Web Of Trust does not block some malicious sites

Hi

As you can read from the title of this 3d I verified this behaviour.
When I do some search, and WOT marks the search entry with the red circle, it does not alert neither block!!

This is not true for ALL the sites, but only for SOME of them.
This bug seems to affect only Wot on Firefox and Chrome, on Opera it works fine.

I tested it searching in google some terms as suonerie, sfondi ecc, and this is the result.
I emailed the support, waiting for an answer.

So, at the moment, BE CAREFUL when surfing the web using WOT until we have an official response from the support

Regards

 

I received an answer from the support:

Wot open the warnings basing on the users votes and on the reputation ratings.
If the reputation is not reliable enough, then WOT shows the red circle, but does not block/alert when open the page!

So I recommend to rate the malicious sites. By doing this you'll help the reputation ratings become more reliable!
Be carefull on open pages marked as red..

Regards

 

After giving it a spin for awhile, found it utterly useless based on it's design and was rightly "booted" to the curb.

 

Well, it depends on the importance you give to it.
Its purpose is not to save your pc, but give you a suggest on a search for unknown sites..

 

But you said this:

And that's the problem with it It's not staffed by malware researchers out there to protect you but relies on anyone to comment. Some young punk can go about his business every night giving bad ratings to sites that don't deserve it. Can't tell you how many sites i got blocked but proceeded anyways and lots of "one word" comments - "trojan" or "virus" There's nothin there but a site that said freeware but most apps were paid!

 

Some malware researchers do contribute, such as Steven Burn who is behind the hpHosts hosts file. There are some other sources as well. From the FAQs:

The comments left by users aren't related to a site's reputation:

They also say:

 

Like i said

 

Yes, you are right, and it is all supposed to be based on a meritocracy. Included amongst all that though are ratings from the likes of hpHosts. Some ratings seem to be initiated from requests in their forums to rate specific websites. The problem is people may misrate, but the system apparently has a failsafe against that. However, like any community, unless people help out and correct where there are mistakes, how can they improve?

Interestingly, there is a thread on their forums regarding catching malware despite having WOT installed. I'm not sure if I'm allowed to link to that here, but it's worth a look.

 

Hello Tony

Thanks for the comments

Looking back, my initial post was abit harsh but wanted to point out to not expect too much from WOT - from a security standpoint anyway. Guess prevx has me abit stirred up

 

Personally, I like WOT. I didn't realize how much until I started using scroogle and the ratings don't show up there (they do once you configure properly, which I have done now) and I quite missed seeing them. But you do have to keep your expectations in line. For me, it is less about expecting WOT to block access and more about seeing red lights or green lights and avoiding sites if I have alternatives. I do occasionally go to sites rated poorly, but my "radar" goes a bit higher and I look out for anything remotely suspicious. Sometimes before I visit a poorly rated site, I do another search on it and find out if it is worth a visit. If you expect WOT to do all the work for you, you're probably not going to be happy with it.

 

It's useless but nice

 

Well said. That is how I use WOT, just as a flag to be more alert at some sites. It's not foolproof, nor do I expect it to be. But if you start adding up 80% useful layers, you'll get to 99.9999999% pretty quickly. I don't expect that much protection from ClearCloud DNS either, but like WOT it is adding some protection without noticable slowdown or interference.

 

WOT serves a purpose other than just to block malicious sites. If you're going to depend on it for that, I'll say kudos to you As a friend of mine once said : WOT community don't judge a website only if it's infected or can harm your computer.

WOT community also takes into account "the reputation of a website in terms of four components":

* Trustworthiness
* Vendor reliability
* Privacy
* Child safety

You can refer to the FAQ for more info/details.

If you're only keen in specifically blocking malicious sites, then I am of the opinion that there are other more suitable tools/services out there that you can make use of such as a specialized DNS server like ClearCloud DNS, a web shield component in AV programs or perhaps something like a modified and maintained hosts file (which may arguably be outdated concept for certain members here)

When used in conjunction with common_sense.exe, WOT may just fit the bill for some of us here...especially more so if you have a locked-down system of some sort (be it with a HIPS, anti-executable, or OS internals).

 

See this post for some info on those who contribute, and to safeguard against the system being abused:

https://www.wilderssecurity.com/showpost.php?p=1764631&postcount=29

 

Thanks Saraceno, great post, i did'nt see it yet

Anyway this is the global situation for the browsers:
Opera: low confidence level, works as expected and blocks the sites
Chrome: i did not find a way to reduce the confidence level
Firefox: about:config, and set weboftrust.min_confidence_level to a best vallue (for example 1)

Regards

 

1. Could you please explain this "confidence level"?
2. How many entries are there for weboftrust in your about:config. I have more than a screenful!

 

1) A page to be succesfully blocked has to be voted as malicious from a lot of people. Until a page does not reach that segnalations level, it will not be blocked. You will only see the red circle, but the page will not blocked.
This happens for security purposes, to increase the accuracy of the segnalation.
By the way i strongly recommend to modify that value on firefox from 8 to a low value (I set it to 1).

2) I think it has nothing to do with the speech
If you want to do that change simply follow the instructions i said before.

Regards

 

FWIW, there's this line in prefs.js in the extensions folder:

min_confidence_level: wot.confidencelevels[1].min + 2,

I haven't tried messing with it.