Thursday, August 21, 2008

"Web of Trust"

Got this in the mail:

=========

Dear Mr. Langa, I wrote to you several weeks ago introducing Web of Trust. We have begun a series of videos depicting what can happen to your computer if you visit a risky website, and I thought you may be interested. ..
Best regards,

Deborah Salmi
Web of Trust
www.mywot.com

[press release follows]

PC Doc Pro Lies! - Video exposes how this software reports fake errors to compel user to buy the product

August 18, 2008

You have probably heard about software tools that offer free scanning of your PC and reports fake errors to make you buy the product. Well, we wanted to actually see if this is the case, and decided to test one of these products, PC Doc Pro. We produced a video that shows you, in practice, what happened: http://www.mywot.com/en/online-threats/fraudulentsite

A clean installation of Windows Vista Ultimate has 572 problems!

We started with a clean install of Windows Vista Ultimate. PC Doc Pro scanned the system and found 572 problems, out of which 31 were severe! On a clean Windows Vista installation! Oh yes! The product fixes 50 problems for free, but to fix the rest, you need to buy a 30-day license that costs $29.95.

This is a good example of software that scares consumers by producing fake or false detection warnings. Misleading unaware computer users into downloading and paying for the "full" version of bogus software seems to be one emerging trend within the rogue software on the Internet.

Traditional security software doesn't provide protection

This type of scam cannot be detected by traditional security software, since the website as such doesn't necessarily spread malware that anti-virus or anti-spyware systems would notice. Preventive protection against fraudulent sites is provided by reputation based systems such as Web of Trust, WOT. WOT provides users a common platform where they can share their experience with websites and companies by rating sites and leaving their comments. This way the word about good and bad customer experiences will spread fast.

WOT, people –driven security tool

WOT is a people-driven security tool that warns Internet users about dangerous and suspicious websites. Site reputation data comes from the user community in combination with trusted sources such as listings of phishing sites.

WOT in brief:

· http://www.mywot.com

· Free add-on for the browser (Internet Explorer and Firefox)

· 900,000 downloads

· Safety ratings on 20 million websites

· Rating information for trustworthiness, vendor reliability, privacy and child safety

· Demo video: http://www.mywot.com/en/demo

· Screen prints, logos and photos: http://www.flickr.com/photos/mywot/sets
=============

OK, it's Fred here again.

I have mixed feelings about sites and services like these. (Internet Explorer's built-in "Phishing Filter" is another.)

I think they're great for beginners or people who can't or won't be bothered to learn how to safe-surf. You know, the ones who click on spam, send around scams, open attachments from unknown persons, or send on infected attachments to their friends....

But if you don't do those things, and if you use the normal precautions and safety tools (antispyware, antivirus, etc.), I don't think services like these can add much.

Plus, there can be downsides. Anything that sits in your PC watching what sites you go to is a potential risk to your privacy and security. Using these sites and services actually can have the effect of making you LESS safe, rather than more!

And, anything that sits in your PC watching what sites you go to is going to consume some CPU time and some memory. Is the benefit worth this cost?

I also have, um, philosophic issues with some of WOT's fuzzy ratings such as the "trustworthiness" of a site's content. WOT ratings are mostly based on user votes, so there's no real control over what "trustworthy" means. Imagine all the Fox News fans heading over to CNN to vote it UNtrustworthy, or all the MSNBC fans doing the same to Fox. WOT would faithfully tally and display those votes, but what do those votes really mean?

(Answer: Not much.)

For me, these tools serve no purpose, and may actually be a negative. (And that's why I turn off IE's Phishing Filter, too.) I'd rather make up my own mind, thank you.

I'll bet these tools also won't do you much good, if any.

But if you have one of those friends who click and download without a lot of care or caution, maybe they'd find it of benefit.


---Fred

8 comments:

  1. Reminds me of that great quote:
    "I'm from the government and I'm here to help you."

    Right.

    Where is that shotgun when ya need it?

    ReplyDelete
  2. I like being able to do a google-search and know what *not* to click on, which otherwise may not be so obvious (McAfee SiteAdvisor is another one) but other than that I agree with you, Fred. Now, if I could only be allowed to decide when to use those plug-ins (say, after a search,) instead of going through the gymnastics of disabling and enabling them, all would be well.

    ReplyDelete
  3. Fred,

    25 year IT veteran here. I agree with your view and logic 100%.

    ReplyDelete
  4. I used this for a while until I found the sites were rated by so-called "peers". Enough said. Good comment Fred.

    ReplyDelete
  5. Fred Langa,

    Thank you for publishing our news release. I would like share my comments on your posting regarding safe-surfing tools.

    Anti-virus approach is no longer effective against new type of online threats. Cyber crime methods are changing so fast that anti-virus suffers from the same syndrome as anti-doping: being always left one round behind the crooks. That's why security companies have long since started to develop reputation-based security systems. Mark Bregman, the CTO of Symantec, has written an excellent article on this topic: http://www.scmagazineus.com/Rethinking-virus-protection/article/109288/ . A new group of products have seen the light of day: WOT - Web of Trust, Siteadvisor, Trend Protect, Symantec Safe Web.

    We at WOT protect our users privacy as explained in our privacy policy: http://www.mywot.com/en/privacy. The system applies sophisticated patented algorithms in calculating website reputation based on user ratings and data coming from numerous trusted sources such as Phishtank, thus making it very difficult to game the system. The speed of WOT is so fast that you wouldn't notice any difference if you added it to your browser.

    The accuracy of WOT ratings is good, but one can always find individual sites where the rating is incorrect - the same applies to all of these systems. WOT's policy is therefore to listen carefully what our users say and react fast. As the user community grows, the quality of of the information will improve further.

    Safe surfing tools are an extra layer of protection. It depends on each individual's surfing style how much you need it. WOT provides Internet users a common platform where they can exchange their experience on websites and companies, making Internet safer for us all.

    Best regards,

    Esa Suurio
    CEO
    Web of Trust

    ReplyDelete
  6. I would guess most folks who read Fred's writings wouldn't need such a tool. But I know far too many people who click on everything, forward things they shouldn't, etc etc. For them, tools like these seem a good idea - if we could persuade them to use them - which we probably can't. Computers are all fun and games for them and are not about responsibility or good judgment or having to learn things. And this is why there are a bazillion zombies out there.

    But trying to change user behavior isn't the right way to approach this, in my opinion.

    ReplyDelete
  7. I disagree with some of the above. I read plenty about good/bad sites, and I also am careful about where I put my info. However, it's getting harder to spot right off which sites are dodgy. Services like WOT (which don't had much overload to the system as they are browser plug-ins) are an additional red-flag when surfing, especially if you're trying to shop around for a product. Of course we could all just go to the 'safe' big-name sites, but then that's hardly a great outcome is it?

    I don;t know too much about how these services work, but I did'nt think they particularly record where you've been--they simply inform you when you either visit a site or when you do a google search of dodgy sites. They could track you, but let's face it--if you want to go places where you don't want people knowing you go, then you don't need services like WOT!

    ReplyDelete
  8. Gee 522 problems in WINDOWS? REALLY? IT CAN'T BE REAL!

    It must be fraudulent - 522 errors in my registry that contains million of entries, nah...

    Clean Install - Fully patched. Windows is reallyreallyreallyreallyreally
    reallyreallyreallyreally stable. Yeah. Because I know how to "double click" - and that's all I need to know...so

    This dumb, dumb software is fraudulent - they want me to PAY. I have already payed for WINDOWS - AND THERE IS NOTHING WRONG WITH IT.

    Microsoft isn't fraudulent anyway - because they are ...big.

    But PC DOC PRO, is small. And they want... money... 522 errors is BS! BS I tell ya, because I open my moth and talk about things I don't understand.

    Folks... truth is...

    PC doc pro is an overpriced reg cleaner - it's no more fraudulent that an anti-virus software that "cleans" your computer, from "viruses".

    I tested it myself.

    Besides - Windows Vista has around 5000 problems on a clean install - fully pathed.

    But wot people know. Wot is the best. We have many people browsing fraudulent sites and we're really into democracy and nokia.

    ReplyDelete