How to spot dangerous links before you click them

Internet crooks are adept at breaching Web security techniques, which makes it more important than ever for people to verify sites before they visit them.

Dennis O'Reilly Former CNET contributor
Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.
Dennis O'Reilly
4 min read

You probably got to this page by clicking a link. Links are the ties that bind the Web. But each click is also a leap of faith. How do you know you're going to the page you think you're going to?

Google search results let you preview pages before you follow the link, but elsewhere the best you can do is hover over the link to see at the bottom of the browser the URL of the page the link will open. (See below for more on free browser add-ons that rate the security of links in search results.)

Since 1994 a Certificate Authority based on the Secure Sockets Layer (SSL) standard has managed the validation of Web sites. Several private companies sell various levels of certificates to organizations that own domain names and host Web servers.

According to the recently released Volume 17 of Symantec's Internet Security Threat Report, on at least 10 occasions in 2011 an SSL certificate authority came under attack by Internet criminals.

One of the handful of successful attacks targeted a Comodo affiliate that had been granted authority to issue SSL certificates. The bad guys had stolen a user name and password. Elinor Mills and Declan McCullogh describe the attack in the Privacy, Inc. blog.

SSL implementation survey gives sites low grades for security
Last week more questions arose about SSL's ability to secure Web transactions. The Trustworthy Internet Movement's SSL Implementation survey of 200,000 popular SSL-secured Web sites found that only 10 percent of the sites were safe.

The organization's SSL Pulse page includes a link to SSL Labs' free service for testing a site's SSL security. Simply enter a domain name to run it through the labs' SSL Server Test.

SSL Labs site-testing results
SSL Labs' domain-name checker gives sites an overall letter grade and rates their SSL security in various categories. screenshot by Dennis O'Reilly/CNET

There's nothing new about SSL vulnerabilities, which have been reported regularly by researchers since at least 2003. After nearly two decades and despite all the criticism, SSL has proven itself secure enough to protect nearly all online purchases and other sensitive Internet transactions. At least so far.

Browser add-ons add a safety rating to links
Unless you're a network manager, there's not much you can do to ensure that the sites you visit are secure. One way to lower the risk is to be warned about a potentially insecure site before you click the link that opens it.

My favorite link authenticator is the free Web of Trust (WOT), which is available for Firefox and Google Chrome. WOT adds a green-yellow-red rating to links in Web search results and to the top of each page you visit.

When you install WOT the program asks you to choose one of three settings: Basic (recommended), Light, and Parental Control, which blocks adult sites.

Web of Trust protection settings
The Web of Trust add-on for Firefox and Google Chrome lets you choose one of three presets, one of which automatically blocks adult sites. screenshot by Dennis O'Reilly/CNET

(I first wrote about WOT in a post from 2009 that also described McAfee's free SiteAdvisor and the LinkExtend add-ons for Firefox, as well as several other security extensions for the browser.)

The Tech Support Alert site describes several services that let you copy and paste a link into a text field and search the URL in databases of known dangerous domains. The downside of these services is the extra time required to run Web addresses you're leery about through the checkers.

Personal sites and blogs most likely to be infected
Conventional wisdom says malware lurks in the seamy regions of the Web. Certain to be one of the most-discussed findings of Symantec's latest Internet Security Threat Report is that pornographic sites are less likely to be infected than any of the 10 categories of sites in the survey.

Only 2.4 percent of adult sites scanned by Symantec were infected, the lowest infection rate of the 10 site categories, which include shopping (7.7 percent), education/reference (6.8 percent), entertainment and music (3.8 percent) and automotive (also 3.8 percent).

Be careful when you visit your brother-in-law's site highlighting his collection of 19th century beer bottles, though: nearly 20 percent of blogs and more than 15 percent of personal sites had malware, according to the report.

When it comes to browser plug-in vulnerabilities, ActiveX continues to be the most likely source of a Web-borne infection, accounting for 29 percent of the 308 vulnerabilities Symantec detected in 2011. That's a decrease from the 34 percent of the 346 plug-in vulnerabilities detected in 2010.

Java vulnerabilities accounted for 20 percent of the total recorded in 2011, up from 17 percent the year earlier. Likewise, Adobe Flash vulnerabilities represented 20 percent of the total number of browser plug-in vulnerabilities in 2011, a 2 percent increase from 2010.

As for the future, Symantec anticipates an increase in targeted attacks and advanced persistent threats, as well as malware authors using Facebook to take advantage of the lack of tech savvy among the service's users.

All the security software in the world will never take the place of a healthy dose of skepticism regarding the safety of any site. Whatever the address bar may say, if you get a bad feeling about the page you're on, close your browser (not just the suspicious tab).

And while we're talking paranoia, when was the last time you ran a full manual scan on your PC? (I'll leave Macs out of it... for now.)