Avoiding Malicious Websites

For those of us that have seen The Wizard of Oz, the Internet is like the field of poppies. Good and bad websites cannot be identified simply by looking at them. So what do we do to avoid the malicious websites? Several services have been created to help people address this issue. This article highlights a few of the easier to use services that can help you add security to your home and office environment.

First off, MyWOT.org. This stands for My Web of Trust.

My Web of Trust is a plugin for your web browser. It is also free, which makes this a no brainer to install at home. Once installed, it will add a small circle next to web links. If the link is green, the site has been identified as not being malicious. This information comes from a crowd sourced database of people that report good and bad websites. If the circle is red, most people felt that the site is bad. Yellow means that some people think it is a malicious site and some don’t, so you should be cautious. If you avoid the red and yellow, you will be largely safe.

What attack does this help prevent? Hackers know how people think. When there is a large event or tragedy somewhere in the world, many people will search Google for information about it. Google will happily return links to all the sites that it thinks are relevant. Hackers also know how Google thinks. One tactic they use is to publish sites that Google thinks are highly related to the event. When people search for information about the event, Google will return a link to the malicious website. When the user clicks the link, they get served malicious content and may end up with malware installed on their computer. MyWOT rates the link for safety giving the user a warning prior to clicking the link.

Next, OpenDNS.com.

This is a service that helps in another aspect of the Internet. For home use, this is another free tool. Much as people would have trouble sending a letter to someone without a phonebook to look up their address, computers would have trouble browsing the internet without something to find the address for, like www.bing.com. DNS (Domain Name Service) Servers provide this phonebook type activity for the Internet. When somebody wants to get to www.bing.com, they enter www.bing.com into their web browser. The computer knows nothing about www.bing.com, but the computer does understand 204.79.197.200, which is an address for Bing. The computer asks the DNS system for the address for www.bing.com and then accesses the address. This is a high level overview of how the Internet works. OpenDNS.com serves as a sort of phonebook that won’t let you communicate with addresses that it knows are not safe or allowed by the owner of the OpenDNS account. OpenDNS categorizes all of the websites and only provides the address for the categories that are approved.

What attack does this help prevent? One attack in particular is CryptoLocker. When the CryptoLocker malware is installed, the first thing it needs to do is call out to a command and control website. That website provides the encryption key to the malware. If CryptoLocker is unable to acquire an encryption key, it cannot encrypt anything. OpenDNS provides an opportunity to block that request, thereby neutralizing the CryptoLocker malware. This will not remove the malware once installed. If OpenDNS were disabled at some point in the future, it could attempt to make that request. The hope here is that by the time that would happen, any site that hosts the encryption key would now be unavailable.

Lastly, Cisco Web Security.

This is not a free product but does appeal to businesses as it also provides better reporting on the websites that individual employees access. This is a product owned and managed by Cisco, a leading network technology vendor. Cisco manages the same type of categorization of websites that OpenDNS does, in addition to actually inspecting the traffic that flows between the user and the website. If your organization needs the ability to report on what websites were accessed, this product would provide that information.

What attack does this help prevent? If a website gets compromised, OpenDNS will still report the category as good, but Cisco will report and block malicious content.

For your home use, I highly recommend MYWOT.org or OpenDNS.com. These are both free and work well in blocking access to malware.

For your business I highly recommend OpenDNS.com or Cisco Web Security. Netgain supports both products and your Account Manager can discuss these options further.

 

 

Follow Us