Risk
5/6/2008
02:37 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Yahoo Partners With McAfee To Make Search More Secure

The collaboration covers Web site security issues, such as identifying sites associated with adware, malware, spyware, phishing, and spam.

Following Google's lead, Yahoo is moving to make its search engine safer.

Yahoo and McAfee on Tuesday announced a partnership to integrate McAfee's SiteAdvisor technology with Yahoo Search. SiteAdvisor tracks Web site security issues, identifying sites associated with adware, malware, spyware, phishing, and spam.

The new SearchScan feature in Yahoo Search is a manifestation of the partnership. It provides red warning messages about the risks posed by Web sites that appear in Yahoo Search results lists.

Google began flagging risky search results in February 2007.

"Searching on the Web can present a minefield of spyware, malware, and other malicious sites that can cause serious harm to your PC and cost you valuable time and money," said Vish Makhijani, senior VP and general manager of Yahoo Search, in a blog post. "We are taking steps to make you feel safe when searching the Web -- warning you about dangerous sites before you click on them."

According to Makhijani, "No other search engine today offers you this level of warning before visiting sites. Period."

Citing a March 2008 survey conducted by marketing research services provider Decipher, Yahoo and McAfee claim that 65% of Americans online are more worried about clicking unsecured search listings than the threat of neighborhood crime, getting one's wallet stolen, or e-mail scams. Unfortunately, Decipher hasn't posted this survey online, making it harder to divine why so many people supposedly prefer being pistol-whipped and robbed to a malware infection.

Tim Dowling, VP of McAfee's Web security group, said that SearchScan tests for browser exploits, so it will detect sites where malware is delivered through online ads.

According to a Google security report published in February, 2% of malicious Web sites were delivering malware via advertising. Because ads tend to be placed on popular sites, searchers encounter them more often than their general prevalence suggests. "On average, 12% of the overall search results that returned landing pages were associated with malicious content due to unsafe ads," the report said.

Flagging such sites, however, is not without problems. Web sites penalized by McAfee's scarlet letter may see a drop in visitors despite the possibility that the fault may lie with the security of the site's ad syndication network rather than with the hosting site itself. Still, fear of such stigma may make site owners demand better security at ad networks, which would improve Internet safety for everyone.

It's something of a surprise to find Yahoo striking a deal with McAfee given that McAfee in May 2007 fingered Yahoo as the search engine with the greatest percentage of risky search results (5.4%). But perhaps having partnered with McAfee, Yahoo will fare better in McAfee's forthcoming 2008 State of Search Engine Safety survey.

Asked whether Yahoo's new relationship with McAfee represents a conflict of interest that might affect the search engine's ranking in McAfee's upcoming survey, Dowling replied, "It's hard to say whether there's a real conflict of interest. It's a pretty quantitative study." He added that due to Yahoo's commitment to cleaner search results, "I would expect Yahoo to be the safest search engine, or one of them."

Dowling said McAfee was running a bit behind in compiling the data for its 2008 search safety survey but did provide a preview: Sponsored search results are twice as likely to link to malicious sites as organic search results, he said. "The bad guys try to look good and Internet advertising is a way they can buy their way into a higher search result position," he said.

Dowling also said that search engines collectively serve 8 billion risky sites per month worldwide.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.