What’s Safe?

Another example of why you can’t really trust software to tell you whether a website is dangerous or not. The Register reports that a Trusted search software labels fraud site as ‘safe’:  

Digital certificate firm GeoTrust’s launch of a search engine with built in trust features this week has been marred by the classification of a phishing site as genuine. Powered by Ask Jeeves, GeoTrust TrustWatch search aims to protect users against fraudulent behaviour and phishing attacks by giving web sites a verification rating. It’s a laudable aim, but the classification of a recently created phishing site as “verified as safe” raises serious doubts about the effectiveness of the technology. Such incorrect classifications create a false sense of security that can only play into the hands of would-be fraudsters.

As I’ve explained elsewhere, it’s more dangerous to offer a service that claims to warn you about phishing–related and other dodgy websites if you can’t guarantee 100% success, as it merely lulls a user into a false sense of security. Another reason why these things won’t work is the false positive, which EarthLink found to its (temporary) cost.

Disclaimer

All opinions are my own, and not necessarily those of Thomson Reuters.

Reference

Categories

RSS loose wire blog