Badware hunters tame wild Webmasters, hosts

Paypal and VeriSign throw their support behind the StopBadware project, which has so far netted a list of over 600,000 suspect apps

If hijacked sites and hosting companies that fail to police malware distribution sources represent two of the most serious threats to Internet security, there may be hope for improvement, according to researchers working with Harvard Law School's StopBadware.org.

After publishing a list of rogue Web site hosting companies and launching a campaign to label every malicious site they can find on the Internet, an effort that has filtered out over 600,000 nefarious applications thus far, the StopBadware team says that people are responding.

The project currently counts less than 250,000 Web sites that it classifies as distributors of programs that qualify as badware -- any application that either tries to hide itself or any of its intentions, based on the parameters of the effort. StopBadware also announced that Internet mainstays Paypal and VeriSign have joined its influential cast of sponsors, which includes Google.

By inserting warnings into Google's search results that steer end-users away from malware and adware sources, while communicating with those responsible for creating or handing out the suspicious programs, progress is being made, according to StopBadware's lead researchers.

"The interstitials delivered with Google search results are working, and we've been able to communicate with a lot of Webmasters. It's having a neighborhood effect," said Prof. John Palfrey, executive director of Harvard Law School's Berkman Center for the Internet and Society. "We're reaching out to hosting companies and Webmasters and filtering the complaints where it seems useful, and we've seen many people change their behavior."

In addition to all the people who have no idea that their sites are being used to pass out malicious programs and those who misunderstand the nature of the applications they're distributing, StopBadware researchers say that even those who create many of the programs are engaging in the give and take.

For those who can be reached, the debate over whether or not a particular program qualifies as badware typically can be resolved, with very few of those who agree to modify their applications going on to repeat their behavior, said Jason Callina, one of the StopBadware researchers.

"We're seeing a low recurrence of people coming back on the lists once we've gone through the testing and communications process. People are actually helping each other move off the lists," Callina said. "When there's ever any serious disagreement, it's always an argument of our definition of spyware versus theirs."

Most Webmasters complain about the interstitials on Google -- which they are notified of 24 hours in advance and given the opportunity to appeal. But the immediate drop in search-driven traffic that the warnings produce quickly convinces people to either take any questionable applications offline or kill their sites altogether, Callina said.

Meanwhile, StopBadware's list of hosting companies responsible for supporting the largest number of malware sites resulted in at least one leading culprit -- iPower Technologies -- changing its ways, while two others have disappeared completely. Others have also begun to modify their behavior, Palfrey said.

"The best measure of our success is when any of these companies change their business process and we're seeing them adjusting," said Palfrey. "At the same time, we're trying to enable end users to make better choices with their using habits."

So many of the people who end up on StopBadware's list need help understanding what it is that they're doing wrong that the team feels its ability to mete out advice is being overwhelmed, he said.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?