There are never any absolutes, but we can stack the deck in favor of safety.
There is no simple solution to this problem. There’s no single service or tool you can rely on to keep you completely safe. There is no such thing as “safe”, after all.
I understand that can be frustrating. You want to know that you’re not about to be ripped off by a shady business, or worse: hacked by a malicious site.
You can use tools and techniques to stack the odds in favor of safety, but the ultimate safety tool remains yourself.
Become a Patron of Ask Leo! and go ad-free!
Checking a website for safety
There’s no perfect way to know if a website is safe, but you can check with tools like VirusTotal, Norton Safe Web, and Web of Trust. Use good security software, and trust your gut. If something feels off, stay away.
What is safety?
There’s no canonical list of what is or is not safe.
One problem is that the word safe has different meanings depending on who you ask.
For some people, safe means you won’t pick up malware by visiting the site. For others, safe means there isn’t any risqué humor. For still others, the site represents a company safe to do business with.
There are probably as many definitions of what it means to be safe as there are people answering the question.
I don’t believe it’s possible to get an absolutely safe/not-safe decision from any service or tool. But you can get data to help you make that determination yourself, based on your own criteria.
Online tools
When faced with an unknown site or questionable link, you might consult three online services that rate websites.
- Virus Total
- Norton Safe Web
- Web of Trust
Virus Total
At Virus Total (owned by Google), you can upload suspected malware or URLs and have multiple security scanners analyze them.
The focus here is on security and malicious behavior as reported by a collection of security vendors.
I’m particularly interested in the Details page, which includes technical details of what was found.
This can be useful for understanding where URLs redirect to, what trackers are present, and much more technical information about the website being analyzed.
Norton Safe Web
While Virus Total has a community aspect, Norton SafeWeb relies on it a little more.
It’s unclear exactly what “Norton Safe Web has analyzed…” means (its results are apparently not included in that of Virus Total), but you’ll see a “community rating” section that can be useful.
Web of Trust
Web of Trust became controversial several years ago when it was discovered that they were selling data collected by their toolbar. The solution is simple: don’t use their toolbar.
Their online service remains a valuable source of data. The information is crowdsourced: it’s generated from internet users, not from some central authority.
This will tell you if others have found the site to be safe and trustworthy or not.
You do not need to register, sign in, or download the extension, even though it may be offered multiple times.
Crowdsourcing: good and bad
Some of the information provided by the services I’ve listed above is user-provided: crowdsourced. There is value, but also some concern, in that.
Anyone can post anything. That means crowdsourced information can be abused, primarily in either of two ways.
- Malicious sites can post positive reviews of themselves. They can hire people to post fake, glowing reviews to make themselves appear safe when they are not.
- An individual who feels wronged by or disagrees with a site can also post a malicious or fake review, disparaging the site when the site would be considered safe by most.
There are processes to minimize this activity, but like any spam filter, it’s impossible to be 100% accurate. View all information on crowd-sourced review sites with a skeptical eye. It’s not authoritative, but it can be valuable, additional data.
Aside from online tools, there are several other techniques that may help you determine your online safety: DNS blocking, website blocking, and browser blocking.
DNS Blocking
When you access a website, webpage, or download, DNS looks up the mapping from the domain name (like “askleo.com”) to the IP address of the server where that domain is physically located (like 54.85.8.229). Since every domain you access goes through this look-up, it’s an opportunity for the DNS service to block access to domains known to be malicious.
Unfortunately, most DNS services don’t do that.
OpenDNS, now owned by Cisco, is a replacement for the DNS service provided by your ISP. OpenDNS was originally created to be a faster, independent DNS service, but they support malicious filtering as an option as well.
Changing your DNS is best done at your router, though you can do it on each individual device as well. To use OpenDNS, visit their setup guide to get started.
Website blocking
Many anti-malware scanners and security suites include malicious website detection as part of the service they provide. The quality and intrusiveness of this detection vary based on many things, including not only the specific security package you run but the browser you use, as well as other aspects of your system. I don’t have a specific recommendation.
The security package I recommend — Windows’ own built-in Windows Security — includes SmartScreen to protect your system from malicious sites and downloads.
Browser blocking
A final class of tools for assessing website safety are toolbars and add-ons to whatever browser you use.
As one example, uBlock Origin is a browser plugin most people think of as a pop-up or ad blocker. It also blocks many malicious or questionable sites.
I’ve been running it for a while and consider it a fine addition to the toolset.
Do this
How can you tell if a website is safe? Ultimately, you can’t. Not with 100% certainty, anyway.
What I’ve listed here are tools and techniques you can use to gather data, or at least avoid the most obviously malicious sites, but some risk always remains.
Give these tools and techniques a try, but take that information with a grain of salt. Use it as part of your decision-making process. Read and understand the reviews, and see if they are fair and make sense. Know that your blocking solutions may not block every malicious site, and continue to view every link cautiously.
You are the ultimate safety net. One of the best things you can do as you surf the web is to be skeptical. Don’t believe everything you read or every promise or offer made. If it sounds too good to be true, chances are it’s not true. That goes for links people send you, it goes for the information people post on crowdsourced information sites, and it even goes for what you read here on Ask Leo!
You probably already have a sense of what’s good or bad. Use common sense and listen to your gut. Use tools like Virus Total, Safe Web, or WOT to gather additional data if you’re not sure, or even just a plain old web search for more information.
If it’s not worth your time to do the extra checking, it’s almost certainly not worth the risk of visiting an unfamiliar site.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
