Gallery

Surf safety survey

Posted on 26 Jul 2006 at 16:28

Davey Winder examines web safety tools, witnesses the demise of a promising anti-spam firm and goes ego surfing

K9 really is a flexible tool: it's browser independent, offers multiple levels of category blocking (with 55 categories) and can impose time limits on access. It can perform keyword blocking of URLs, although I never recommend this because it leads to far too many false positives like Essex and Scunthorpe (think about it). In its other modes, Blue Coat prides itself that K9 has one of the lowest false positive, or over-blocking, rates in the business thanks to the commercial engine that powers it. (The corporate world demands a greater emphasis on avoiding over-blocking than consumer products require, for obvious productivity reasons.)

As a result, you can access sites relating to breast cancer but successfully block pornography, or access drug treatment and information sites, while blocking recreational drug usage ones. There's even some clever technology called Dynamic Real-Time Rating that will scan the content of sites not already in K9's database, analyse for inappropriate material and return a "permit" or "prohibit" rating, all within a matter of seconds. In fact, DRTR is so quick you're hard pressed to tell which sites are new to the database and which aren't. You can set time-outs to block all web access if a certain number of blocked site attempts are made within a predetermined period, and the administrator can override a blocked site either for 15 minutes or permanently upon entry of a correct password. Best of all, there's logging of all internet activity in both summary and detailed formats, which makes it perfect for monitoring access rather than just blocking it. You see exactly what sites have been accessed and when, indexed by category and flagged to show sites within specific categories.

Blue Frog croaks

Only two months ago, I was blowing the trumpet for Blue Frog as possibly the future of anti-spam, but no sooner had PC Pro hit the newsstands than Blue Security fell victim to a dual-pronged attack initiated by a prolific spammer known only as PharmaMaster.

First of all, thousands of users who signed up with Blue Frog found themselves on the receiving end of emails that threatened reprisals for being on the "Do Not Include Registry" at the heart of Blue Frog's anti-spam process. This message stated that "you signed up because you were expecting to receive a lesser amount of spam, unfortunately due to the tactics used by Blue Security you will end up receiving this message or other nonsensical spams 20 to 40 times more than you would normally. We have devised a method to retrieve your address from their database. So by signing up and remaining a Blue Security user, not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers."

The retrieval method mentioned in this threat has nothing to do with breaking the encryption of Blue Security's list, as proved by the fact that nowhere near the full half-million people on the registry received the email (I was among those who didn't get it, and relied upon my usual sources to forward me a copy). All that PharmaMaster actually did was run his existing spamming list through Blue Frog's scrubbing process to remove names on its registry, then by comparing his list before and after scrubbing he could deduce which addresses were in the registry, but only those that were also on his original spam list. Nevertheless, this apparent breach of privacy split Blue Frog users into two camps: those who upped and left scared of retribution, and those whose resolve was strengthened and were determined to continue rattling the cage of an obviously worried spammer.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site