Can you recommend some browser plug-ins to help alleviate the poisoning of search engine results (and are there any plug-ins to avoid)? Can plug-ins be pushed centrally, or should admins allow users to install them on their own?
Search engine optimization (SEO) is a legitimate practice to help elevate the ranking of webpages in a search engine’s results pages. However, it is also used by hackers to get webpages hosting malicious software ranked highly by search engines. Unsuspecting users are more likely to visit these malicious sites if they appear in the first page of results returned in a search. Search engine poisoning can also involve compromising legitimate pages that already rank highly in search results. The danger is that when a user clicks on the compromised page listed in the poisoned search results, they are redirected to another page that attempts to install malicious software onto their computer.
There are several browser plug-ins that effectively block access to known malware distribution and phishing sites. The free G Data CloudSecurity plug-in, for example, is available for Internet Explorer and Firefox. Another is Web of Trust, which tests sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing and online scams. Most AV products, such as McAfee and AVG, include a free plug-in that adds small site rating icons to your search results to alert you to potentially risky sites.
Most browsers also offer similar functionality right out of the box. Microsoft’s IE8 and IE9 use Microsoft’s SmartScreen Filter, while Firefox, Safari and Chrome rely on Google's Safe Browsing. These reputation-based systems search the Internet for malicious websites and flag their content accordingly. Browsers then request reputation information for any URL a user requests and present a warning to them if the content has been flagged as potentially dangerous.
I would not leave it to your users to install browser plug-ins. The risk here is they may not install the recommended plug-in or use their permission rights to install unapproved plug-ins. Browser plug-ins are often installed on demand as soon as you visit a site and want to view, for example, some interactive content. Malicious sites try to exploit this as a social engineering trick by convincing visitors they need to download a file, such as a missing video codec. Internet Explorer has a feature called Per-Site ActiveX, which -- by default -- only allows ActiveX controls to run if they are called by the site that originally installed them. Administrators can also control which ActiveX controls are allowed to run. Use Group Policy to configure these settings in both IE and Firefox.
This was first published in October 2011