Evaluating Unknown Sites

resourcesforlife
Posts: 288
Joined: Mon Jul 02, 2012 4:53 pm

Evaluating Unknown Sites

Post by resourcesforlife » Fri Jul 06, 2012 5:15 pm

This is probably explained in the WOT Wiki, and if so, feel free to direct me to the correct article.

I'm wondering about the best practices for evaluating sites. Being a member of WOT for a few days has opened my eyes to how much malware is out there on sites ready to attack my computer. I normally stay in safe neighborhoods when browsing.

So, now I'm reluctant to even load some of these sites that are unknown quantities.

I presume the first thing would be to run a malware scan on sites before even exploring them. Then, once it's determined the site is clean, explore some of the other aspects of it to ascertain the site's trustworthiness, vendor reliability, privacy, and child safety rankings.

Another thought regarding safety while evaluating would be to have a virtual computer or completely separate computer to explore sites.

Does the above make sense? Any suggestions? Thanks.

Myxt
Posts: 4140
Joined: Sat Mar 05, 2011 6:18 am

RE: Evaluating Unknown Sites

Post by Myxt » Sat Jul 07, 2012 7:25 am

WoT recommended tools: http://www.mywot.com/wiki/Online_tools

Use a top Internet security suite* - anti-malware, firewall, etc, etc - not a patchwork of free stuff.

Virtualize if possible.

Add armor to the current Firefox for risky visits, and use another browser for general operations.

URLVoid.com is a good place to start an investigation. You can also get a lot of mileage from Google search, partly due to the displayed snippets and thumbnails.

sitecheck.sucuri.net/scanner/ is an excellent independent opinion which also lists a internal links from a site's front page.

* Unfortunately, on-demand remote malware scanners (at least the free ones) do not spider a site, they only scan the specific page, or just the domain, you request. You could get a safe return on the front page, and then get whacked on the Contact page.

Partial list
HTH

Jazspeak
Posts: 7295
Joined: Fri Oct 17, 2008 4:20 pm

RE: Evaluating Unknown Sites

Post by Jazspeak » Sat Jul 07, 2012 3:10 pm

<quote user="myxt">
"Use a top Internet security suite* - anti-malware, firewall, etc, etc - not a patchwork of free stuff."
[/quote]

I have to beg to differ. If a so-called security suite gets compromised then you can kiss goodbye to all of the components of the security suite, that is to say that if the AV element gets compromised then it is quite likely that the firewall and all other elements will also be compromised. I prefer the mix and match approach because it makes it more difficult to compromise all of the individual elements of the security.

There is some excellent free stuff available that, when combined with commonsense, can be quite good enough especially when used with a range of other software and web services to investigate sites.


<quote user="myxt">
"Virtualize if possible."
[/quote]

Agreed. For Windows users there is the free Sandboxie that does a good job of using virtualisation without the hassle of setting up a virtual machine.

Edit: Nobody has mentioned the importance of keeping backups, so let me say it now: Backup everything before embarking on any investigations of sites.

resourcesforlife
Posts: 288
Joined: Mon Jul 02, 2012 4:53 pm

RE: Evaluating Unknown Sites

Post by resourcesforlife » Sat Jul 07, 2012 4:13 pm

[url=http://www.mywot.com/en/user/2169182 t=_blank]mytx[/url] and [url=http://www.mywot.com/en/user/6202 t=_blank]Jazspeak[/url],

These are really good suggestions and resources. Thanks.

I have multiple systems at my disposal (Windows, Linux, and Apple). Even with a quad-core i7 system and 8GB RAM, I still notice performance degradation when running a virtual Windows 7 computer in VMWare Fusion on the Mac. Maybe Ubuntu would be less of a drain. I may just dedicate a computer to website research exclusively and image it with Acronis True Image. That way, I can easily restore it from backup in about 15 minutes every week or so to keep it fresh.

An alternative would be to use a quad-core i7 with a variety of virtual computers. A while back I needed to do some testing and setup multiple virtual computers on the same system. As long as I use them one at a time, it performs well. Each virtual computer has a different security package, including some free ones. I'd received news of a false-positive from someone using Norton 360 2012 and wanted to duplicate what they were seeing. After installing Norton 360 2012, I was unable to duplicate the warning they had.

Now that I've discovered MyWOT, I find I'm spending a lot of time here. I'm learning some good practices and discovering new tools, which is nice. This is work I really need to be engaged in anyway. As I setup websites for my clients, and maintain them, I want to be aware of any issues (security or otherwise). Also, I do some consumer advocacy work for which I'd like to use MyWOT as a research tool.

Thanks again for your help.

Greg

Jazspeak
Posts: 7295
Joined: Fri Oct 17, 2008 4:20 pm

RE: Evaluating Unknown Sites

Post by Jazspeak » Sat Jul 07, 2012 4:34 pm

<quote user="resourcesforlife">
"...dedicate a computer to website research exclusively and image it with Acronis True Image. That way, I can easily restore it from backup in about 15 minutes every week or so to keep it fresh."
[/quote]

That is the best option, although there are several alternatives to Acronis.

Another interesting possibility, although I haven't tried it myself, is to use [url=http://www.filehippo.com/download_ramdisk/ t=_self]RAMDisk[/url].

resourcesforlife
Posts: 288
Joined: Mon Jul 02, 2012 4:53 pm

RE: Evaluating Unknown Sites

Post by resourcesforlife » Sat Jul 07, 2012 5:04 pm

One thing that comes to mind is the possibility of using PortableApps.com with a USB drive.

Yet I'm wondering... Couldn't malicious software that's launched from those apps infect the host PC?

Maybe there's a sandbox mode. I've just not used it so I can't say for sure, but it seemed like another possible option. Maybe someone else here has more experience with it.

I'll checkout RAMDisk also. Thanks, [url=http://www.mywot.com/en/user/6202 t=_blank]Jazspeak[/url].

Greg

Jazspeak
Posts: 7295
Joined: Fri Oct 17, 2008 4:20 pm

RE: Evaluating Unknown Sites

Post by Jazspeak » Sat Jul 07, 2012 5:58 pm

<quote user="resourcesforlife">
"...using PortableApps.com with a USB drive."
[/quote]

I have tried that and even tried running a complete OS on a USB stick. The first problem is that the stick runs very hot after only a very short use, and hot USB sticks tend to go wrong quite quickly. I also noticed that the data transfer rates are noticeably slower than a proper HDD. At the moment using portable apps with a USB stick does work but the advantages are outweighed by the disadvantages.

<quote user="resourcesforlife">
"... Couldn't malicious software that's launched from those apps infect the host PC?"
[/quote]

Yes.

resourcesforlife
Posts: 288
Joined: Mon Jul 02, 2012 4:53 pm

RE: Evaluating Unknown Sites

Post by resourcesforlife » Sat Jul 07, 2012 6:05 pm

<quote user="jazspeak">
[/quote]

Maybe a bootable OS from an external had drive would be faster and not run hot. That might work. The only problem would be that if infected, presumably the internal drive of the computer would still be read/writeable and could get infected.

A virtual machine or separate computer seems to be the way to go for absolute safety. Thanks for the info and suggestions.

Figure10
Posts: 270
Joined: Sun Jun 20, 2010 9:46 pm

RE: Evaluating Unknown Sites

Post by Figure10 » Sun Jul 08, 2012 1:43 am

I use noscript (and set it to automatically block all scripts) when visiting new sites.

resourcesforlife
Posts: 288
Joined: Mon Jul 02, 2012 4:53 pm

RE: Evaluating Unknown Sites

Post by resourcesforlife » Sun Jul 08, 2012 2:07 am

Good advice, [url=http://www.mywot.com/en/user/1052431 t=_blank]Figure10[/url]. I notice that Apple recommended that users turn off Java in Safari after the latest round of malware attacks that hit some of their computers.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests