"X" Marks the Spyware
A startup offers Internet users simple warnings about websites’ histories of delivering spyware and spam.
Spyware has emerged as the bane of the Internet – and finding solutions represents a growing obsession of Web users and the industry that serves them. The newest entrant in the counteroffensive launches today: Boston-based startup SiteAdvisor is releasing software that warns a user about potential spyware and spam hazards.
The spyware and malware problem is enormous. According to a recent Pew Internet & American Life Project, the computers of roughly 59 million Americans are infected with spyware. And home computer users spent around $3.5 billion in 2003-04 to fix the problems, according to a recent Consumer Reports investigation. Infected machines often slow down dramatically and begin generating error messages, and some types of spyware code can steal passwords and other personal information.
While many established software products remove known spyware, the warnings and advisories generated by SiteAdvisor are meant to keep users’ computers from getting infected in the first place. So far, the company says it has collected data on two million websites. While this is a fraction of all websites, the company says those it rates make up 95 percent of all online traffic.
SiteAdvisor’s Web-crawling technology checks whether sites offer programs for downloading, whether those programs carry spyware-like software, and whether entering an e-mail address in signup forms will generate spam. The company stores the accumulated knowledge in its databases, adds more information from website owners and users, and offers the warnings via a browser plug-in for Internet Explorer or Firefox.
[Click here to view samples of warnings.]
This plug-in provides simple warnings, such as red balloons, which alert users who visit sites where SiteAdvisor has found problems. For example, a red balloon might warn: “In our tests we found downloads on this site that some people consider adware, spyware, or other unwanted programs.” Another example: “After entering our e-mail address on this site, we received 92 e-mails per week. They were very spammy.”
Because many users start their Internet experience using a search engine, the company’s software also serves as a safety roadmap for the resulting links. On a list of URLs generated by a Google search, for example, the links of tested sites will be followed by rating icons. A red “X” signifies that the site offers downloads that bundle spyware or adware, or that entering your e-mail address will yield lots of junk e-mail. A yellow exclamation point suggests that a site does irritating things, like modifying your browser or sending moderate amounts of commercial e-mail. A green check mark indicates that the site does none of these things. Users can also view detailed reports of the company’s findings.
The software was developed by two MIT-trained computer scientists, Doug Wyatt and Tom Pinckney. “Search is one of the places where people start down the path to unknown places,” says Wyatt. “Most people don’t know anything about these websites. That’s where having some guidance on the kinds of places that have safety issues really comes in handy.”
Ben Edelman, a spyware expert, Harvard economics PhD candidate, and member of SiteAdvisor’s board of advisors, says SiteAdvisor offers the first automated web-rating system. To be sure, other companies and organizations provide services that help reassure Web users. Companies like VeriSign offer encryption services for a fee, allowing websites to show that they are secure. And TRUSTe verifies that companies have posted privacy policies.
But SiteAdvisor is different, Edelman says, because of its independence from the sites it rates. With SiteAdvisor, websites “can’t pay $1,000 to get a green checkmark,” he says. Edelman also questions whether certifications about encryption or privacy policies are the most relevant to the average web user. “SiteAdvisor gives information on the things users actually care about – spam, spyware, popup ads.”
The SiteAdvisor launch comes a month after the launch of StopBadware.org, an academic effort funded by Google, Sun, and Lenovo, which aims to spotlight offending malware purveyors, generate consumer-friendly defensive strategies, and form working definitions of good and bad code – the line is often blurry as spyware continually evolves.
Created by Harvard Law School’s Berkman Center for Internet and Society and Oxford University, StopBadware.org will be a noncommercial source of consumer information. Still in its formative stages, the effort is beginning by collecting empirical information from both consumers and technical experts about malware infections.
SiteAdvisor launches today as a free download; enhanced versions of it that require a subscription will be rolled out later this year, with an annual fee whose amount is still to be determined, Wyatt says.
Home page image courtesy of SiteAdvisor.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today