-Sandi Hardmeier, TRUSTe Online Compliance Researcher
Back when I first started helping the victims of unwanted adware and spyware around the Year 2000, I focused all of my attention on cleaning computers after they had been infected. Then, as fighting adware and spyware became a cause cÃ©lÃ¨bre, as more and more very skilled people joined the fight, and as various dedicated web sites and forums came to life, I realized that the needs of the victim (insofar as cleaning their computers was concerned) were being well met, so I moved on to going after the adware and spyware itself, and trying to change the modus operandi of the advertising supported software that was being used as a conduit to infect computers with unwanted toolbars, home pages, search engines and the like.
Over the years some “bad actors” who installed adware and spyware on to computers without giving the computer owner sufficient choice or information about what the software is that is being installed have disappeared, and others have made a concerted effort to clean up their act. Disclosure practices have improved (and continue to improve) and users are being given an opportunity to say “no thank you” to bundled software.
As some risks have faded away, others have inevitably taken their place. Professional criminals have realized that there is a lot of money to be made from the millions of potential victims reachable via popular websites.
The rise of the professional cyber criminal has caused a fundamental change to the online threat landscape – the end-user is not the only victim anymore. Web sites and advertising networks are discovering that they are unwilling hosts to malvertizing (malicious advertising), fake video codecs that are really Trojans designed to steal financially sensitive information or turn your computer into a spam-bot or install fake security software, comments with malicious links and the like.
Nowadays it is not enough to simply detect and clean infections on a computer (much damage can be done between an infection occurring, and being detectable), and we won’t prevent infection simply by blocking email attachments and scanning for known viruses and Trojans. Reality is that new variants are being created so fast, and in such high volumes, that is impossible for any anti-virus product to be able to detect every malicious file that is in circulation. So, in an attempt to avoid as much undetectable bad stuff as possible, we have started to block access to known “bad” web sites, hacked web sites, and domains that are being used as distribution points. Several services have come into being that allow the internet community as a whole to “rate” web sites as good, or bad, or neutral, based on the site’s content and the downloads on offer as a way of warning other internet users.
As the use of web reputation services, black lists and block lists has become more common so has the problem how to get off a list once the original problem has been resolved, and what to do about false positives. I have seen for myself the frustration that owners of web sites feel when they try, sometimes without success, to get their web sites delisted. Sometimes they are only able to get their site delisted after an inordinate period of time has passed. The negative impact on a business can be substantial.
Haute Secure is very aware of the problems that web site owners have faced when trying to get their sites delisted and has put into place a comprehensive dispute resolution process. Also, in a step that may be unique to its service, Haute Secure ages out blacklisted URLs after a certain number of days (assuming no further malicious behaviour is detected).
As Haute Secure integrates with TRUSTe I will provide additional information on our dispute resolution process as it pertains to malware detection and URL blocking.