URL shorteners may be handy for your tweets on Twitter. But they're also known security holes since they don't display the actual address of your destination. A free tool from security vendor AVG may provide a solution.
AVG has updated its free LinkScanner tool to detect malicious pages hiding behind shortened URLs. The company said the tool checks the actual destination of each URL link to make sure the page is legitimate.
More than a dozen URL-shortening services abound on the Net, including TinyURL and Bitly. With its 140-character limit, Twitter automatically shortens URLs in each tweet via Bitly. Other services like WordPress also include a built-in URL shortener.
But Web browsers don't display the true address of a shortened URL, so you have no idea whether or not the destination page is safe. Hackers have easily been able to use the obscure nature of shortened URLs to conceal hazardous Web pages behind them.
"The problem with shortened links is that they usually don't bear any resemblance to the original URLs, which means that users don't always know what they're clicking," said Roger Thompson, chief research officer at AVG Technologies. "People click with the intention of going to a specific site, but the link can be easily hacked to send people to a site containing Trojans, spyware, rootkits, and other malware instead."
AVG, formerly known as Grisoft, bought LinkScanner in late 2007 as part of a larger acquisition. The tool has already proven helpful to Web surfers by analyzing Web pages behind each link that is either clicked on or typed into the browser.
Other solutions do exist to reveal the truth behind a short URL. The Web site LongURL can display the long version of a short URL. A Firefox plug-in called LongURL Mobile Expander can also translate from short to long.
But according to AVG, LinkScanner is now the only security tool on the market that can find poisoned Web pages behind a short URL. The company says it does not rely on blacklists and instead checks each link in real time.
LinkScanner is once again available as an independent plug-in for Windows-based Firefox and Internet Explorer, following more than a year spent as a feature of AVG Technologies' AVG security suite. Still available as part of AVG, users can now once again download LinkScanner independently of AVG's antivirus software, and for free.
AVG's LinkScanner evaluates link safety on the fly, as well as making click-throughs for dangerous sites harder.
(Credit: Screenshot by Seth Rosenblatt/CNET)The new LinkScanner works much the same as the original one did. Once you've installed the EXE, AVG's "Search Shield" returns search results from both Google and Yahoo with flags next to them. Green flags on Google indicate a result is safe to click through to, while Yahoo safe results display no flags. Links that are unsafe on both search engines will return red flags.
Hovering over a flag will pop open a window that provides further details about the link. Green flags will show you the IP address, the amount of time the scan took, and the date and time of the most recent scan. Red flags highlight the same information, as well as the risk category and the site name. Attempting to click through to a red-flagged page will take you to a warning screen that repeats most of the red-flag information--AVG calls this the "Active Surf-Shield".
A small link at the bottom of the red-blocked screen will let you click through, although it cautions users that it will continue to block potentially harmful content. When I tried to click through to warez.com, for example, LinkScanner would only show me the CSS code for the page.
LinkScanner doesn't have references for all links, as evidenced by the third one in this Google search for ringtones.
(Credit: Screenshot by Seth Rosenblatt/CNET)In addition to the clear messages behind the green and red flags, LinkScanner also offers two "slow down" warnings. The first is yellow with one exclamation point in it, while the second is orange and has two exclamation points. I found it nearly impossible to locate search results with a yellow or orange flag, but the meaning is clear: we can't tell what this is, but it looks sketchy so be careful.
It's worth noting, too, that both green flag and red flag boxes (and, presumably, the yellow and orange warning boxes) include a link at the bottom to an AVG product comparison page.
Before Grisoft, now AVG Technologies, bought LinkScanner, many users appreciated that both the free version and the paid LinkScanner upgrade provided smooth integration with your daily Web browsing habits. There are some similar services, such as McAfee's SiteAdvisor, that have interfered with performance for some users--an instant turn-off. After trying LinkScanner out for half the day, though, I was pleased to see that the once-again independently available add-on continues to function as well as it did in the past.
AVG on Monday will begin offering a free version of its LinkScanner software, which offers real-time scanning of Web pages while surfing or doing Web searches.
LinkScanner, which is currently part of the AVG Free Edition suite, scans a Web page before a surfer visits the page and warns if the page appears to be unsafe.
AVG LinkScanner also offers safety rankings for all organic search results on Google, Yahoo, and MSN. Safe pages in searches will have green check marks next to them and unsafe ones will have red "X"es and pop up windows offer more explanation.
AVG LinkScanner scans bookmarks as well as links in e-mails and instant messages before they are opened. Individual pages are scanned separately, so that if one page on a site like Facebook are spreading malware that page will prompt a warning and other pages on the site won't.
There is other software that flags malicious sites in searches. McAfee SiteAdvisor works with Yahoo search results and more than 20 other search engines and Symantec offers ratings on Ask while Google serves up its own warnings in its search results.
The news will be announced at the RSA 2009 security conference which starts on Monday.
AVG LinkScanner puts marks by search results that are unsafe and displays a pop up box with more information when the cursor hovers over the mark.
(Credit: AVG)
Apple on Friday issued an update for iTunes 8 that specifically addresses problems experienced by Windows Vista users, and issued general recommendations for Windows XP and Vista users experiencing sync issues with iPhone and iPod touch devices.
Since its release earlier in the week, iTunes 8 has bedeviled some Windows Vista users with the so-called blue screen of death, or BSOD, and other issues. Speculation has focused on an incompatibility with USB devices, such as Webcams and printers.
In a support post, Apple recommends that Windows Vista users experiencing difficulty should uninstall iTunes 8 and, after rebooting the computer, reinstall the updated application. (You can download the updated iTunes 8 for Windows from CNET's Download.com.)
Also on Friday, Apple posted recommendations regarding problems experienced by Windows XP and Windows Vista users when syncing the iPhone or iPod Touch devices containing saved photos. Apple says that "while any driver software could be a factor, updating the software drivers for Logitech QuickCam/Webcam products, Lexmark scanners, and some built-in media card reader drivers on the computer may solve this issue in a majority of cases."
- prev
- 1
- next
