by Laura Yecies
With hackers increasingly sneaking their malicious Web
sites in search results, search engines are seeking ways to counsel you before
you accidentally click a bad link. For example, Yahoo recently announced a deal
to integrate McAfee SiteAdvisor to warn you of possibly nefarious sites.
We’re glad to see Yahoo taking this threat seriously, and a little
advanced notice is certainly helpful. But what if you make a mistake? What if,
despite a warning (or a lack thereof), you still choose to surf to a
malware-infested Web site? Or what if the site is legit but it’s been
hacked? (See the Warren County example below).
You still want to be protected, right?
While the SiteAdvisor announcement is a positive step,
it’s unreasonable to think that a warning is sufficient. It’s like
mom repeatedly warning you against the perils of riding your bike after
dark…you probably would have been better off if she’d just given
you a flashlight. And what about those perils that can’t be detected in
advance, or false-positives?
The idea of proactive protection, longtime a mantra of ZA
developers, was one of the main reasons we anchored the new ZoneAlarm
ForceField with virtualization technology. If you make a mistake, you’re
safe because your surfing session is compartmentalized away from the rest of
your PC. The malware thinks it’s infecting your PC, but it’s kept
in a bubble. To take it a step further, even if you invite a bad program onto your PC (say a hacker has cleverly
hidden a virus into a free game program), ForceField can still catch it with a
dangerous download detector. ForceField continues where other solutions stop.
That protection goes way beyond advice or warnings. It
enables you to surf the Web freely and without inhibition. Because whether a
site is clean, malicious, or legitimate-but-hacked, you’re safe.
So why are hackers targeting search engines? I think there
are several reasons, but one big one is trust. We (users) inherently trust that
search results only contain legitimate sites. But with billions and billions of
pages on the Web, there currently is no easy way to ensure that every site is
clean. Or even that most sites are clean.
Hackers have also been fairly well stymied by many of the
old malware delivery techniques. Anti-virus and anti-spam technologies have
combined to reduce the desirability of e-mail based attacks. Firewalls
(especially the ZA two-way firewall and OS Firewall) protect your raw
connection to the Internet and monitor the security of your programs, managing
the communications to and from your PC and between programs to detect stealth
The new frontier is the Web…and what are the main
portals to the Web? Search engines. Hackers know this, and they’ve even
studied up on search engine optimization techniques to improve their chances of
snagging you in their net. But as this threat continues to evolve, we’ll
continue to develop ForceField to protect you against new tricks on the Web.
More coming soon…