site percentages both higher and lower than the ones we report today. We ran these names on August 9th, 2006. Because search engine results change frequently, a user searching today using our software is likely to find different results.

That's Not All Folks

The news isn't all bad. The Warner Bros.-Zango episode we mentioned earlier was brought to a succesful conclusion by the power of the Web:

Three months ago, Jimmy Daniels at RealTechNews posted that Warner Bros. was promoting Zango (previously known as 180Solutions) when users requested WB’s kids content. Chet Faliszek of blog Donotreply.com followed up the next day by pointing out that the site’s terms and conditions include the following gem:

“Please note that you may receive Adult-oriented ads…”

Faliszek helpfully suggested that users digg the post. Flash forward 10 weeks. Daniels stumbled on the digg entry. One day and some 5,000 diggs later, Brian Krebs, security columnist for the Washington Post, wrote that Warner Bros. decided to sever its relationship with Zango.

Chris Boyd at Vitalsecurity.org wrote up Zango’s entanglement with Dollavs.com, an avatar site focused on kids. The domain now appears to be parked. And SiteAdvisor advisor Ben Edelman wrote about Zango products delivered via dollidol.com.

SiteAdvisor has written about the complexity of privacy policies of children’s Web sites and the use of free smileys to encourage adware downloads. For what it’s worth, Zango denied that its now-severed Warner Bros.’ relationship had anything to do with kids. In fact, according to their marketing policy: "Zango has a long-standing policy against marketing our software to anyone under the age of 18."

The bottom line: protect your computer from being squashed by an ACME anvil. Install our free McAfee SiteAdvisor browser plug-in, and tell your children that red means no and green means go.

Permalink | Comments (2) | TrackBacks (0)

MLB's greatest players and teams ranked by the danger of their screensaver searches

Barry Bonds, Derek Jeter, and Albert Pujols are household names for any baseball fanatic. They also lead the pack of the most hazardous players in McAfee's survey of the most risky baseball screensaver searches. We tested each of Major League Baseball’s 1,224 players by passing their names through Google and adding the word screensaver. Search results were enhanced by our database of 4.5 million Web safety ratings.

Searching for screensavers for Bonds, Jeter or Pujols and clicking on one of the results will give a PC a .600 "Earned Risk Average" (ERA) – in other words, a 60% chance of landing at a dangerous site. Josh Fogg of the Colorado Rockies is the only player to score higher, with 75% of his results tainted by sketchy behavior and software. Nearly three hundred players scored 30% or worse. The average ERA for the entire league was 18%.

The tech community knows that screensavers are prime candidates for adware bundles. The average Web consumer, however, is being taken advantage of. According to Yahoo's keyword selector tool Yahoo! had roughly 3.5 million searches in May for "screensaver," "wallpaper" and related search terms. Given that Yahoo accounts for 23% of all searches, an estimated 15.1 million total searches for these desktop visual enhancements are conducted each month.

How unsafe is it to search for your favorite player? Find out the stats in McAfee SiteAdvisor’s All-Star Game of Spyware Survey.

Permalink | TrackBacks (0)

FIFA's greatest players and teams ranked by the danger of their screensaver searches

Angola may have lost in Round 1 of the World Cup of Soccer, but it's the winner of the most dangerous team in the World Cup of Spyware. That's our finding after running each of the World Cup's 736 players through our database of Web safety ratings and averaging the team roster's results.

We know that spammers and spyware vendors follow consumer trends closely, from American Idol to summer blockbusters, but those are largely U.S. phenomena. We wanted to know what level of online risk was faced by fans of a global event like the World Cup. Sadly, we were not disappointed.

How does your team rank?

We began by searching Google for each of the 736 World Cup players. Along with the player's name, we added the phrase 'World Cup Screensaver'. Then, we crossed Google's search results with SiteAdvisor's own database of safety test results of more than 3.9 million of the Web's most popular sites. The results for dozens of players yielded 30% or more risky sites. We performed the same exercise for all teams and found 11 with dangerous site percentages in the double digits.

You might be surprised how some of the teams and players ranked in our study. Want to see the full results and find out how your home team scored? Get all the details in our World Cup of Spyware Survey.

Permalink | TrackBacks (0)

The 10 Most Dangerous Summer Movies to Search For

Steven Spielberg accidentally invented the "summer blockbuster" in 1975 when Jaws unexpectedly grossed over $100 million within the first month of its release. Since then, the major movie studios have increasingly relied on the summer season to release their biggest, and they hope, their most profitable films.

As consumers flock to the Web to learn more about this summer’s "event" movies, we decided to see if the scammers and spammers had followed. So, do any of this summer’s biggest names contain any hidden computer dangers? We searched Google for the titles of 37 summer ’06 blockbusters plus the word "screensaver" and calculated the percentage of risky site links returned on the first page of search results. We also performed similar screensaver searches for 48 of these films’ leading actors.

Sure enough, we found plenty to watch out for, including screensaver sites that lead to spyware, spam and other online nuisances. The right screensaver can let the fan savor his or her favorites all summer long. The wrong ones, well, let’s just say the movie may have come and gone, but the PC complications could last indefinitely. What follows are the 10 most dangerous summer blockbusters, and the 10 most dangerous blockbuster actors.

Danger lurks in Miami

Most Dangerous Summer Blockbuster: Miami Vice

It may be dangerous working as an undercover cop in Miami investigating murder and drug trafficking, but it’s also dangerous searching for a Miami Vice screensaver. 53% of first page Google search results are rated red or yellow by McAfee SiteAdvisor. First page search results include screensavers.com, which hosted risky downloads when we tested it, tv.org, which charged a customer service fee for free software, and desktopland.com, an aggregator of desktop downloads which linked to many red sites. Fans eagerly anticipating the July 28 movie release may want to exercise caution wallpapering their PCs with this 1980s revival.

Searching for screensavers of the film’s leading men Jamie Foxx and Colin Farrell can also put adoring audiences at risk. Foxx and Farrell’s search results were 42% and 43% risky, respectively. Colin’s search included godesktop.com, where, in our tests, many downloads came bundled with Acoona Search Assistant and New dot Net. If you must get your fix of Foxx and Farrell, try their official fan sites here and here, both of which tested safe.

Careful what you click for

In the soon to be released movie Click, Adam Sandler receives a magical remote control that lets him manipulate life as if it were a recorded TV show. This remote would definitely come in handy when searching for a Click screensaver. Our search returned 50% risky sites, including galttech.com, where downloads might install 180Solutions, Zango, WhenU, Global Search Toolbar, or eZula. With such high odds of stumbling onto a risky Web site, the rewind button would certainly prove invaluable to users’ PCs.

What do a wrestler, a radio show and a secret agent have in common?

Seeing Jack Black sport a skin-tight wrestling costume in Nacho Libre may be a rather scary experience, but viewers have little to fear when searching for the film’s screensavers. Nacho Libre, along with A Prairie Home Companion and Mission: Impossible III, are among the safest summer blockbusters. Oddly enough, The Omen, which promises satanic horror, and DOA: Dead or Alive, which is full of violent fight scenes, are two other safe bets according to our May 2006 tests. And while Vince Vaughn and Jennifer Aniston may threaten each other in The Break-Up, a search for the romantic comedy’s screensavers poses little threat to viewers’ PCs.

Most Dangerous Actor in A Summer Blockbuster: Uma Thurman

Starring in My Super Ex-Girlfriend, Uma Thurman takes the title for most dangerous actress in a summer blockbuster. 73% of her first page screensaver search results are rated red or yellow. In her up-coming movie, Uma plays a love-scorned superhero who uses her superpowers to make her ex-boyfriend’s life a living hell. Uma’s screensavers could have similar effects on fans’ PCs. When we searched for “Uma Thurman screensaver,” our search results included bad linker alwaysgirls.com, which directed us to an Uma Thurman screensaver from ezthemes.com. Take a look at the installation process:

Hmmm...was this screensaver worth it?

Other search results also included tierranet.com, which similarly linked to red download sites, and eforu.com, which breached browser security on our test PCs. Watch out boys- Uma’s dangerous.

Close behind are Hilary Duff (Material Girls) with 69% risky search results and Lindsay Lohan (A Prairie Home Companion) and Sandra Bullock (The Lake House), who tied for third at 64%. Apparently this season’s leading ladies pose a greater risk than the leading men: the first male to make our list, Kevin Spacey (Superman Returns), doesn’t come in until number seven.

Little to fear

Funnyman Shawn Wayans, starring in Little Man, wins the safest actor award: there were no dangerous search links in his screensaver search results. His character may be in danger when he mistakes a vertically-challenged criminal for his adopted son, but, luckily, his fans have little to worry about.

Danger is my middle name

So what makes one movie or actor more dangerous than another?

We could imagine that Uma Thurman and Sandra Bullock’s long and successful careers lend themselves to multiple avenues of attack. But relative newcomers like Lohan and Duff yield roughly similar numbers of unsafe sites. Likewise, Miami Vice might owe some number of its unsafe results to the long reach of the television series. Yet many of the other films in the top 10 are new material.

We do know that the bad guys follow what’s popular. We wonder if they can also predict what will be popular. We invite you to speculate as well. What makes a celebrity or movie ripe for exploitation? Looks, success, gender? Whatever the reason, one thing is certain: this is a real problem.

Viewer discretion advised?

This story is about more than a "top 10" list. It’s about how unscrupulous players profit when they convince movie lovers to make unsafe Web decisions. It would be easy to dismiss this issue with a simple admonition, "Don’t download a screensaver." But there are many safe alternatives to the sites mentioned here. In fact, there are plenty of good Web sites that allow people to safely express their fandom. Take a look at SiteAdvisor's category review of screensaver sites for some safe options. Like the sunscreen that allows a beachgoer to enjoy the day, SiteAdvisor’s safety ratings can guide you to safe Web site choices and help prevent your PC from getting burned.

Permalink | TrackBacks (0)

Five Examples Of Smiley Sites That Make Us :(

Over the last few months, we’ve heard from a lot of parents who ask us how spyware and adware end up on their family computer. A typical lament: “I just go to Amazon and Citibank, so why am I seeing pop-ups for Adult Friend Finder?” Parents, we have an answer – your teenager.

One of the benefits of testing so much of the Web is that we’ve developed a good sense of where the bad guys concentrate. And smiley sites are one of those dark alleys. For those of you who don’t know, smileys (aka emoticons) are graphic punctuation marks that people use to add emotion to their text communications, whether IM (Instant Messaging), SMS (mobile phone texting) or plain old e-mail. Now, who does the most IM’ing in your house? Yup, it’s your teen. What follows are five smiley sites that will leave you and your computer frowning. But first, a little background.

ComScore Networks estimates that a whopping 69 million Americans use instant messenger software. AOL, Yahoo! and MSN are the most common providers.

(Source: http://elouai.com/icq-smiley.php)

Unfortunately, many smiley packs, often accessible as a free download, contain unrelated programs that harm users’ computers. SiteAdvisor tests show that spammers and adware distributors often find new users by offering “free” smileys. Fortunately, there’s still reason to smile. Free smiley downloads are available without Web safety threats. More on those later.

Navigating the Spyware Minefield

How do your kids get smileys in the first place? The major IM providers include a default set, but these get old fast. You can imagine the exchange: Jane IM's John: “Cool smiley. Where did you get it?” John IM's back. “Don’t remember. It was free on Google.” Jane searches Google for “free smiley.” The next thing you know, Jane’s installing a piece of adware with the pack of emoticons. Just how risky is that search?

Of the 20 links on this result page, eight (40%) point to sites that SiteAdvisor rates yellow or red. If Jane picks a random site from this list, she faces a 40% risk of infection. Do two such searches and the risk increases to 64%. Three times, 78%. So for useres making a series of unsafe searches, it's not unusual to find the family computer hosed.

Too Hot to Handle

The word “free” occurs six times in the ad page above. But Hotbar is hardly free. By default, Hotbar “enable[s] keyword search in Internet Explorer['s] address bar,” changes the IE search assistant to something called “ResultsMaster,” installs ShopperReports (a “FREE and easy-to-use comparison shopping tool” that shows auto-opening sidebar advertisements), and adds a weather bug from the Weather Channel.

The three license agreements (Hotbar, ShopperReports, and The Weather Channel) presented during the Hotbar install total 9,514 words - more than twice the length of the U.S. Constitution. And that’s not all. Along with garden variety pop-up ads, our Hotbar installation showed us sexually-explicit ads as we browsed family-friendly content – including ads from from SexSearch.com and Passion.com while we browsed sites like MSN.com.

Frozen Smiles

Popular screensaver and emoticon provider Freeze.com delivers an installation with a dizzying array of add-ons and signups. Clicking on one of their search engine ads re-directed us to a page that required our e-mail address and presented us with 13 unrelated commercial offers including deals from Cheapflights, Walmart, and Colgate.

Freeze’s chill runs even deeper. Its install sequence made Freeze.com our home page and installed WhenU’s SaveNow, Newdotnet with Quick! Search Assistant, Desktop Weather by The Weather Channel and the Yahoo! Toolbar.

And what about that e-mail registration? When we signed up at Freeze.com, we received 94 very spammy e-mails per week. What kinds of e-mail are your kids signing up for? Here are some headlines from our Freeze.com inbox:

Yikes.

The 'Must Accept Nonobligatory' Installation

Sherv tells its users that they 'must accept the EULA before installing' the smileys. At the same time, users are also told that installation is “nonobligatory.” We suspect nine out of 10 teenagers are unable to parse this Orwellian locution. Frankly, we still don’t understand what it means. When we tried to decline, we received this image:

Emotional Wreck

The first thing we saw when downloading EmoInstaller was a poorly explained dialogue:

Later in to the process, 180Solutions (Zango’s maker) was somewhat more forthright (“…because it’s paid for by advertising”). Unfortunately, 180 pre-checked the box for “I am 18 or older.” We don’t imagine there are a lot of teenagers who would ever say, “Oh well. Guess I’m not old enough to have smileys.”

Exit Stage Left?

Claria, provider of the GAIN adware client, recently announced it was exiting the adware business entirely. Claria’s GotSmiley site didn’t come up as a paid result when we searched for ‘smiley’ or ‘emoticon,’ but the homepage still exists as of the time of this writing and still bundles the GAIN client. SiteAdvisor will continue to track practices at Claria and GotSmiley.

Can't Smile Without You

As with so many categories where we find a lot of red rated sites, there are plenty of safe places to get smilies. Here are some options categorized by IM application.

• Yahoo! Messenger – SmileyUtility is free of charge and unrelated software.
• MSN Messenger - Emoticons Plus 3.1 is free to try for 30 days, but costs $20 to buy.
• AOL Instant Messenger – The AIMFace Web site offers 500 free emoticons. Our e-mail registration did result in six e-mail newsletters per week.
• AOL Instant Messenger -- RunABot offers 1,000 free smilies and doesn’t require an e-mail registration.
• IRC – Try out IRC Ice Chat for some cool smiley graphics.
• Trillian - Free instant messenger software that handles screen names from some of the most popular IM software providers.
• GetSmile – GetSmile’s download is free forever, as long as you don’t mind the word “demo” in the upper corner of each emoticon graphic. Getting rid of that costs $20.

Permalink | Comments (8) | TrackBacks (1)

A quick update: on April 25 we posted the initial results of the Web’s first ever “Spyware Quiz”. A week and a half later, the number of quiz takers has jumped from 14,000 to over 97,000 (thanks in part to a mention on techie news site Slashdot) but quiz scores have remained consistently poor. The test, which asks users to identify the safe sites in popular categories (screensavers, smileys, free games, lyrics, and file-sharing applications), continues to confirm that users have an extremely difficult time distinguishing between safe sites and sites littered with spyware. Our test, which required users to judge safety based on the site’s appearance, illustrates that appearances provide little indication of site safety.

• An alarming 96% tagged at least one dangerous site as safe.
• The average user got 5 out of the 8 questions correct, or a score of 63%. Not exactly a grade to tack up on your fridge.

The lyrics question continues to prove particularly difficult: only 26% of quiz takers correctly identified azlyrics.com as the spyware-free lyrics site. Sleek looking blubster.com also tricked many users into thinking its p2p program is safe: 40% of quiz takers got this question was wrong. Blubster’s home page may appear clean, but its download is anything but.

More recent quiz takers did perform better at identifying eMule as a spyware-free file-sharing application. Our initial results revealed that only 39% of quiz takers got this question right while our latest results find that 51% of quiz takers answered correctly. This is likely due to greater familiarity and usage of eMule among frequent Slashdot readers.

These latest results further emphasize the dangers users face when searching online for free downloads. Appearances deceive. No matter how sharp a site’s design may be, spyware could be lurking beneath the surface. Even the most experienced Internet users may fall victim to being fooled into thinking a dangerous site is safe.

Some test takers complained that they know enough to avoid these categories entirely and that others should too. A safe practice, no doubt. But not necessary. There are many safe alternatives, even within categories that attract adware and spyware. Others said the test is flawed because the taker is asked to judge site safety solely by its appearance. We submit that this is exactly what most users do, including many Web experts. To the users who say they carefully perform their due diligence at every site before downloading, we support your caution, but we believe that for the vast majority of the browsing public, we don’t think that it’s reasonable to expect users to always have to spend an extensive amount of time investigating a site’s practices. That’s why SiteAdvisor’s done the digging for you- there are plenty of safe download sites out there and we want to make it easier for you to find them.

Permalink | Comments (1) | TrackBacks (0)

In 2006, you know you’re famous when your face has been immortalized as a screensaver and is cascading across the screens of millions of PCs worldwide. The extensive selection of screensavers celebrating the wildly popular reality show American Idol exemplifies the celebrity status of the top ranked contestants.

With the aid of a search engine, doting fans can easily find and download screensavers of their favorite Idol hopefuls. But searchers beware. Indulging your desire to create a desktop shrine to your Idol obsession could be extremely detrimental to your PC. Screensaver downloads are notorious for bundling intrusive spyware and adware programs that clutter your PC, slow your system’s functionality, invade your privacy, and serve annoying pop-up advertisements.

Not all searches for American Idol screensavers are created equally, however. Some contestant screensaver searches pose much more risk than others. So who’s the most dangerous American Idol hottie to search for?

Avid American Idol watchers ourselves, we had to find out. We searched Google for the names of top twelve American Idol contestants plus the word screensaver and calculated the percentage of dangerous site links returned on the first page of search results.

And the most dangerous Idol is…

Searching for screensavers for quirky gray-haired Taylor Hicks, still in the running, produced the riskiest results: 46% of first page search results came back red. Recently booted Colorado stud Ace Young came in next with 36% red search results and Bucky, Kellie, and Lisa all followed at 27%.

Percentage of red screensaver search results for American Idol’s top 12 contestants

The safest search was for Melissa McGhee, yielding 0 unsafe results. Her popularity plummeted in mid-March when she was voted off after forgetting the words to Stevie Wonder’s “Lately.” She may have been the first of the top 12 to be sent packing, but she won our screensaver safety contest. Her parents must be so proud.

The most frequent offending link was screensavers.com, which appeared in search results for 8 out of the 12 contestants. Just read our user comments for the site and you will want to stay far away. One user’s one-word summary of the site: “Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.” Ezthemes.com and starpulse.com, two other sites with risky downloads, each showed up in one third of the contestant searches.

Parental Advisory: Explicit Web Sites

Our search for hunky Ace was particularly colorful. The second search results took us to azter.com, a site offering risky downloads galore and some rather sexually explicit content (perhaps inappropriate for Ace’s younger audience?). In addition to red rated spyware sites, Ace’s searches also yielded spammy ohmygoodies.com (coincidently another adult-themed site) as the fourth result. After entering our e-mail address on this site, we ended up with a whopping 1401 e-mails per week! We love you Ace, but we’re not about to venture onto these sites for you.

The Dangers of Idol Worship

A Google search for Taylor Hicks Screensaver returned 46% red sites.

American Idol has certainly become a national phenomenon. Each week over 30 million addicted viewers tune in to watch aspiring rock stars and divas sing their hearts out in the hopes of achieving the American dream. Unfortunately the purity of contestants’ passion and ambition is tainted by the greed of sketchy businesses who swiftly hop on the bandwagon to take advantage of the show’s success. Malicious activity finds a way to exploit any popular craze, and even wholesome entertainment is ripe for rip-offs.

But unlike scavenging paparazzi that plague celebrities with never-ending scrutiny, unscrupulous Web sites victimize the fans too. Fans are especially vital to an American Idol contestant’s success, so it’s rather unfortunate that adoring viewers get punished with spyware and spam after innocently searching for their favorite performer. But rather than shy away from your search completely, let SiteAdvisor’s ratings steer you away from the Web’s dark alleys and guide you to safe venues where you can Idol worship without fear.

Permalink | Comments (1) | TrackBacks (0)

In March, SiteAdvisor challenged Web citizens to test their ability to detect nasty downloads with the Web’s first ever “Spyware Quiz.” One month and 14,000 tests later, the results are clear: 95% of us are just 1 click away from unwittingly infecting ourselves with spyware, adware or some other piece of unwanted software.

Spoilers Ahead

Still haven’t taken our quiz? You may want to check it out before reading on, as we’re about to give away some of the answers. (We’d hate to spoil your fun.) Take SiteAdvisor’s Spyware Quiz.

Our quiz set out to determine how adept users are at visually detecting the presence of intrusive downloads on a site. The test asked users to identify the safe sites in popular categories (screensavers, smileys, free games, lyrics, and file-sharing applications) which are notorious for distributing spyware and adware.

The results indicate:
* Nearly every user (95%) was fooled into thinking at least one dangerous site was safe
* Based on their choices, a majority of users (65%) would have been infected with adware or spyware many times over
* Visual cues which tricked the most quiz takers included the presence of national advertisers and a clean, uncluttered design

Sooner or later, a less than perfect score will getcha

A mere 3% of quiz takers received perfect scores. The average was 4.7 correct answers out of 8, or 59% correct, suggesting that typical users will fail to accurately assess the safety of Web sites 41% of the time.

User Scores: Most users correctly answered between 4 and 6 questions.

Overall, 95% of users made assessments that, in the real world, would have landed them at an unsafe site. It only takes one wrong decision to clutter your PC with intrusive spyware and adware. So even if you have a high Spyware IQ, there’s a good chance that sooner or later you will end up on a malicious site without knowing it.

Ordinary users are clearly at risk from spyware and adware. But so are sophisticated users. Consider a user who correctly identifies risky sites 88% of the time. (That’s the 88th percentile in our data; only 12% of our quiz-takers got one or zero questions wrong.) Let’s run the numbers to see how long such a user can expect to stay safe.

If a user correctly avoids unsafe sites 88% of the time, then that user has only a 77% chance (88% x 88%) of answering correctly twice in a row. After three choices, it’s 68% (77% * 88%). So far, the odds are still pretty good. But the average Internet user makes 43 searches every month. After 30 days, a user’s chance of still being uninfected is just 2.2%. After 45 days, it’s 0.3% - less than one in three hundred.

It’s easy to poke holes in some of the assumptions above (and we’re happy to start). For one thing, searchers don’t only look in dangerous categories such as the ones in our quiz, so they probably won’t be quite as much in danger as we’re implying. On the other hand, the categories we chose are, in fact, extremely popular, and receive tens of millions of searches monthly. According to Yahoo’s keyword inventory tool, the 100 most common variants of the search term “lyrics” received 5.5 million searches in February 2006. Variants of the search term “Kazaa” received nearly 7 million.

The real takeaway is simply a mathematical fact: if you’re not perfectly clairvoyant about Web safety 100% of the time, your repeated decisions are going to put you at a risk approaching 100% as time goes on. That time will be longer for some people and shorter for others depending on their browsing behavior, but the end result is the same.

Users’ ability to judge safety varies widely

It Had to Be You…

The first four questions presented users with pairs of sites and asked them to pick which one of the pair was safe. Users had the most difficulty distinguishing between the two lyrics sites: only 28% of quiz takers successfully identified azlyrics.com as the safe site.

                  anysonglyrics.com                                               azlyrics.com

Perhaps the simplicity and clean look of the anysonglyrics.com home page made it look safer. If so, looks can certainly be deceiving. It turns out that in order to view the contents of anysonglyrics.com, you must agree to an ActiveX installation that bundles the Zango Search Assistant and Zango Toolbar. Users may also be confused by the superficial safety of viewing lyrics: Unlike screensavers and smileys (which by their nature require downloading and installing new programs), lyrics can be viewed inside an ordinary web browser, with no program downloads. Unfortunately, lyrics sites can still be unsafe: ActiveX can install unwanted programs, without users realizing they’re installing anything at all. Finally, we wonder whether advertising from well-known brands like Circuit City and Monster.com served to legitimatize the anysonglyrics.com site.

Beasts of Burden

Our final four questions asked people whether various file sharing sites bundled unwanted software. More than half of the test takers did not realize that the eMule file-sharing application is adware/spyware free. 62% of users answered this question incorrectly. BearShare, Blubster, and Kazaa (the three other file sharing programs we tested) all include adware, but eMule does not. 62% of quiz takers mistakenly tagged Blubster as safe, likely driven by the site’s clean, simple “Skype-y”design.

eMule: a spyware-free file sharing program

BearShare, Blubster, and Kazaa all come bundled with spyware.

A Reason to Smile

People exhibited the most spyware knowledge when choosing between smiley sites. 75% of quiz takers correctly classified getsmile.com as safe. Interestingly enough, the remaining 25% selected smileysource.com despite text on the home page stating that downloads include Best Offers Network software which “will collect information about websites you access and will use that information to display ads.” Clearly it’s easy for Web surfers to miss the fine print.

smileysource.com getsmile.com

Is Abstinence the Only Solution?

Some test takers posted blog comments saying they did not trust either site in our pairings, declaring that the best answer is to avoid sites in these categories altogether. Certainly such avoidance lowers your risk factor, but our findings show that total abstinence is unnecessary if a user has the right information. As we said in a previous blog entry, “the instinct to run from “free” sites is generally a good one, but with SiteAdvisor, you actually CAN find the good, safe and free stuff that’s out there on the Web. Part of why we created this test was to show that even in categories of sites that people consider dangerous, there are actually plenty of upstanding, safe sites.” Our goal is to provide users with information so they can safely take advantage of all the Web has to offer without having to limit themselves.

We know it was a tough test; it’s not easy to judge a site’s safety just by looking at it. But that’s the point. Bad sites are often very good at providing an aura of safety. So no matter how knowledgeable or perceptive you are, you can’t always rely on your instincts. SiteAdvisor can help stop you in your tracks before you stumble onto a dangerous site, and it can also help pave the way to discovering safe venues you might otherwise pass over.

Permalink | Comments (43) | TrackBacks (0)

Can you sniff out the presence of spyware on a Web site? Can you tell when a download is about to bombard your PC with spyware or adware? Take SiteAdvisor’s inaugural Spyware Quiz, and find out if you’re a High Risk User or a Safety Guru when it comes to detecting the presence of nasty downloads. No matter how Web savvy you think you are, there’s a very good chance you’ll be fooled by at least some of the sites we show on our quiz.

Our quiz is intended to be a light-hearted test, but as anyone who’s been infected by spyware will attest, there’s nothing funny about what it does to your PC. And since Web sites that offer spyware will often mimic the design of trusted Web sites, it’s very hard to know what’s safe or not by looks alone. For this first quiz, we picked sites in popular categories (screensavers, file-sharing applications, free games, lyrics, and smileys) which are notorious for distributing spyware and adware.

We want to give credit to MailFrontier, whose 2004 Phishing IQ test provided the inspiration for our quiz. And our hats go off and our links go out to the many bloggers who helped improve all of our phishing intelligence when they blogged about the Phishing IQ test:

CNET
Don Crowley
Ed Bott’s Windows Expertise
Lifehacker
the LOOSE wire blog
Mercury News Blog
somefoolwitha.com
The War On Spam
A Welsh View

Like MailFrontier, we hope to elevate consumer understanding of how hard it is to know what's legitimate online.

Think you have more spyware know-how than your friends and family? Invite them to take the quiz (www.siteadvisor.com/spywarequiz) and see how they measure up. The quiz doesn’t take more than a minute or two, and your results may surprise you. Good luck!

Permalink | Comments (7) | TrackBacks (4)

The safety of Web sites can be fluid. Let's say we find a safety issue and rate a site red. Then the site cleans up its act. We test again, find everything is ok, and rate the site green. These instances couldn’t please us more -- we encourage Web site owners to review our site analyses and to take action to make their sites safer. We've blogged before about how the Web site owner of lionking.org improved his site’s e-mail practices and caused his site’s rating to go from red to yellow. (As soon as our re-testing is complete, we presume the site will earn a green rating.) We’re eager to see other sites use our safety ratings to identify problems and improve their sites.

But it can take time for sites to really come clean, so ratings rarely change overnight. Sometimes safety improvements take time to be effective (as in the case of the lionking.org) and sometimes surface improvements don’t fix underlying problems. For example, eliminating a bad download requires more than simply removing a site’s link to the download. The download may no longer be directly accessible by clicking around the site, but that doesn't mean that it can't be accessed by average Web surfers.

As an example, let's look at the Web site of Katholieke Universiteit Leuven, a University located in Belgium (SiteAdvisor Analysis: kuleuven.ac.be). The site originally earned a red rating from SiteAdvisor due to a download which bundled an invasive browser plug-in. The Web site owner and loyal students immediately expressed their concern about our site warning. The Web site owner quickly informed us that as a result of our analysis, he had removed links to the questionable download from the site. Very encouraging.

Now You See it, Now You Don't. And Now You Do Again.

At first glance, the problem download did indeed appear to be removed from Katholieke Universiteit Leuven's site. Manually clicking around the site, we couldn’t find it. But our bots did. Lurking beneath the surface, the download was still alive and well. So, our rating for K.U. Leuven remained red.

Now what’s really the harm of a hidden download? If the site doesn’t provide an obvious link to it, does it really matter if it is still hosted somewhere by that site?

Yes.

You may not be able to find the elusive download through a link on the Web site, but there are other paths that could still make the download very much accessible:

1) The download has a unique address, so anyone who may know (or who bookmarked) the address can find it by navigating directly to it from their browser.

2) A search engine crawler may have found it and therefore it could still show up in search results.

3) Any number of other Web sites could be referencing and linking to the download even if the host site isn’t.

So, as long as the site is still hosting the download, the site remains accountable for the download’s safety.

After clarifying our methodology with K.U. Leuven’s Web site owner, he promptly removed any trace of the download in question. Our subsequent analysis confirmed the download’s disappearance and determined the site to be safe. It’s now rated green.

Ghost in the Machine

Like K.U. Leuven’s Web site owner, many site administrators may not realize that their sites are still haunted by the ghosts of downloads past. Jay, a concerned member of the support team at WeatherBug (SiteAdvisor Analysis: weatherbug.com) alerted us that our download analysis of WeatherBug’s site included Weatherbug version 5.02, a version that he claimed was two years out of date and no longer offered. This older version of WeatherBug’s software caused the site to receive a red SiteAdvisor rating. The newer version, which includes the MyWebSearch toolbar but was otherwise free from safety issues, would have caused the site to receive a yellow rating.

Apparently, while not explicitly offered on WeatherBug’s Web site, the older version of the download still existed somewhere on its domain. Once again, even though there were no direct links to the download from WeatherBug's site, the red culprit could still be accessed by others. After realizing this, WeatherBug removed the offending download, and the site’s rating is now yellow.

Time for Some Spring Cleaning?

The Web changes quickly, but it can also create nearly indelible footprints. Once you put something out there, it can be found and referenced by any number of other sites. Cleaning up your site requires more than simply sweeping links under the rug. So, roll up your sleeves and give your site a good scrub of any download ghosts, particular those which may have been of somewhat ill-repute. And if our safety ratings can help you identify where in the attic to look for those ghosts, that's fine with us. We’re suckers for happy endings.

Permalink | Comments (3) | TrackBacks (2)

It is the software with a million names: Spyware. Adware. Contextual advertising software. Behavioral targeting code. The ungainly but lawyerly Potentially Unwanted Program. Malware.

I’m not raising the nomenclature issue to be flip. Being labeled “spyware" can mean millions of dollars in lost revenue for a program’s publisher. Labeling something “spyware" can mean millions of dollars in legal fees for the one doing the labeling. The money issue alone makes these important debates to have, no doubt.

But for the average Web consumer, all this name calling is supremely unhelpful. When a user is facing a download decision, he just wants to know whether it’s going to muck up his machine. This spring, SiteAdvisor set out to develop a way to alleviate the mystery (and the misery) that goes along with these decisions. 100,000+ tested downloads later, we think we’ve got something that will really help the average Web user. In fact, when it comes to popular downloads, we believe we’ve got the only truly objective, comprehensive dataset on what they do to users’ computers.

Testing, Testing, One, Two, Three
Before I can tell you how we test downloads, I need to tell you what downloads we test. For SiteAdvisor purposes, a download is a program which can make your computer do something significant. In geekspeak, we look for executables like exe’s, scr’s and msi’s. Compressed files are also extracted and scanned for executables.

Now there are lots of files that can be downloaded that we don’t test for. At least not yet. For example, we don’t analyze audio or video files or Microsoft Word documents or graphic formats. So we’re not testing Jane’s resume or John’s photos from his trip to the Grand Canyon. If you think there’s a file format we should be testing, let us know. And if there’s a specific download you’d like us to test, if you’re curious about an untested download from MyFavoriteGames.com, for example, submit the link by going to their SiteAdvisor summary page.

Mount Up, Troops
So, on to the tests themselves. Once again, our ‘bots take center stage. Every day, thousands of times a day, our brave digital warriors power up their PCs and go forth to expose themselves to the best and worst the Web has to offer.

Once we find a program to download, we install it onto a “clean" PC. What’s a clean PC? SiteAdvisor designed a system using "virtual machines" that allows us, in effect, to use a "new" computer once and only once to test one and only one download. This way, we are absolutely certain that whatever happens to that machine can only be the result of that one software installation.

How bad is it, Doc?
After we find and install the program, we run the computer through a series of tests, measuring and documenting our findings at each step of the way. Essentially, we’re taking the computer’s temperature. Is it sick? If so, how badly?

With the program running, we put the PC through its browsing paces, visiting a series of Web sites selected because they’re popular and because they’re the kind of sites (i.e. travel, financial, gaming) that commonly trigger advertising. We also look for and document whether our browser settings have changed. For example, have our home page or search engine defaults been reset? Our goal is to show you how your browsing experience will be affected if you install the software in question.

We also summarize the download’s overall impact on a computer by displaying its 1-to-10 Nuisance Score. The one above is for an Aaliyah screensaver we downloaded from EntertainmentWallpaper.com. The Nuisance Score is SiteAdvisor’s proprietary synthesis of all the data we’ve collected on a download. It’s an at-a-glance guide to help you decide whether to download a program. Low scores result from minor nuisances like changed home pages. Higher scores result from bundled things like adware or viruses. Bundling more than one low-score nuisance can push a rating into the red zone as well.

You talking to me?
Often, malicious or annoying software can be identified by its digital "signature," the unique changes it makes to a computer's operating system. Since we use new computers for each download, our system registry always starts clean. If we detect any changes made there or to our system files, we show you every addition, deletion and modification. ScenicReflections offers a "Soothing Sunsets" screensaver, for example, that may look quiet on your monitor, but behind the scenes, it's anything but.

Likewise, SiteAdvisor watches and documents which network servers are contacted by the downloaded program. The presence of network traffic alone does not signal badness. It’s which servers are being called and how many of them are associated with malware. Again, the goal of this data is to give you a common sense check against software that takes "liberties" with your Internet connection. For example, we downloaded one program that contacted more than 50 servers.

Best Face Forward?
Like my email blog earlier in the week, this is another long piece of writing, but I had a lot of ground to cover. I hope it gives you a good sense of how we arrive at our test results for program downloads. One question that I get a lot is whether our ratings ever change. Some people point to the noise being made these days by contextual advertising companies who claim they’re cleaning up their acts. One of the great things about working here is that we can put those claims to the test. But that’s for the future.

--Shane Keats

Permalink | Comments (14) | TrackBacks (0)