Web sites that feature the TRUSTe security Relevant Products/Services certificate are two times more likely to contain badware than Web sites without any security certification, spyware and adware researcher Ben Edelman alleges in a new report.
Among others, adware providers Direct-revenue and Webhancer are using TRUSTe certificates in an attempt to look more trustworthy than they really are, Edelman claimed. Direct-revenue is facing legal action from the New York Attorney General for its adware software. Edelman alleged that Webhancer often is installed without the user's consent.
TRUSTe is a so-called certification authority, an independent organization that issues security certificates to Web sites. These certificates indicate that service adheres to certain privacy guidelines, allowing users to verify that they are on the Web site that they intended to visit.
The independent certificate authorities perform a background check to verify the identity of the Web site's operator and ensure compliance with the privacy standards. Web sites that meet the organization's criteria are allowed to display the TRUSTe logo on their Web site.
The perceived trustworthiness of a certified Web site makes such certificates an attractive target for Web sites pushing malware Relevant Products/Services and adware.
In his study, Edelman compared TRUSTe certified Web sites with a list of known malware sites from McAfee's Siteadvisor product, a service that black-lists Web sites containing spyware, spam, viruses and online scams.
Using a base sample of a 500,000 Web sites, Edelman determined the number of sites have TRUSTe certification and cross-checked those against the McAfee list. Edelman found that 5.4 per cent of the TRUSTe sites were considered untrustworthy. Only 2.5 per cent of the sites from the base sample were blacklisted in Siteadvisor.
Edelman alleges that TRUSTe has no incentive to properly verify compliance with privacy standards.
Tuesday, December 26, 2006
Subscribe to:
Posts (Atom)