There are never any absolutes, but we can stack the deck in favor of safety
The short answer is, there’s no simple solution to this problem. There’s no single service or tool you can rely on to keep you completely safe. There is no such thing as “safe”, after all.
I understand that can be frustrating.
You can use tools and techniques to stack the odds in favor of safety, but the ultimate safety tool remains yourself.
Become a Patron of Ask Leo! and go ad-free!
Checking a website for safety
There’s no perfect way to know if a website is safe, but you can check with tools like VirusTotal, Norton Safe Web, and Web of Trust. Use good security software, and trust your gut. If something feels off, it’s best to stay away.
What is “safe”?
There’s no canonical list of what is and what is not safe.
One problem is that the word “safe” has different meanings depending on who you ask.
For some people, “safe” means no malware would be downloaded by visiting the site. For others, “safe” means there isn’t any risqué humor. For still others, it could mean the site represents a company safe to do business with.
There are probably as many definitions of what it means to be “safe” as there are people answering the question.
I don’t believe it’s possible to get an absolutely safe/not-safe decision from any service or tool. But you can get data to help you make that determination yourself, based on your own criteria.
Online tools
Online services rating websites’ credibility are one of my first stops when faced with an unknown or questionable link. There are three that come to mind:
- Virus Total
- Norton Safe Web
- Web of Trust
Virus Total
Virus Total (owned by Google) is usually thought of as a site where you can upload suspected malware and have multiple security scanners analyze it. They’ll do something similar for URLs as well.
The focus here is on security and malicious behavior, as reported by a collection of security vendors.
Of particular interest to me is the “Details” page, which includes technical details of what was found.
This can be useful for understanding where URLs redirect, what trackers are present, and much more technical information about the website being analyzed.
Norton Safe Web
While Virus Total has a community aspect, Norton SafeWeb relies on it perhaps a little more.
It’s unclear exactly what “Norton Safe Web has analyzed…” really means (its results are apparently not included in that of Virus Total), but you’ll see a “community rating” section which can be useful.
Web of Trust
Web of Trust became quite controversial several years ago when it was discovered they were selling data collected by their toolbar. The solution is simple: don’t use their toolbar.
Their online service remains a valuable source of data. The information is “crowdsourced”: it’s generated from internet users, not from some central authority.
This will tell you if others have found the site to be safe and trustworthy, or not.
You do not need to register, sign in, or download the extension, even though it may be offered multiple times.
Crowdsourcing: good and bad
Some of the information provided by the services I’ve listed above is user-provided or “crowdsourced”. There’s value, but some concern.
Anyone can post anything. That means crowdsourced information can be abused, primarily in either of two ways:
- Malicious sites can post positive reviews of themselves. They can hire people to post fake, glowing reviews to make themselves appear safe, when in fact they are not.
- An individual who feels wronged by or disagrees with a site can also post a malicious or fake review, disparaging the site when, in fact, the site would be considered “safe” by most.
There are processes to minimize this activity, but like any spam filter, it’s impossible to be 100% accurate. View all information on crowd-sourced review sites with a skeptical eye. It’s not authoritative, but it can be valuable, additional data.
DNS Blocking
Whenever you access a website, page, or download, DNS looks up the mapping from the domain name — like “askleo.com” — to the IP address of the server where that domain is physically located — like 54.85.8.229. Since every domain you access goes through this look-up, it’s an opportunity for the DNS service to block your ability to access domains known to be malicious.
Unfortunately most DNS services don’t do that.
OpenDNS, now owned by Cisco, is a replacement for the DNS service provided by your ISP. OpenDNS was originally created to be a faster, independent DNS service, but they support malicious filtering as an option as well.
Changing DNS is best done at your router, though you can do it on each individual device as well. To use OpenDNS visit their setup guide to get started.
Web blocking
Many anti-malware scanners and security suites include malicious website detection as part of the service they provide. The quality and intrusiveness of this detection varies based on many things, including not only the specific security package you run, but the browser you use, as well as other aspects of your system. I don’t have a specific recommendation.
The security package I recommend — Windows’ own built-in Windows Security — includes “Smart Screen” to protect your system from malicious sites and downloads.
Browser blocking
A final class of tools for assessing website safety are toolbars and add-ons to whatever browser you use.
As one example, uBlock Origin is a browser plugin most people think of as a pop-up or ad blocker. It also blocks many malicious or questionable sites.
I’ve been running it for a while and consider it a fine addition to the toolset.
Do this
But how can you tell if a website is safe? Ultimately, you can’t. Not with 100% certainty, anyway.
What I’ve listed here are tools and techniques you can use to gather data, or perhaps at least avoid the most obviously malicious sites, but some risk always remains.
What I can say is this: give these tools and techniques a try, but take that information with a grain of salt. Use it as part of your own decision-making process. Read and understand the reviews, and see if they are fair and make sense. Know that your blocking solutions may not block every malicious site, and continue to view every link cautiously.
You are the ultimate safety net. One of the best things you can do as you surf the web is to be skeptical. Don’t believe everything you read or every promise or offer made. If it sounds too good to be true, chances are it’s not true. That goes for links people send you; it goes for the information people post on crowdsourced information sites; it even goes for what you read here on Ask Leo!
I’m guessing you already have a sense of what’s good or bad. Use common sense and listen to your gut. Use tools like Virus Total, Safe Web, or WOT to gather additional data if you’re not sure, or even just a plain old web search for more information.
If it’s not worth your time to do the extra checking, it’s almost certainly not worth the risk of visiting an unfamiliar site.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
