Am using McAfee's SiteAdvisor which seems to give mixed results and was wondering how it compares to Linkscanner Lite which I have heard is considered to be rather good. Am not wishing to start a straight fight between products but rather soliciting views as to the merits of each...not a direct comparision of one vs. the other.:blink:

I hope to be able to decide for myself by comparing the relayove merits of each and testing Linkscanner Lite as well;D

Thanks in advance.

Hi BaldRick,

Linkscanner is an excellent product, I'm only familiar with the paid version. The paid version scans the sight real time, before rendering its opinion. Also the malware protection is great, taking the hit before your other defenses, have a chance to know what's going on. Support is excellent, last time I used Link, they had a problem with Comodo FW, the NOD32 issue i believe has been resolved.

Take Care
Rico

-{ Quote: "Am using McAfee's SiteAdvisor which seems to give mixed results and was wondering how it compares to Linkscanner Lite which I have heard is considered to be rather good. Am not wishing to start a straight fight between products but rather soliciting views as to the merits of each...not a direct comparision of one vs. the other.:blink:

I hope to be able to decide for myself by comparing the relayove merits of each and testing Linkscanner Lite as well;D

Thanks in advance." }-

You can actually run them both at the same time- one for a current, content analysis and the other for a historical analysis.

Would make good testing thanks.

-{ Quote: "Am using McAfee's SiteAdvisor which seems to give mixed results and was wondering how it compares to Linkscanner Lite which I have heard is considered to be rather good. Am not wishing to start a straight fight between products but rather soliciting views as to the merits of each...not a direct comparision of one vs. the other.:blink:

I hope to be able to decide for myself by comparing the relayove merits of each and testing Linkscanner Lite as well;D

Thanks in advance." }-

Hi Baldrick,

Now, admittedly I'm a little biased but I think LinkScanner is much stronger than SiteAdvisor. (lol)

The whole thing about web-based exploits is their transience. Anything historically based is always too slow to realize something's been hacked, and then too slow to realize something's been cleaned.

Take, for example, k1-usa.net. This is a mixed-martial arts website, and used to be the number 1 organic link that came up when you googled for k1. It was briefly hacked in April 2007, and was serving exploits from some ip on RBN (Russian Business Network). Neither SiteAdvisor nor google (StopBadware) knew about it at the time (although we did, and told the k1-usa guys about it in fact), and it was cleaned up a week or two later.

In the mean time, however, StopBadWare had found out about it, and now it seems to be permanently besmirched in google. It has slipped from the number 1 spot to about number 8, and you cannot get to it from a google search link ... you have to cut and paste the URL.

And if you put it into SiteAdvisor, it says it's never rated the site, and knows nothing about it.

Now, if you're patched, none of these sites can bite you anyway, but it's nice to know which ones would try.

The single biggest trend that I see as we watch this stuff is transience... the Storm botnet for example is incredibly transient. Another example are the groups whose business model is to buy really cheap .cn websites and work from there. They know they'll be shut down fairly quickly, but they don't care.
Another example are the groups who like to hack into webfarms, and infect all the sites there in one hit. (We made a video about that at youtube if you're interested http://www.youtube.com/watch?v=G_jh8lHb49w ). I could go on and on...

Btw, LinkScanner Pro, although not free, is really much better than Lite. Lite can only follow links to a given depth, or it would take too long. And exploits served from banner ads (increasingly common) tend to come up in rotation... not every time. Lite will miss those, but not Pro.

Cheers

Roger

CTO
LinkScanner.com

Dear All

Many thanks for your thoughts and advice. All very interesting & useful. ;D

I will certainly give Lite a try and see what it can do for me. :D

Not sure about running both SiteAdvsor and Lite. :blink:

Have also spotted TrendProtect and may well try this as it also appears to be interesting...but more like SiteAdvsor than Lite. ???

That reminds me.....isnt there something that analyses a link with a right click to tell you if its malware.....useful for links from one site to another

-{ Quote: "That reminds me.....isnt there something that analyses a link with a right click to tell you if its malware.....useful for links from one site to another" }-
Dr.Web link checkers (http://www.freedrweb.com/browser/)?

-{ Quote: "That reminds me.....isnt there something that analyses a link with a right click to tell you if its malware.....useful for links from one site to another" }-

Well, LinkScanner Lite (as well as Pro) does that.

Cheers

Roger

-{ Quote: "Hi Baldrick,

Now, admittedly I'm a little biased but I think LinkScanner is much stronger than SiteAdvisor. (lol)

The whole thing about web-based exploits is their transience. Anything historically based is always too slow to realize something's been hacked, and then too slow to realize something's been cleaned.

Take, for example, k1-usa.net. This is a mixed-martial arts website, and used to be the number 1 organic link that came up when you googled for k1. It was briefly hacked in April 2007, and was serving exploits from some ip on RBN (Russian Business Network). Neither SiteAdvisor nor google (StopBadware) knew about it at the time (although we did, and told the k1-usa guys about it in fact), and it was cleaned up a week or two later.

In the mean time, however, StopBadWare had found out about it, and now it seems to be permanently besmirched in google. It has slipped from the number 1 spot to about number 8, and you cannot get to it from a google search link ... you have to cut and paste the URL.

And if you put it into SiteAdvisor, it says it's never rated the site, and knows nothing about it.

Now, if you're patched, none of these sites can bite you anyway, but it's nice to know which ones would try.

The single biggest trend that I see as we watch this stuff is transience... the Storm botnet for example is incredibly transient. Another example are the groups whose business model is to buy really cheap .cn websites and work from there. They know they'll be shut down fairly quickly, but they don't care.
Another example are the groups who like to hack into webfarms, and infect all the sites there in one hit. (We made a video about that at youtube if you're interested http://www.youtube.com/watch?v=G_jh8lHb49w ). I could go on and on...

Btw, LinkScanner Pro, although not free, is really much better than Lite. Lite can only follow links to a given depth, or it would take too long. And exploits served from banner ads (increasingly common) tend to come up in rotation... not every time. Lite will miss those, but not Pro.

Cheers

Roger

CTO
LinkScanner.com" }-

Hi Roger

Am a trying at the moment and am impressed with the Pro version (thought I would give your 15 day trial a whirls based on what you said in your post). Has to get past the wife as she is the one who surfs most and is very demanding in terms of (i) speed and (ii) not being disturbed during her surfing. So far I dedect only a very slight degredation in surfing speed (but then my PC is rather old)...but the jury is currently out. Fingers crossed the product passes, eh?

BTW, do you do multiple site licences or does one have to purchase 2 individual licences if I wanted to proect both my and my daughter's laptop?

Regards;)

-{ Quote: "Hi Roger

Am a trying at the moment and am impressed with the Pro version (thought I would give your 15 day trial a whirls based on what you said in your post). Has to get past the wife as she is the one who surfs most and is very demanding in terms of (i) speed and (ii) not being disturbed during her surfing. So far I dedect only a very slight degredation in surfing speed (but then my PC is rather old)...but the jury is currently out. Fingers crossed the product passes, eh?

BTW, do you do multiple site licences or does one have to purchase 2 individual licences if I wanted to proect both my and my daughter's laptop?

Regards;)" }-

Hi Baldrick,

I'm pleased everything is going well. :-) I purely do the research piece, so I'm not sure but there are usually bundled deals if you look the website. Let me know if you can't find something suitable.

Cheers

Roger

Thanks. I will bear this in mind and post back if I don't find what I am looking for (as and when I get the pass from the boss, heehee).;)

-{ Quote: "Thanks. I will bear this in mind and post back if I don't find what I am looking for (as and when I get the pass from the boss, heehee).;)" }-

:-)

Cheers

-{ Quote: "

last time I used Link, they had a problem with Comodo FW,

" }-

Can anyone confirm this, because I would like to test LS Lite out but I obviously do not want it to conflict with Comodo.

-{ Quote: "Can anyone confirm this, because I would like to test LS Lite out but I obviously do not want it to conflict with Comodo." }-

I just gave it a whirl tonight... worked fine for me.

Roger

LS Lite is less likely to cause problems with security software than LS Pro because it doesn't install a LSP to intercept network traffic.

-{ Quote: "LS Lite is less likely to cause problems with security software than LS Pro because it doesn't install a LSP to intercept network traffic." }-

That's correct. LSPro sees more, though, because (1) Lite can only look so far ahead or it's too slow (a future release will probably allow power users to control the depth of the crawl) and (2) some bad things are simply dynamic, such as exploits from rotated banner ads.

Cheers

Roger

Hello Roger,
What other features are you planning for LS Lite?
Thanks in advance.

-{ Quote: "Hello Roger,
What other features are you planning for LS Lite?
Thanks in advance." }-

Hi Lucas,

I can't say too much really, but the general direction in which we';re heading is more subtle analysis of pages... not just exploits but more and more social engineering.

Feature requests are always welcome, of course.

Cheers

Roger

-{ Quote: "
I can't say too much really, but the general direction in which we';re heading is more subtle analysis of pages... not just exploits but more and more social engineering." }-
Sounds like a hard challenge. Trying to detect social engineering attempts looks really difficult.
-{ Quote: "Feature requests are always welcome, of course." }-
Opera support comes to my mind ATM. Also, I like how TrendProtect places the warnings.
Thanks for your answer :)

-{ Quote: "Hi Lucas,

I can't say too much really, but the general direction in which we';re heading is more subtle analysis of pages... not just exploits but more and more social engineering.

Feature requests are always welcome, of course.

Cheers

Roger" }-

Still evaluating and looking good!

I think that the option to be able to clear the contents of 'Exploits Prevented' & 'Sites Blocked' panels would be useful.

Also, I am not sure how the application is updated; whether this is automatically like the malware definitions or but the download and manual installation of the new version. If the latter then an automatica application update feature might be useful?

Finally, what about expanding the capabilities by including detailed testing for spam potential, phishing sites and malicious downloads as options that can be enabled/disabled by the user via the Settings panel? Assuming that they would not slow down the application. Just a thought that may be counter to the direction you want to take the product in...but a thought nonetheless.

working very well here with the new nod32 av RC1. Mine has so far found 8 exploits, 5 of which were Invisible Iframe launchers, and the other two were windows metafile with known payloads. This was especially good as I was not here at the time and another family member was using the computer, so its reassuring to know that the computer is watched when I am away.

Rollers

-{ Quote: "Sounds like a hard challenge. Trying to detect social engineering attempts looks really difficult.

Opera support comes to my mind ATM. Also, I like how TrendProtect places the warnings.
Thanks for your answer :)" }-

Good thoughts.... thanks!

Roger

-{ Quote: "Still evaluating and looking good!

I think that the option to be able to clear the contents of 'Exploits Prevented' & 'Sites Blocked' panels would be useful.

Also, I am not sure how the application is updated; whether this is automatically like the malware definitions or but the download and manual installation of the new version. If the latter then an automatica application update feature might be useful?

Finally, what about expanding the capabilities by including detailed testing for spam potential, phishing sites and malicious downloads as options that can be enabled/disabled by the user via the Settings panel? Assuming that they would not slow down the application. Just a thought that may be counter to the direction you want to take the product in...but a thought nonetheless." }-

We'll chew on those ideas too. Thanks!

Roger

LinkScanner Pro or none
IMO, LinkScanner Lite is trouble to use

Hello rogert,

Are signatures(blacklist) the "primary" means that LinkScanner Pro detects and blocks exploits? Does LSP employ behavioral heuristics in detecting/blocking exploits? If so, does it take a greater or lesser role than signatures in detecting/blocking exploits? Thanks in advance.


Peace & Love,

CogitoErgoSum

-{ Quote: "Hello rogert,

Are signatures(blacklist) the "primary" means that LinkScanner Pro detects and blocks exploits? Does LSP employ behavioral heuristics in detecting/blocking exploits? If so, does it take a greater or lesser role than signatures in detecting/blocking exploits? Thanks in advance.


Peace & Love,

CogitoErgoSum" }-
Don't know if this link may be of assistance?

http://www.explabs.com/products/lspro_methodology.asp

:wacko:

Hello Baldrick,

FYI, I have already read all the information available at the Exploit Prevention Lab's web site regarding LinkScanner Pro a long time ago. I just wanted to get an official response from the horse's mouth. The reason that I asked the questions that I did is because of the following link below.

http://community.hautesecure.com/forums/p/37/153.aspx

Anyhow, thanks for your efforts.


Peace & Love,

CogitoErgoSum

Hi Cogito

Interesting article...seems to lightly pan LS's approach when compared with its own. Had a snoop around and found this blog that seems to reveal more about the way that HauteSecure works...which does not seem to be far away from LS's...so I guess that there is not much to choose between them.

http://msmvps.com/blogs/spywaresucks/archive/2007/06/26/990604.aspx

More and more interesting. ::)

-{ Quote: "Hello rogert,

Are signatures(blacklist) the "primary" means that LinkScanner Pro detects and blocks exploits? Does LSP employ behavioral heuristics in detecting/blocking exploits? If so, does it take a greater or lesser role than signatures in detecting/blocking exploits? Thanks in advance.


Peace & Love,

CogitoErgoSum" }-

Hi Cogito,

We actually use a combination of things... static sigs _and_ heuristics mostly, combined with URL/ IP blacklists for the times when a sig or heuristic just won't do.

Our intention moving forward is to rely less and less on URL/ IP blocking, and more on relatime detection/ analysis.

Roger

-{ Quote: "Hi Cogito

Interesting article...seems to lightly pan LS's approach when compared with its own. Had a snoop around and found this blog that seems to reveal more about the way that HauteSecure works...which does not seem to be far away from LS's...so I guess that there is not much to choose between them.

http://msmvps.com/blogs/spywaresucks/archive/2007/06/26/990604.aspx

More and more interesting. ::)" }-

Heh... except that, just like with scanners, some products work better than others in practise. Ouch ... now I have to say three nice things.

:-)

Roger

Roger,

I am wondering if think running Haute Secure And Linkscanner Pro side by side would be overkill?

-{ Quote: "Roger,

I am wondering if think running Haute Secure And Linkscanner Pro side by side would be overkill?" }-

Hi SM,

Best security tends to be layered, so probably not, but I've not tried the two of them , so really ... I don't know if they work together.

I'll see if I can get time over the next days to try.

Cheers

Roger

Hello rogert,

Thanks for the follow-up.


Peace & Love,

CogitoErgoSum

-{ Quote: "Hi Cogito,

We actually use a combination of things... static sigs _and_ heuristics mostly, combined with URL/ IP blacklists for the times when a sig or heuristic just won't do.

Our intention moving forward is to rely less and less on URL/ IP blocking, and more on relatime detection/ analysis.

Roger" }-

Roger,

I am wondering if the heuristics are built into the appliction or are they present on the backend scanning that is done?

SMPRICESOLUTIONS

I have been using LS Lite for a couple of days. I am running it with SiteAdvisor, and find that I like LS better.

I also have KIS 7 and other applications shown in my signature.
Does LS Pro conflict with KIS?

Thanks,
Jerry