Security Corner

Jan 17 2009   3:27AM GMT

Software for Secure Computing: Exploit Prevention Labs Link Scanner

Ken Harthun Ken Harthun Profile: Ken Harthun

With cybercriminals now actively poisoning search results and legitimate websites–unbeknownst to the webmasters–you can’t be too careful when clicking on links. Take a look at this video library presented by Exploit Prevention Labs (XPL) CTO and Chief Researcher Roger Thompson and you’ll see why. The videos show a number of recent exploits.  The bad thing about these exploits is that you never see them coming. From the XPL Threat Center:

Exploits deliver their malcode through driveby downloads that happen silently and can be delivered through any kind of site. Most site owners don’t know themselves when their site has been poisoned – it’s happened to every kind of site, from global businesses to individual MySpace pages.

That’s why you should be using XPL’s LinkScanner. This nifty utility integrates with the search engines to check for a variety of threats, so you’ll know whether a site is safe (or not) before you click the link. Take a look at the screenshot of my Google search on “warez.” The red X’s are the LinkScanner results: those sites are dangerous. The green checkmark on the Wikipedia entry indicates that it’s safe to surf.

LinkScanner allows you to check any link on demand by right-clicking on the link and selecting “Quick Scan with LinkScanner.” This is great for checking links in sites you’re surfing. You can also open a console and paste an address for scanning.

You may wonder how LinkScanner compares with McAfee’s SiteAdvisor. So did I. XPL gives an in-depth comparison on their LinkScanner vs SiteAdvisor page. Here’s an excerpt:

LinkScanner’s SearchShield technology actually does a live scan on Google, Yahoo and MSN search results and with no delay in search engine results delivery. This enables LinkScanner to definitively state whether the page behind any link is or is not safe at the only time that matters – the time you plan to visit it.

In contrast, SiteAdvisor “crawls” entire sites over a period of weeks and/or months and renders opinions about entire sites, which are then stored in a central database.

Download LinkScanner Lite it for yourself and you just may find, as I did, that it’s an indispensible tool for secure computing.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • DeborahS
    Another alternative, which is slightly different from LinkScanner and SiteAdvisor, is Web of Trust. WOT warns Internet users about risky websites to help avoid spyware, browser hijacking, identity theft, phishing and other Internet scams. Website rating information is updated continuously by our user community and trusted sources, such as listings of malware and phishing sites. People who have used WOT have noticed that the user driven approach often gives more accurate ratings than automated ones like SA and LinkScanner. Furthermore, WOT provides reputation regarding "vendor reliability" and "child safety", where human input is crucial. Many of our users even use WOT side-by-side with other systems for a layered approach to Internet safety. It would be interesting for you to try out all three and compare each one. Safe surfing, Deborah [A href="http://http://www.mywot.com"] [B]Supporting Facts of WOT[/B] • WOT has been downloaded by 3 million users • Information on 21 million websites • 1 in every 20 websites is harmful • WOT users can contribute by rating and commenting on websites • WOT also receives information from a large number of trusted sources, such as PhishTank, hpHosts, DNS-BH Malware Domain list and Artists Against 419.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: