From time to time someone will drop a URL link into a comment in my blog.
As a good Net-citizen, I feel it's my responsibility to check them (to the best of my ability) to make sure that any visitors aren't getting routed to some site loaded with malware or other objectionable content.
However, while there are tons of great anti-malware products to scan your system with locally, how does one check if a web-link is safe to visit, before you actually click through?
Realtime Browsing Products
There are many products now that can integrate with your web-browser to perform behind the scenes checking and URL security validation. But I don't (usually) like to have these "real-time" security products running on my system constantly.
The new Firefox 3.0 browser will be incorporating "phishing" and "attack site" validations automatically if enabled in the option settings.
I do use and recommend the free Doctor Web browser Add-ons (Firefox, IE, Opera) that while don't run "real-time" do allow you to right-click a link and pre-scan it for security before clicking through.
- CallingID Link Advisor is another Firefox Add-on
- Finjan SecureBrowsing yet another pro-active Firefox link scanning plugin.
- QArchive.org web files checker another Firefox link-scanning plugin.
- Doctor Web Link Browser Link Checker - True "on-demand" link checker that can integrate as previously mentioned with most major web-browsers. Light, fast, and unobtrusive. Recommended.
- LinkScanner Lite - Integrates with web-browser to display safety of links displayed on major web-search engine results page. Also incorporates a right-click menu to scan any hyperlink on-demand while browsing. From Exploit Prevention Labs. Not really an "Add-on extension" but more a system-wide security application.
- TrendProtect - freeware security program supporting IE to rate pages in search results.
- SiteAdvisor - From McAfee installs into your system and provides safety ratings to sites and search-results to protect you from malicious websites.
- Scandoo provides some tools and plugins to give alerts in your browser when browsing. Pre-scans links before allowing click-through and provides classification of sites and a danger-warning. Does allow fine-tuning of security preferences to give you flexibility to alert levels. Scandoo FAQ page.
However, what I am really looking for are resources where I can enter a URL and get scan-results back, but not necessarily be bombarded with pop-ups and graphic warning icons as I browse regularly.
On-Demand URL Scanners
So with a LOT of digging, here are the ones I located. You might want to bookmark a few of them to keep handy.
- Dr.Web — online - This is another great Dr. Web service. As I mentioned, I do like the Firefox Add-on extension and use it on all my Firefox browser builds. However, with this link, you just copy/paste the suspicious URL web-link into the form field and hit the "SCAN!" button. A report is quickly generated that shows all scripts and frame elements found on the target URL; great for copy/paste documentation. Nice and non-integrated.
- Exploit Prevention Labs: LinkScanner - XPL just got picked up by AVG/Grisoft. So it will be interesting to see if this product get incorporated into their anti-virus/anti-malware lines. Copy and paste your suspicious URL link into the form field and scan away. No reporting like Dr.Web, but still a nice and fast scanner.
- Finjan URL Analysis - Great and fast resource to scan a link for legitimacy. Copy/paste the link into the form field on the web and click "Analyze". Results are quickly provided along with an option to report the URL to the "Malicious Code Research Center (MCRC)" which is a nice touch if you do find something dangerous.
- Check page for sh** - Not sure if the name is clever or not. Some folks could find it "offensive" so I asterisked it out. The main page isn't censored. What this site does is allow you to enter a URL into their form field then submit the query on Google. If the site has been tagged as "dangerous" by Google, then it will return Google's warning page. You can then click-on or not. Good as it is quickly targets the validity of a link via Google's monster and deep-cover testing methods for malware links. However, doesn't give much feedback if a site is listed this way as I like to know the "why's" of the danger, not just the warning. Firefox extension also available from the page..although this (Google checking) feature is built into Firefox 3.0 as an option like I previously encountered.
- Scandoo - previously mentioned as a plug-in. This page allows you to enter a word (or URL) to search on using Google, Yahoo, or MSN Live. Results are displayed on the search engines native results page, but added in are the iconic Scandoo safety ratings for the URL results. Doesn't really "analyze" the links for maliciousness like the others, but does still provide some sense of safety or danger. The benefit of this page (versus the plugins) is that you get the benefits only when you want them, instead of all the time integrated into the browsers.
I'm surprised I wasn't able to find any more than these. I would figure this would be a rich area for web and computer security websites to offer to Net-citizens.
If you know of any others in this classification (web-based URL scanners), please share in the comments!
These are related, but don't really fit in the above categories.
- SiteAdvisor - Analysis - Enter a website URL and receive a report (if listed) of McAfee's review of the website. Here is a sample report for Grand Stream Dreams that I found.
- StopBadware.org - Despite my previous complaints about the lack of information, the site does provide some limited information on websites that have been submitted to their "Badware Website Clearinghouse" via their Search Page. Try entering "google.com" or "blogspot.com" to get a sample results report page.
- Top 10 Web Vulnerability Scanners - Insecure.org - 2006 list of utilities that can be used to scan a web-server for vulnerabilities. These don't scan for badware prior to following a link, but are more for web developers and penetration testers making sure the shop is locked up tight and safe.
- Website Vulnerability Scanners - stopbadware | Google Groups - List of some related items.
- PhProxy - InBasic - Fantastic Firefox add-on that allows you to browse to a target link "on-demand" via the right-click menu in the browser. Why would you want to visit a web-site using a proxy server? Well, maybe you are still suspicious, don't know the intent of the target website, don't know if it was bait to try to trick you to visit so they could capture your IP address. Using a proxy will result in the website capturing the proxy-server's IP address, but not your own.
- Privax - Protecting Your Online Privacy - List of free proxy web-server links if you don't want an integrated extension proxy solution. Just visit one of these sites and type in the URL of the site you wish to visit.