Yahoo, McAfee to warn users of dangerous websites

Websites suspected of spreading malicious programs or spamming and phishing campaigns will be highlighted in search results.

Your next search on Yahoo may include a friendly warning.

The concern is if users become overly reliant on these kinds of results they may still end up going to dangerous places.
Rich Mogull,
principal consultantSecurosis

You don't need to conduct a search to know that the Web is the prime vector for spreading malicious code, from Trojans to keyloggers. Millions of dangerous sites, often optimized for searches, await to deliver drive-by downloads of trouble, whether you are doing business research or casually surfing for free games at home, in a coffee shop or on a break.

The warning on links to suspect sites, powered by McAfee's SiteAdvisor, will tell you to proceed at your own risk of getting malicious programs or giving your email address to be shared with spammers and phishers. The Yahoo-McAfee partnership, branded as SearchScan, launched in beta today to help protect users, who may not suspect their exposure until its too late.

"I think they are moving in right direction. These kinds of moves help a little bit at least in making some of the obvious things a bit safer for users," said Rich Mogull, a former Gartner analyst, now an independent consultant and founder of Securosis, observing the state of Internet security for major search engine providers and online vendors.

"I don't think this is a problem any of them can solve," Mogull said. "The concern is if users become overly reliant on these kinds of results they may still end up going to dangerous places."

Infected websites, zombie PCs:
Researchers uncover tool used to infect websites, spread malware: An analysis conducted by the SANS Institute's Internet Storm Center uncovered a utility designed to perform automated SQL injection attacks against websites and spread malware.

Botnet disruption raises ethical concerns among researchers: Researchers studying the Kraken and Storm botnets have the ability to issue commands to zombie PCs shutting down the armies, but they may not be justified to issue those commands.

SQL injection attack infects hundreds of thousands of websites: Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets.

Reasoning that most Web sessions start with searches, Yahoo believes enhanced security is essential to protect its users and shore up confidence in online commerce. A bright red icon warns them of the nature of the suspected threat "Warning: Dangerous downloads" or "Unsolicited emails". Running your cursor over the warning provides additional explanation and information; a discreet green shield icon in the upper right corner of the search page tells you about SearchScan.

"Getting this launched is really crticial to keeping the Internet on its growth track," said Priyank Garg, director of product management for Yahoo Search. "This can help to go a long way to making consumers feel more truasted and feel safer when they're interacting with Web sites."

SearchScan does not include all of SiteAdvisor's features, including the ability to help detect compromised legitimate websites. That requires a full version of the product or one of McAfee's other desktop security products that include it.

SearchScan is the most recent move by Yahoo to improve its users' security. In October, Yahoo annoucned it was rolling out signature-based email authentication to all Yahoo Mail users, specifically to verify mail for eBay and PayPal, among the leading targets for phishing scams.

Yahoo said its user research shows flagging user confidence in ecommerce, and hopes initiatives like SearchScan and DomainKeys will help restore that confidence and give it a competitive edge against the elephant in the room, Google.

"Our goal is to be the search engine that users love and can trust to get from 'to-do' to 'done' on a daily basis as they use search," said Garg. "Our web expertise and McAfeee's security expertise and will provide the best protection users can find, and that will be differetiating experience for users in this space."

While praising the effort, Mogull says the evidence is that while users say they are concerned about security, they are conducting more and more business online every year. And, he is less than confident SearchScan or improved Web security--user polls notwithstanding--will translate drive business to Yahoo.

"It's a great move, but don't expect to change business," he said. "We have not seen that security concerns have affected the choice of search providers that consumers use. It's the right thing to do, but I don't it will affect user [search] behavior."

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close