Risk
5/6/2008
02:37 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Yahoo Partners With McAfee To Make Search More Secure

The collaboration covers Web site security issues, such as identifying sites associated with adware, malware, spyware, phishing, and spam.

Following Google's lead, Yahoo is moving to make its search engine safer.

Yahoo and McAfee on Tuesday announced a partnership to integrate McAfee's SiteAdvisor technology with Yahoo Search. SiteAdvisor tracks Web site security issues, identifying sites associated with adware, malware, spyware, phishing, and spam.

The new SearchScan feature in Yahoo Search is a manifestation of the partnership. It provides red warning messages about the risks posed by Web sites that appear in Yahoo Search results lists.

Google began flagging risky search results in February 2007.

"Searching on the Web can present a minefield of spyware, malware, and other malicious sites that can cause serious harm to your PC and cost you valuable time and money," said Vish Makhijani, senior VP and general manager of Yahoo Search, in a blog post. "We are taking steps to make you feel safe when searching the Web -- warning you about dangerous sites before you click on them."

According to Makhijani, "No other search engine today offers you this level of warning before visiting sites. Period."

Citing a March 2008 survey conducted by marketing research services provider Decipher, Yahoo and McAfee claim that 65% of Americans online are more worried about clicking unsecured search listings than the threat of neighborhood crime, getting one's wallet stolen, or e-mail scams. Unfortunately, Decipher hasn't posted this survey online, making it harder to divine why so many people supposedly prefer being pistol-whipped and robbed to a malware infection.

Tim Dowling, VP of McAfee's Web security group, said that SearchScan tests for browser exploits, so it will detect sites where malware is delivered through online ads.

According to a Google security report published in February, 2% of malicious Web sites were delivering malware via advertising. Because ads tend to be placed on popular sites, searchers encounter them more often than their general prevalence suggests. "On average, 12% of the overall search results that returned landing pages were associated with malicious content due to unsafe ads," the report said.

Flagging such sites, however, is not without problems. Web sites penalized by McAfee's scarlet letter may see a drop in visitors despite the possibility that the fault may lie with the security of the site's ad syndication network rather than with the hosting site itself. Still, fear of such stigma may make site owners demand better security at ad networks, which would improve Internet safety for everyone.

It's something of a surprise to find Yahoo striking a deal with McAfee given that McAfee in May 2007 fingered Yahoo as the search engine with the greatest percentage of risky search results (5.4%). But perhaps having partnered with McAfee, Yahoo will fare better in McAfee's forthcoming 2008 State of Search Engine Safety survey.

Asked whether Yahoo's new relationship with McAfee represents a conflict of interest that might affect the search engine's ranking in McAfee's upcoming survey, Dowling replied, "It's hard to say whether there's a real conflict of interest. It's a pretty quantitative study." He added that due to Yahoo's commitment to cleaner search results, "I would expect Yahoo to be the safest search engine, or one of them."

Dowling said McAfee was running a bit behind in compiling the data for its 2008 search safety survey but did provide a preview: Sponsored search results are twice as likely to link to malicious sites as organic search results, he said. "The bad guys try to look good and Internet advertising is a way they can buy their way into a higher search result position," he said.

Dowling also said that search engines collectively serve 8 billion risky sites per month worldwide.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.