URL shorteners may be handy for your tweets on Twitter. But they're also known security holes since they don't display the actual address of your destination. A free tool from security vendor AVG may provide a solution.
AVG has updated its free LinkScanner tool to detect malicious pages hiding behind shortened URLs. The company said the tool checks the actual destination of each URL link to make sure the page is legitimate.
More than a dozen URL-shortening services abound on the Net, including TinyURL and Bitly. With its 140-character limit, Twitter automatically shortens URLs in each tweet via Bitly. Other services like WordPress also include a built-in URL shortener.
But Web browsers don't display the true address of a shortened URL, so you have no idea whether or not the destination page is safe. Hackers have easily been able to use the obscure nature of shortened URLs to conceal hazardous Web pages behind them.
"The problem with shortened links is that they usually don't bear any resemblance to the original URLs, which means that users don't always know what they're clicking," said Roger Thompson, chief research officer at AVG Technologies. "People click with the intention of going to a specific site, but the link can be easily hacked to send people to a site containing Trojans, spyware, rootkits, and other malware instead."
AVG, formerly known as Grisoft, bought LinkScanner in late 2007 as part of a larger acquisition. The tool has already proven helpful to Web surfers by analyzing Web pages behind each link that is either clicked on or typed into the browser.
Other solutions do exist to reveal the truth behind a short URL. The Web site LongURL can display the long version of a short URL. A Firefox plug-in called LongURL Mobile Expander can also translate from short to long.
But according to AVG, LinkScanner is now the only security tool on the market that can find poisoned Web pages behind a short URL. The company says it does not rely on blacklists and instead checks each link in real time.
LinkScanner is once again available as an independent plug-in for Windows-based Firefox and Internet Explorer, following more than a year spent as a feature of AVG Technologies' AVG security suite. Still available as part of AVG, users can now once again download LinkScanner independently of AVG's antivirus software, and for free.
AVG's LinkScanner evaluates link safety on the fly, as well as making click-throughs for dangerous sites harder.
(Credit: Screenshot by Seth Rosenblatt/CNET)The new LinkScanner works much the same as the original one did. Once you've installed the EXE, AVG's "Search Shield" returns search results from both Google and Yahoo with flags next to them. Green flags on Google indicate a result is safe to click through to, while Yahoo safe results display no flags. Links that are unsafe on both search engines will return red flags.
Hovering over a flag will pop open a window that provides further details about the link. Green flags will show you the IP address, the amount of time the scan took, and the date and time of the most recent scan. Red flags highlight the same information, as well as the risk category and the site name. Attempting to click through to a red-flagged page will take you to a warning screen that repeats most of the red-flag information--AVG calls this the "Active Surf-Shield".
A small link at the bottom of the red-blocked screen will let you click through, although it cautions users that it will continue to block potentially harmful content. When I tried to click through to warez.com, for example, LinkScanner would only show me the CSS code for the page.
LinkScanner doesn't have references for all links, as evidenced by the third one in this Google search for ringtones.
(Credit: Screenshot by Seth Rosenblatt/CNET)In addition to the clear messages behind the green and red flags, LinkScanner also offers two "slow down" warnings. The first is yellow with one exclamation point in it, while the second is orange and has two exclamation points. I found it nearly impossible to locate search results with a yellow or orange flag, but the meaning is clear: we can't tell what this is, but it looks sketchy so be careful.
It's worth noting, too, that both green flag and red flag boxes (and, presumably, the yellow and orange warning boxes) include a link at the bottom to an AVG product comparison page.
Before Grisoft, now AVG Technologies, bought LinkScanner, many users appreciated that both the free version and the paid LinkScanner upgrade provided smooth integration with your daily Web browsing habits. There are some similar services, such as McAfee's SiteAdvisor, that have interfered with performance for some users--an instant turn-off. After trying LinkScanner out for half the day, though, I was pleased to see that the once-again independently available add-on continues to function as well as it did in the past.
AVG on Monday will begin offering a free version of its LinkScanner software, which offers real-time scanning of Web pages while surfing or doing Web searches.
LinkScanner, which is currently part of the AVG Free Edition suite, scans a Web page before a surfer visits the page and warns if the page appears to be unsafe.
AVG LinkScanner also offers safety rankings for all organic search results on Google, Yahoo, and MSN. Safe pages in searches will have green check marks next to them and unsafe ones will have red "X"es and pop up windows offer more explanation.
AVG LinkScanner scans bookmarks as well as links in e-mails and instant messages before they are opened. Individual pages are scanned separately, so that if one page on a site like Facebook are spreading malware that page will prompt a warning and other pages on the site won't.
There is other software that flags malicious sites in searches. McAfee SiteAdvisor works with Yahoo search results and more than 20 other search engines and Symantec offers ratings on Ask while Google serves up its own warnings in its search results.
The news will be announced at the RSA 2009 security conference which starts on Monday.
AVG LinkScanner puts marks by search results that are unsafe and displays a pop up box with more information when the cursor hovers over the mark.
(Credit: AVG)
On Thursday, Webmasters around the world noticed unusual spikes in traffic. For some smaller sites the sudden surge of Web traffic toward their sites appeared to be almost a denial-of-service attack.
Turns out it was the free version of AVG Antivirus 8.0 just doing its job.
In a statement on Saturday, Grisoft said "We have actively listened to the Webmasters who have brought this to our attention, and as a company we have reacted quickly to solve them." What it did was issue a new build of the popular free program.
What's different in version 8 from previous versions is the inclusion of Linkscanner, a scanner that stops malware components embedded on compromised Web pages. LinkScanner was created by Exploit Prevention Labs and purchased last summer by Grisoft, maker of AVG products.
One feature of LinkScanner, Secure Shield, works by downloading the home page of each site returned in a common Web search then populates the search result page with colored icons indicating the relative safety of those sites. The feature, which has been previously available, apparently didn't scale to the large numbers of AVG free customers. On Monday, Roger Thompson, who developed LinkScanner and is now chief research officer for Grisoft, confessed, "We knew it would create a spike of some sort, but nothing like what happened."
How dramatic was the surge in traffic? The site AVG-Watch.org provides charts on bandwidth use after the release of AVG 8.0.
In an e-mail to CNET News, Thompson went on to say: "We did not consider the multiplying effect of any given Web site's own marketing within search engine results. In other words, if a Web site, through its marketing, became a common search result, it was scanned much more often than we expected. As soon as we found out, we gathered some data, talked to some Webmasters, and figured out what to do."
However, Thompson disputed a claim by AVG-Watch.org that the updated AVG version now only "pretends to prefetch," and does little more than a DNS (Domain Name System) lookup of the site. Thompson said "it doesn't pretend to pre-scan. It just works off the local blacklist. That involves a DNS lookup, so that we can compare both IPs and URLs."
Making matters worse last week, AVG disguised the scans as coming from Internet Explorer 6 browsers, and not Secure Shield. For a few days it was unclear who was responsible for the surge in Internet traffic. Thompson said they could have made the LinkScanner scans entirely stealth, but they wanted to give Webmasters the option of filtering the scans.
"The real issue is that, like it or not, we're at war on the Web," said Thompson. "Criminals, both organized and opportunistic want our PCs and our money, and they're attacking via the Web. It's no longer like the old days when they wrote this stuff for fun."
(Credit:
CNET Networks)
If you're the type to favor user opinions over editorials, the Firefox plug-in WOT may be the site-rating service for you.
Unlike Grisoft LinkScanner (Pro and Lite), McAfee Site Advisor (for Internet Explorer and Firefox), or the NetCraft Toolbar (for Firefox and Internet Explorer), this extension, published by Web of Trust (WOT), relies on user-generated ratings seconded by Web-gathered statistics to determine key factors of site safety. Trustworthiness, vendor reliability, privacy, and child safety are the four vectors of participant voting. A lengthened color gradient from green (safe) to red (unsafe) offers five shades of ratings levels instead of the customary three.
(Credit:
CNET Networks)
Like the other site-rating tools, WOT surfaces ratings on the browser and from within Google and Yahoo search results. There's also drop-down menu for rating sites from the search results page.
Extra context comes by way of a reputation scorecard that averages total users' ratings, a link to Alexa statistics, user comments, and spam, fraud, malicious software, and customer service complaints. According to WOT's Web site, it also garners some ratings from phishing and scam databases.
The extra user information is useful, particularly if you're a more adventurous Web surfer, and it could indeed help guard users against zero-day security breaches for users who can attribute a compromised site to a malicious software attack in time. I'd recommend the extension as a companion to one of the algorithmic solutions above, but not necessarily as a replacement.
Exceedingly popular, AVG Free offers rock-solid protection, but only the bare necessities. The security features include a real-time shield to prevent infections, antivirus and antimalware wrapped up in one engine, and a link scanner for Web surfing with care.
By default, AVG is set to search for new virus definitions daily, but you can always use the scheduling tool to change this. Should a virus create serious system problems, AVG creates a rescue disk to scan your computer in MS-DOS mode. The program doesn't tax your system when scanning or when running in the background, and it always proved effective in our tests. The new interface is much easier to navigate than in previous version, with tabbed navigation on the left assisting users in drilling down to the tools they need.
AVG Technologies, formerly Grisoft, has updated AVG Free to Version 8.0. The other antivirus programs the company publishes updated in March, following AVG's pattern of updating the free version about a month after the paid editions get their new coats of paint.
The new interface follows the trend of left-nav tabs. Compared with the old one, this is a much-appreciated change.
(Credit: AVG Technologies)As before, AVG Free 8.0 features all the essential functions of AVG Internet Security, but none of the bells and whistles. So the new engine is intact, with combined antivirus, antispyware, and the formerly independent LinkScanner technologies rolled into one. However, there's no antirootkit protection, and other features included in AVG Anti-Virus such as instant message and download protections are also missing.
Formerly independent LinkScanner gives AVG Free users a measure of protection against Web sites.
(Credit: AVG Technologies)Overall, the new AVG Free runs better than the older versions. As we noted in our review of the product, the new engine's real-time shield works better than before, and besides the new interface, that's the most noticeable difference. The change to tabbed navigation from the horrible floating boxes of earlier editions is a long-overdue improvement that makes it much easier to focus on what you need out of the program. If you like version 7.5, there's no reason not to upgrade.
However, I'm not overly fond of AVG's habit of not being particularly forthcoming about including features and then disabling them without a more direct warning about what the program does and doesn't do. It's more than a tad bit deceptive--not the best way to treat the multimillions of people who've downloaded the free version of the program.
UPDATED 5/28/2008: After talking with AVG, email scanning is not a trial feature of the program: it is a fully integrated feature. However, it isn't advertised as an included feature, either, which led to confusion on my part. My apologies to readers who were misled by my inaccuracies.
LinkScanner Lite warns against a hidden IFrame launcher in Megaupload.
(Credit: CNET Networks)Those of you who haven't yet installed a link scanning or Web site rating program for your Firefox or IE-based browser should hop to it--and consider using LinkScanner Lite when you do.
I've been using LinkScanner Lite and McAfee Site Adviser on both Firefox and IE browsers. Overkill? No way. Each program serves the greater goal of alerting you to dangerous links but differ in their approaches.... Read more
(Credit:
CNET Networks)
As a computer tech, Jack's used to helping families evict unwanted malware.
What he's not used to is having to perform the same service three times in as many months for the same family. Is malware overpowering their defenses, or is the family relying too heavily on professional services as their safety net for chancy online behavior? Find out in this week's Spyware Horror Story.
(Credit:
CNET Networks)
William is philosophizing to his toothbrush one minute and contemplating practicing shot put with his computer the next. What burst his bubble?
William blames a virus, and in his tussle with the malignant malware, he learns a few lessons about the risks of sharing a computer with family and friends. But was it actually a virus that got him, and are the lessons he learned the right ones?
After the frustrations of dealing with damaged data, it's easy to generalize about past and future behavior. Set the record straight in a thrilling malware true-and-false in this week's Spyware Horror Story, Gone in 30 minutes.
