Practical Computer Advice
from Martin Kadansky

Volume 7 Issue 10

October 2013

Web of Trust: Additional Protection From Malicious Web Sites

To read this issue on my web site, please visit:
http://kadansky.com/files/newsletters/2013/2013_10_29.html

The Problem
Whether you use a Windows computer or a Macintosh, there are many types of unsafe web sites on the internet, including:

Ones that try to infect your computer with a computer virus as soon as you land on them.
"Phishing" web sites that pretend to be legitimate and try to trick you into revealing your passwords, bank or credit card numbers, social security numbers, or other sensitive personal information.
Scam sites that try to draw you into a scheme to convince you to spend money for nonexistent, fraudulent, or substandard goods or services.

Protection tools like antivirus, antimalware, and firewall software can help block or remove infections, spam filters and anti-phishing software try to protect you from scams, but none of these are perfect. It's really difficult for a computer to prevent you from being tricked by someone with a clever pitch or presentation.

The same mechanisms that you use to find to safe and useful web sites (clicking a link in an email or a link on a web site, performing a Google search, etc.) can also lead you to unsafe ones. How can you tell them apart? Wouldn't it be great if you had a knowledgeable buddy at hand who could steer you away from known bad web sites and towards ones that have good reputations?

Web of Trust: A simple, visible tool that can help
While there is a growing infrastructure of technology that tries to address this problem behind the scenes, one very good visible tool is called Web of Trust. WOT is a combination of:

A global community of users who volunteer their time to rate web sites based on their real-life experiences, both good and bad, for everyone's mutual benefit,
A system for storing, organizing, and ranking those ratings, and
A small piece of free software you can install into your web browser that gives you access to those ratings as you visit web sites in real time.

Here's how it works:

As the millions of Web of Trust users around the world have good and bad experiences with web sites, many of them put their ratings and comments into the WOT system.
When the WOT system has enough credible ratings for a given site, that site's "scorecard" changes from gray (neutral) to green (good), yellow (warning), or red (bad).
You can tap into these ratings by going to http://www.mywot.com and clicking the "Download" link (scroll down to see it at the bottom left) and installing the free WOT add-on (a.k.a. plug-in or extension) for your web browser. You don't have to register for a free WOT account unless you want to contribute your own ratings and comments.
Then, for each web site you visit, in your browser's toolbar you'll see a circle with one of those 4 colors, corresponding to the overall reputation of that web site. (If you want to learn more you can "hover" your mouse cursor over a colored circle to get a little more information on that site's rating, and if you click you'll open the more detailed "scorecard.") In particular, if the web site has a red (bad) rating, WOT will overlay a big warning over the page so you can't visit that website without acknowledging its potential risk.
Also, when you search with Google, Startpage, Bing, DuckDuckGo, etc., each of the links in your search results will display its own separate colored circle, which lets you see the "reputation indicators" of those web sites at a glance, enabling you to steer clear of known malicious sites before you click them.
The protection that WOT gives you is, for the most part, conceptual, in that it displays the reputation of web sites you visit and search for, but it doesn't prevent you from doing anything if you really want to.

Ironically, as of this writing if you leave off the "my" portion of the WOT web address, you'll land on a web site from a different company (not Web of Trust) which has a very poor WOT reputation, so be careful to go to http://www.mywot.com instead.

Try out the WOT search page without installing the add-on
If you want to see Web of Trust in action without installing the add-on (or if you're using someone else's computer where you don't have permission to install it):

Go to http://search.mywot.com (be sure to include the "my" portion of the address), perform a search just like you'd do with Google, and you'll get search results enhanced with WOT's "reputation indicators" (colored circles) next to each link in the search results. "Hover" over a colored circle to see a brief rating summary for a site, or click to see that site's detailed "scorecard."

Additional information on WOT
Web of Trust is a very useful tool. I use it myself, and recommend it to clients on both Windows and Macintosh computers. Here are some additional things you should know:

If you use more than one web browser on your computer (Internet Explorer, Google Chrome, Mozilla Firefox, Apple Safari, etc.), then you will need to install the WOT add-on into each of those browsers separately.
Except in very rare circumstances, WOT shouldn't slow down the loading of your web pages.
The WOT ratings are drawn from the opinions of registered users combined with other trusted sources, plus special algorithms that prevent users from abusing the system. This means that the opinion of someone who rates a wide variety of web sites (both good and bad) over a longer period of time is taken more seriously than that of someone who only rates a few web sites within a short period of time.
WOT does not replace antivirus, antimalware, firewall, or other software. It offers good additional protection, so it's a good complement to standard security software.
If you want to contribute your opinions and experiences to the WOT system, both good and bad, you can register for a free account, but it's not required to benefit from the protection it offers.
WOT may not warn you about newly created malicious web sites, since it can take time before such sites are noticed and rated.
If your browser has been "hijacked" (modified by an infection, typically bringing you to a fake search page), having WOT installed can alert you to this a lot sooner than you might notice on your own, since hijacking is usually designed to bring you to unsafe web sites.
If you own (or manage) a web site for your business, your employer, your personal use, etc., you can "verify your website," which connects your registered WOT account to your web site. This enables you as the site owner to respond to WOT comments on your web site, and also request a free "site review" to get ratings and feedback from WOT's active users.
The toolbar in the Safari web browser uses a gray color palette which cannot show WOT's colors for the web site you currently have open, so instead WOT uses grey circles with a checkmark for "good," an exclamation mark for "warning" or "bad," and a question-mark for "unrated." However, Google searches in Safari display WOT's colored circles normally. See http://www.mywot.com/en/blog/259-attention-safari-users-wot-is-available-for-you-too for more information.
WOT doesn't directly support mobile devices like iPads, iPhones, Androids, etc., but there are a few ways you can use WOT on those devices. See http://www.mywot.com/wiki/WOT_Mobile for more on this.

How to test that WOT is active
Here are the simplest ways to confirm that WOT is working in your web browser:

Look for the colored or gray circle in the toolbar at the top of the window.
In a Google search, look for the colored circles next to each link in the search results.
If you only see sites with a "green" (good) rating and are curious to see ones with "yellow" (warning) or "red" (bad) ratings, try a Google search for "warez" or "registry cleaner" - These often bring up a variety of web sites, including malicious ones, so be careful!

Conclusion

Tricking you into visiting a malicious web site is an increasingly common technique for infections, phishing, scams, and other unsafe online experiences. Web of Trust (WOT) is a very good tool to help you recognize when that may be happening, but it's up to you to notice the WOT indicators and act accordingly.
WOT is easy to install and use at a glance, and it also has interesting depth of information, including user comments and levels of "confidence" for the ratings.
WOT isn't perfect. New unsafe web sites may not have enough ratings to accurately warn you away or reassure you they're ok, and some people may rate a site as "bad" because they are unhappy with its content, not because it's technically unsafe.

Where to go from here

http://www.mywot.com/en/support - How Web of Trust works, frequently-asked questions, and more
http://www.mywot.com/en/guidelines/site-owners - Website owner guidelines
http://en.wikipedia.org/wiki/WOT_Services - More about WOT
http://en.wikipedia.org/wiki/Website_Reputation_Ratings - A list of services similar to WOT
http://en.wikipedia.org/wiki/Crowdsourcing - The concept of enlisting a large group of people to share in a project for everyone's mutual benefit
http://en.wikipedia.org/wiki/Drive-by_installation - More about one type of malicious web site
Norton Safe Web (http://safeweb.norton.com), McAfee SiteAdvisor (http://www.siteadvisor.com), and AVG LinkScanner (http://linkscanner.avg.com) are similar to WOT. See http://www.techairlines.com/wot-vs-siteadvisor-vs-safeweb for a comparison between WOT, SafeWeb, and SiteAdvisor.

How to contact me:
email: [email protected]
phone: (617) 484-6657
web: http://www.kadansky.com

On a regular basis I write about real issues faced by typical computer users. To subscribe to this newsletter, please send an email to [email protected] and I'll add you to the list, or visit http://www.kadansky.com/newsletter

Did you miss a previous issue? You can find it in my newsletter archive: http://www.kadansky.com/newsletter

Your privacy is important to me. I do not share my newsletter mailing list with anyone else, nor do I rent it out.

Copyright (C) 2013 Kadansky Consulting, Inc. All rights reserved.

I love helping people learn how to use their computers better! Like a "computer driving instructor," I work 1-on-1 with small business owners and individuals to help them find a more productive and successful relationship with their computers and other high-tech gadgets.