Ask Leo! #665 – How Can I Tell If a Website is Safe?

This week's featured article dives into one of the more important questions when it comes to online browsing: how can you tell if a website is safe? But then, what does it mean to be "safe"?

Also this week: recovering files, and recovering files -- one online in OneDrive, and the other on your disks.

Happy Anniversary (to me Smile)

It passed quietly this year, but last Thursday was the 14th anniversary of Ask Leo!. Thank for being part of it! I wrote a little more about it all on my personal blog.

How Can I Tell If a Website is Safe?

(skip)

How do I know if a site I'm about to visit is safe? Is there any software or service I can use? Is there some other technique?

The short answer is, there's no simple solution to this problem. There's no single service or tool you can rely on to keep you completely safe.

I understand that can be frustrating.

There are tools and techniques, including online tools, DNS blocking, web blocking, and browser blocking, but these solutions are inconsistent and incomplete. Generally, they can be used only to gather a little additional data to inform the ultimate safety tool: yourself.

What is “safe”?

There's no canonical list of what is and what is not safe.

One problem is that the word “safe” has different meanings depending on who you ask.

For some people, “safe” means no malware could be downloaded by visiting the site; for others, “safe” means there isn't any risqué humor present; for still others, it could mean that the site represents a company with which it's safe to do business. There are probably as many definitions of what it means to be “safe” as there are people answering the question.

I don't believe it's possible to get an absolutely safe/not-safe decision from any service or tool. At best, you'll get data to help you make that determination yourself, according to your own criteria.

Online tools

Online services that rate websites' credibility are one of my first stops when faced with an unknown or questionable link.

Web of Trust became quite controversial when it was discovered they were selling data collected by their toolbar. The solution is simple: uninstall their toolbar, or don't install it in the first place.

Their online service remains a valuable source of data. The information is “crowdsourced”: it's generated from internet users, not from some central authority. I'll talk more about this concept below.

Visit mywot.com, enter the URL of the site you're investigating into the search box at the top, and hit Return.

Web Of Trust

That will generate a report for the site in question. You can view the report for Ask Leo! (askleo.com) here. This will tell you if others have found the site to be safe and trustworthy, or not.

You do not need to register, sign in, or download the extension, even though it may be offered multiple times.1

Norton SafeWeb is a similar service from Symantec. Its web interface is perhaps a little cleaner, putting the search function front-and-center.

Norton Safeweb

Like Web of Trust, it's crowdsourced. Since it has somewhat less visibility than WOT, over the years its database of community-contributed ratings may not be quite as deep. Regardless, it's a valuable additional resource.

Crowdsourcing: good and bad

I stop just shy of formally recommending either of these services.

Let me be clear: there's value in the information that they provide. But there is a concern, and that's the crowdsourcing aspect of this information.

Anyone can post anything. That means these services can be abused, primarily in either of two ways:

  • Malicious sites can post positive reviews of themselves. They can hire people to post fake, glowing reviews to make themselves appear safe, when in fact they are not.
  • An individual who feels wronged by or disagrees with a site can also post a malicious or fake review, disparaging the site when in fact the site would be considered “safe” by most.

Both services have processes in place to minimize this activity, but like any spam filter, it's impossible to be 100% accurate.

That means you need to view all information on crowd-sourced review sites with a skeptical eye. It's not authoritative, but it can be additional data.

DNS Blocking

Whenever you access a website, page, or download, DNS looks up the mapping from the domain name — like “askleo.com” — to the IP address of the server where that domain is physically located — like 67.227.211.203. Since every domain you access goes through this look-up, it's an opportunity for the DNS service to block your ability to access domains known to be malicious.

Unfortunately most DNS services don't do that.

OpenDNS, now owned by Cisco, is a replacement for the DNS service provided by your ISP. OpenDNS was originally created to be a faster, independent DNS service, but they support malicious filtering as an option as well.

Changing DNS is best done at your router, though you can do it on each individual device as well. To use OpenDNS visit their setup guide to get started.

Web blocking

Many anti-malware scanners and security suites include malicious website detection as part of the service they provide. The quality and intrusiveness of this detection varies based on many things, including not only the specific security package you run, but the browser you use, as well as other aspects of your system. I don't have a specific recommendation.

The security package I generally do recommend — Windows' own built-in Windows Defender — does not include such a feature. However, Microsoft's browsers, Edge and Internet Explorer, have options to use “Windows Defender Smart Screen” to protect your system from malicious sites and downloads.

Windows Defender Smart Screen option

I don't have a sense for exactly how good these filters are, or what Microsoft's definition of “safe” or “malicious” might be. My guess would be that they're fairly conservative, since the repercussions of a false positive — erroneously flagging a good site as malicious — could cause a backlash against Microsoft, whereas accidentally allowing a malicious site through would seem to be today's norm.

Browser blocking

A final class of tools for assessing website safety are toolbars and add-ons to whatever browser you use.

Before Web of Trust lost my trust, I would have suggested installing their toolbar. It provided a nifty approach to accessing WOT data without having to visit their site. While there are other toolbars and browser add-ons that may perform similar functions, I don't have enough of a track record with any to make a suggestion — with one exception.

uBlock Origin is a browser plugin most people think of as a pop-up or ad blocker. It also blocks many malicious or questionable sites. I've been running it for a while and consider it a fine addition to the tool set.

But how can you tell if a website is safe?

Ultimately, you can't. Not with 100% certainty, anyway.

What I've listed here are several tools and techniques you can use to gather data, or perhaps at least avoid the most obviously malicious sites, but the risk remains.2

What I can say is this: give these tools and techniques a try, but take that information with a grain of salt. Use it as part of your own decision-making process. Read and understand the reviews, and see if they are fair and make sense. Know that your blocking solutions may not block every malicious site, and continue to view every link cautiously.

You are the ultimate safety net. One of the best things you can do as you surf the web is to be skeptical. Don't believe everything you read or every promise or offer made. If it sounds too good to be true, chances are it's not true. That goes for links people send you; it goes for the information people post on crowdsourced information sites; it even goes for what you read here on Ask Leo!

I'm guessing you already have a sense for what's good or bad. Use common sense; listen to your gut. Use tools like WOT or SafeWeb to gather additional data if you're not sure, or even just a plain old Google search for more information.

If it's not worth your time to do the extra checking, it's almost certainly not worth the risk of visiting an unfamiliar site.

I'm quite interested in additional techniques readers use to identify or avoid good or bad sites on the internet. Feel free to leave a comment about what you do to stay safe.

Notes

Previous versions of this article, as well as several of the comments below, reference McAfee Site Advisor. Similar to SafeWeb and WOT, it appears Site Advisor is no longer offered.

Related Links & Comments: How Can I Tell If a Website is Safe?
https://askleo.com/29503

The Ask Leo! Guide to Online Privacy

There's no avoiding the issue: privacy issues are scary, complex, and even somewhat mystifying.

The Ask Leo! Guide to Online Privacy tackles these topics in terms you can understand. The Ask Leo! Guide to Online Privacy will help you understand what's at risk, what steps to take, and what to do when you're not sure.

The Ask Leo! Guide to Online Privacy

Recover Deleted Files in OneDrive

You've deleted some files on your computer, and you've emptied the Recycle Bin.

Now you wish you hadn't deleted that one important file. Whoops.

On top of that, you did all this a few days ago, so data recovery tools are unlikely to work.

If you've been doing your work within your OneDrive folder, however, there is hope.

Continue Reading: Recover Deleted Files in OneDrive
https://askleo.com/29457

Recuva: a Free, Easy Undelete and File Recovery Tool

I keep a small collection of useful tools for various system-maintenance and troubleshooting tasks.

For the longest time, I didn't have a file undelete utility — not because there aren't good ones, but because I never really got comfortable with any of the ones I tried. I just wasn't comfortable recommending any.

Then I discovered Recuva. It's free, easy to use, from the same people that bring you CCleaner, and it's what I use myself when the need arises.

Continue Reading: Recuva: a Free, Easy Undelete and File Recovery Tool
https://askleo.com/3605

The Ask Leo! Tip of the Day

A feature exclusively available to Ask Leo! Patrons Bronze level & above.

More Ask Leo!

Become a Patron
Books - Business - Glossary
Facebook - YouTube - More..

Leo's Other Projects....

HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ' reminding us that people are good, that individuals and individual action matter. Stories - new and old - are published twice a week.

Not All News Is Bad - Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it.

leo.notenboom.org - My personal blog. Part writing exercise, part ranting platform, it's where I write about anything and everything and nothing at all.

Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at https://newsletter.askleo.com for their own FREE subscription!

Newsletter contents Copyright © 2017,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC

Posted: August 15, 2017 in: 2017
Shortlink: https://newsletter.askleo.com/7728
« Previous post:
Next post: »

New Here?

Let me suggest my collection of best and most important articles to get you started.

Of course I strongly recommend you search the site -- there's a ton of information just waiting for you.

Finally, if you just can't find what you're looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.



My Privacy Pledge

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.