Ten percent of the 4.5 million URLs Google researchers analyzed for a malware expos? harbored malicious code. The code executes through widgets, ads, compromised downloads, server vulnerabilities, browser holes, phishing lures, and links, making infection possible for even ordinarily safe users.
CNET.com's Robert Vamosi has the full story, and CNET Download.com has programs to add muscle to your antivirus armor. Netcraft Toolbar (for Internet Explorer and Firefox), is an antiphishing browser extension that sniffs out suspicious hosting locations common in spoofed sites.
LinkScanner Pro and LinkScanner Lite, both from Exploit Prevention Labs, analyze URLs for real-time threats. The tool rates pages with a color-coded system. Green, yellow, and red ratings indicate that pages are, respectively, safe, suspicious, or threatening. The free "Lite" version identifies threats, and the "Pro" version blocks threats and adds an additional security layer.
McAfee SiteAdvisor (for Internet Explorer and Firefox) and McAfee SiteAdvisor Plusalso use the three-color rating system. The green, yellow, or red rankings are based on the "safety" of hosted links and downloads, and the number of spammy e-mail messages received in a week.
With the exception of the Plus version (commercial software), the results reflect the status of the site the last time it was tested, so a slippery Trojan or browser hijack could burrow into a site marked "green," or "safe," without immediately changing the site's color-coded status. February's Super Bowl hack of the Dolphin Stadium Web site is an example.
SiteAdvisor's most obvious benefit is in highlighting known danger-sites, for example sites advertising free music or services--these are notorious for hosting or attracting malicious code. Visual clues that broadcast a site's security status or specifically seek to block threats are a key ingredient to staying safe online.
Correction: A previous version of this post incorrectly described how McAfee SiteAdvisor tests and rates Web sites. McAfee SiteAdvisor uses automated testing programs to test for the three criteria described above.