Saturday, March 01, 2008

Pre-Scanning of URL Links for Safe Web Surfing

From time to time someone will drop a URL link into a comment in my blog.

As a good Net-citizen, I feel it's my responsibility to check them (to the best of my ability) to make sure that any visitors aren't getting routed to some site loaded with malware or other objectionable content.

However, while there are tons of great anti-malware products to scan your system with locally, how does one check if a web-link is safe to visit, before you actually click through?

Realtime Browsing Products

There are many products now that can integrate with your web-browser to perform behind the scenes checking and URL security validation. But I don't (usually) like to have these "real-time" security products running on my system constantly.

The new Firefox 3.0 browser will be incorporating "phishing" and "attack site" validations automatically if enabled in the option settings.

I do use and recommend the free Doctor Web browser Add-ons (Firefox, IE, Opera) that while don't run "real-time" do allow you to right-click a link and pre-scan it for security before clicking through.

  • CallingID Link Advisor is another Firefox Add-on

  • Finjan SecureBrowsing yet another pro-active Firefox link scanning plugin.

  • QArchive.org web files checker another Firefox link-scanning plugin.

  • Doctor Web Link Browser Link Checker - True "on-demand" link checker that can integrate as previously mentioned with most major web-browsers.  Light, fast, and unobtrusive. Recommended.

  • LinkScanner Lite - Integrates with web-browser to display safety of links displayed on major web-search engine results page.  Also incorporates a right-click menu to scan any hyperlink on-demand while browsing. From Exploit Prevention Labs.  Not really an "Add-on extension" but more a system-wide security application.

  • TrendProtect - freeware security program supporting IE to rate pages in search results.

  • SiteAdvisor - From McAfee installs into your system and provides safety ratings to sites and search-results to protect you from malicious websites.

  • Scandoo provides some tools and plugins to give alerts in your browser when browsing. Pre-scans links before allowing click-through and provides classification of sites and a danger-warning. Does allow fine-tuning of security preferences to give you flexibility to alert levels. Scandoo FAQ page.

However, what I am really looking for are resources where I can enter a URL and get scan-results back, but not necessarily be bombarded with pop-ups and graphic warning icons as I browse regularly.

On-Demand URL Scanners

So with a LOT of digging, here are the ones I located. You might want to bookmark a few of them to keep handy.

  • Dr.Web  — online - This is another great Dr. Web service.  As I mentioned, I do like the Firefox Add-on extension and use it on all my Firefox browser builds.  However, with this link, you just copy/paste the suspicious URL web-link into the form field and hit the "SCAN!" button. A report is quickly generated that shows all scripts and frame elements found on the target URL; great for copy/paste documentation. Nice and non-integrated.

  • Exploit Prevention Labs: LinkScanner - XPL just got picked up by AVG/Grisoft. So it will be interesting to see if this product get incorporated into their anti-virus/anti-malware lines.  Copy and paste your suspicious URL link into the form field and scan away.  No reporting like Dr.Web, but still a nice and fast scanner.

  • Finjan URL Analysis - Great and fast resource to scan a link for legitimacy.  Copy/paste the link into the form field on the web and click "Analyze".  Results are quickly provided along with an option to report the URL to the "Malicious Code Research Center (MCRC)" which is a nice touch if you do find something dangerous.

  • Check page for sh** - Not sure if the name is clever or not. Some folks could find it "offensive" so I asterisked it out. The main page isn't censored.  What this site does is allow you to enter a URL into their form field then submit the query on Google.  If the site has been tagged as "dangerous" by Google, then it will return Google's warning page. You can then click-on or not.  Good as it is quickly targets the validity of a link via Google's monster and deep-cover testing methods for malware links. However, doesn't give much feedback if a site is listed this way as I like to know the "why's" of the danger, not just the warning.  Firefox extension also available from the page..although this (Google checking) feature is built into Firefox 3.0 as an option like I previously encountered.

  • Scandoo - previously mentioned as a plug-in.  This page allows you to enter a word (or URL) to search on using Google, Yahoo, or MSN Live.  Results are displayed on the search engines native results page, but added in are the iconic Scandoo safety ratings for the URL results.  Doesn't really "analyze" the links for maliciousness like the others, but does still provide some sense of safety or danger.  The benefit of this page (versus the plugins) is that you get the benefits only when you want them, instead of all the time integrated into the browsers.

I'm surprised I wasn't able to find any more than these.  I would figure this would be a rich area for web and computer security websites to offer to Net-citizens.

If you know of any others in this classification (web-based URL scanners), please share in the comments!

Other Resources

These are related, but don't really fit in the above categories.

  • SiteAdvisor - Analysis - Enter a website URL and receive a report (if listed) of McAfee's review of the website.  Here is a sample report for Grand Stream Dreams that I found.

  • StopBadware.org - Despite my previous complaints about the lack of information, the site does provide some limited information on websites that have been submitted to their "Badware Website Clearinghouse" via their Search Page.  Try entering "google.com" or "blogspot.com" to get a sample results report page.

  • Top 10 Web Vulnerability Scanners - Insecure.org - 2006 list of utilities that can be used to scan a web-server for vulnerabilities. These don't scan for badware prior to following a link, but are more for web developers and penetration testers making sure the shop is locked up tight and safe.

  • Website Vulnerability Scanners - stopbadware | Google Groups - List of some related items.

  • PhProxy - InBasic - Fantastic Firefox add-on that allows you to browse to a target link "on-demand" via the right-click menu in the browser.  Why would you want to visit a web-site using a proxy server? Well, maybe you are still suspicious, don't know the intent of the target website, don't know if it was bait to try to trick you to visit so they could capture your IP address.  Using a proxy will result in the website capturing the proxy-server's IP address, but not your own.

  • Privax - Protecting Your Online Privacy - List of free proxy web-server links if you don't want an integrated extension proxy solution. Just visit one of these sites and type in the URL of the site you wish to visit.

Safer Surfing!

--Claus

4 comments:

Anonymous said...

Just a quick note to say that Exploit Prevention Labs, developers of LinkScanner, is now part of AVG Technologies. LinkScanner's safe-surf and safe-search technologies are incorporated into all the new AVG 8.0 products - more info at www.avg.com.

Anonymous said...

Pat,

Thanks for the clarification. I just saw a post by Alex over on his Sunbelt Blog that there is now quite some discussion in the AVG fourms regarding its appearance as a "toolbar" in the AVG 8.0 product.

More toolbar fun

There's just something about toolbars that make "semi-pro/pro" web-security nuts (I count myself among them) go crazy when we see them "bundled" or included as a "feature" even for a long-trusted security product.

I guess we have fought rouge versions of toolbars on systems far too long to trust them without question, and (good or not) tend to despise them.

I'm still running the 7.5 AVG Free version and hope to see Grisoft release a 8.0 "Free" version in the near future as well, so I can't say.

However I have played with the beta version of AVG 8.0 and liked what I saw.

From comments in Alex's post, it seems that this "toolbar" feature can be turned off or "deselected" during the installation process.

It would be nice if this AVG/LinkScanner feature would be integrated into the right-click menu for "on-demand only" link pre-scanning like Dr. Web's Firefox Add-on extension does. That would be awesome. Then allow for system-wide full-time/real-time pre-scanning of all links while browsing only if optionally enabled

As it stands right now, I would probably also disable any LinkScanner feature in AVG 8.0 if it was a "real-time" only pre-scanning feature, but it is a nice (and very useful) feature for the masses of general users of security products who aren't quite as savvy for web and system security.

Certainly my impressions of LinkScanner have been positive from what little use I have experimented with it.

Thanks for the comment!

Zestful said...

I just would like to mention one more uprunner in the safe surfing space: WOT, Web of Trust, mywot.com, is an online community for reputation rating that lets Internet users share their knowledge of websites, helping users stay in control when surfing the Web. Besides its users, WOT gets information from hundreds of trusted sources such as phishing site listings and spam black lists.

As you search with Google, you will see a tiny icon beside the Web link that warns you of risky sites. WOT has information on 17 million sites. WOT ratings are shown also on Yahoo!, Gmail, Wikipedia, Digg, del.icio.us, AOL, and MSN.

WOT is available for the Internet Explorer and Firefox browsers and is free. No registration is required. www.mywot.com

Anonymous said...

This idea given above is great because pre scanning a website would give the user an idea that what is contained in that site and is it safe to visit it or not.