The “safe search” solutions offered by security vendors such as Norton and McAfee don’t provide adequate protection, according to an executive at security firm AVG.

The idea of safe search is to protect Internet users when they’re conducting online searches by flagging  black listed sites that contain malware before the user clicks through to them.

Speaking at the recent Influence Forum 2008, AVG Australian and New Zealand marketing manager, Llyod Borrett, said the black list approach used by security companies such as Norton and McAfee simply doesn’t provide adequate protection.

“Blacklists don’t work; blacklists can’t work, the threats are too transient,” said Borrett.

Borrett explained that hackers were often very devious, and only placed malware on websites at certain times to avoid detection. Alternatively they set up disposable domains that they only used for short periods of time.

“This makes the back list, the solution used by the rest of the industry, a real no go,” said Borrett.

However Symantec has rejected Borrett’s assertions, arguing that its Norton Safe Web, which is currently in beta, does in fact provide up-to-date protection.

“Our goal for Norton Safe Web is to provide users with the most up-to-date and accurate Web site ratings of any offering on the market,” said Rowan Trollope, Senior Vice President of Consumer Products.

“We can do this by leveraging the millions of members of Norton Community Watch — a ‘Neighbourhood Watch’ program that relies on the eyes and ears of the Norton user base to detect and report trouble. This trusted information helps us deliver rapid, precise analysis of the safety and security of Web sites.”

While Borrett conceded that AVG does use black list technology for the Safe Search function offered by its products (the company tried to introduce real-time Safe Search with expected consequences), its “Safe Surf” technology does use real time scanning. 

With Safe Surf a site is scanned in real time when a user clicks on a link, and the user is warned about sites found to be containing malware.

“Real time protection is the only way that users can be sure that the sites they’re visiting are safe,” said Borrett.

However, a Senior Technical Product Manager at Symantec, Chandrasekhar Cidambi, cast doubt on this approach.

“Real-time scanning for rating of web sites has a number of challenges,” said Cidambi.

“It’s not possible to do thorough analysis of the web page in real-time and it’s not possible to identify malicious downloads. There’s also a performance Impact during browsing for users.”

Related:

Entry was posted on Thursday, September 25th, 2008 at 5:15 pm under Antivirus, Internet, Scams, Security.

Read more entries by John Pospisil.
Stumble It!