To click or not to click is the question that must crop up in the mind of many users when they receive emails from people they don’t know that contain embedded web links or file attachments. At other times, it’s simply an alarming warning that pops up in a browser window suggesting they don’t proceed.
These origins of these warnings can be confusing. Browsers such as Chrome, Firefox, Internet Explorer and Windows 10’s Edge all have security technologies built into to look at downloads and perform reputation checks on websites. So too the increasingly intrusive world of anti-malware programs that pretty much all come with their own reputation systems built in too, any one of which can issue their own independent alerts.
What most users sometimes value are additional checks beyond these layers either as a sanity-confirmation to underline what that alert is telling them about a file or website or simply to investigate the possibility of a false positive. For web domains, checking isn’t always about suspicious sites – many perfectly legitimate sites can become malicious without their owners realising, indeed these can be the riskiest precisely because they look harmless.
As it happens, there are dozens of free tools and services that can be used to do this. As with any security technology, they do have some limitations, such as being prone to false positives (misidentifying a site as rogue when it isn’t) or, occasionally, false negatives (misidentifying a site as safe when it isn’t). It’s worth being aware of this. From our experience, a clean bill of health for a web domain doesn’t mean every page on that site is safe to visit. A second issue is that these tools are also open to criminals who are infamous for using VirusTotal detection rates (see below) to work out when they need to update their malware creations.
It’s an important rule that all web inspection sites should not the date the checked URL was last tested – without that data the reliability of checking, which can change in days if not hours, is immediately suspect. Another issue are links using URL shortening, a blind spot for most web checkers. The only reliable answer here is to first use a URL expansion tool to see the real URL before entering that into the checking engines.
There are undoubtedly a heap of these services, some of which re-use the same underlying technology, so which are the ones that matter?
Website security checking – VirusTotal
The best-known way to perform a reputation check is to use the industry VirusTotal website, which runs a file or weblink against several dozen engines at once, offering an overall detection rate. VirusTotal’s main advantage is that is receives around 1 million submissions every day and so problem files and links should show up very quickly.
However, it’s not always clear how to interpret the results – if one out of 65 comes back positive, does that mean the one is right and the 64 are wrong? Still the gold standard.
Website security checking – Google Safe Browsing
Google is another port of call for web links, again because of the sheer volume of traffic it looks at, somewhere into the billions of web addresses every day. Google Safe Browsing is also used by the Chrome, Mozilla Firefox and Apple Safari browsers.
Next: Web of Trust
Website security checking – Web of Trust (WoT)
Finland-based Web of Trust, which can be used through a website or as a browser plug-in (which we can neither recommend or de-recommend), WoT’s unique feature is that it uses crowdsourced data submitted by members and allows positive as well as negative reviews. The throughput is far lower than for VirusTotal or Google. Misses some unsafe sites because reviews can be superficial.
Website security checking – McAfee WebAdvisor
Formerly called SiteAdvisor (now also from Intel Security rather than McAfee) this is one of the biggest reputation services on the Internet and so should see a lot of suspicious sites and files but requires a browser plug-in (free) which not everyone will want to use.
Website security checking – Comodo Web Inspector
Formerly Site Inspector, a slightly different take on the web reputation service, Web Inspector is aimed at website owners that want an automatic service to run checks on their own domains for malicious compromise. Offers a detailed account of the checks carried out, including looking for dodgy iFrames, odd connections, scripts and reported phishing.
Website security checking – PhishTank
Originally started as a spin-out project from security firm OpenDNS, PhishTank has since become an important industry resource for reporting phishing websites. The PhishTank API is used by Web of Trust (WOT) as well as Opera, Yahoo Mail, Mozilla Firefox, and anti-virus software such including Avira and Kaspersky Lab.
Website security checking – StopBadware
More aimed at site owners wanting to check blacklists for their own domains, but the StopBadware Clearinghouse is useful to see which domains are being filtered by some of the big providers such as Google.