The short answer is, there’s no simple solution to this problem. There’s no single service or tool you can rely on to keep you completely safe.
I understand that can be frustrating.
There are tools and techniques, including online tools, DNS blocking, web blocking, and browser blocking, but these solutions are inconsistent and incomplete. Generally, they can be used only to gather a little additional data to inform the ultimate safety tool: yourself.
What is “safe”?
There’s no canonical list of what is and what is not safe.
One problem is that the word “safe” has different meanings depending on who you ask.
For some people, “safe” means no malware could be downloaded by visiting the site; for others, “safe” means there isn’t any risqué humor present; for still others, it could mean that the site represents a company with which it’s safe to do business. There are probably as many definitions of what it means to be “safe” as there are people answering the question.
I don’t believe it’s possible to get an absolutely safe/not-safe decision from any service or tool. At best, you’ll get data to help you make that determination yourself, according to your own criteria.
Online services that rate websites’ credibility are one of my first stops when faced with an unknown or questionable link.
Web of Trust became quite controversial when it was discovered they were selling data collected by their toolbar. The solution is simple: uninstall their toolbar, or don’t install it in the first place.
Their online service remains a valuable source of data. The information is “crowdsourced”: it’s generated from internet users, not from some central authority. I’ll talk more about this concept below.
Visit mywot.com, enter the URL of the site you’re investigating into the search box at the top, and hit Return.
That will generate a report for the site in question. You can view the report for Ask Leo! (askleo.com) here. This will tell you if others have found the site to be safe and trustworthy, or not.
Norton SafeWeb is a similar service from Symantec. Its web interface is perhaps a little cleaner, putting the search function front-and-center.
Like Web of Trust, it’s crowdsourced. Since it has somewhat less visibility than WOT, over the years its database of community-contributed ratings may not be quite as deep. Regardless, it’s a valuable additional resource.
Crowdsourcing: good and bad
I stop just shy of formally recommending either of these services.
Let me be clear: there’s value in the information that they provide. But there is a concern, and that’s the crowdsourcing aspect of this information.
Anyone can post anything. That means these services can be abused, primarily in either of two ways:
- Malicious sites can post positive reviews of themselves. They can hire people to post fake, glowing reviews to make themselves appear safe, when in fact they are not.
- An individual who feels wronged by or disagrees with a site can also post a malicious or fake review, disparaging the site when in fact the site would be considered “safe” by most.
Both services have processes in place to minimize this activity, but like any spam filter, it’s impossible to be 100% accurate.
That means you need to view all information on crowd-sourced review sites with a skeptical eye. It’s not authoritative, but it can be additional data.
Whenever you access a website, page, or download, DNS looks up the mapping from the domain name — like “askleo.com” — to the IP address of the server where that domain is physically located — like 184.108.40.206. Since every domain you access goes through this look-up, it’s an opportunity for the DNS service to block your ability to access domains known to be malicious.
Unfortunately most DNS services don’t do that.
OpenDNS, now owned by Cisco, is a replacement for the DNS service provided by your ISP. OpenDNS was originally created to be a faster, independent DNS service, but they support malicious filtering as an option as well.
Many anti-malware scanners and security suites include malicious website detection as part of the service they provide. The quality and intrusiveness of this detection varies based on many things, including not only the specific security package you run, but the browser you use, as well as other aspects of your system. I don’t have a specific recommendation.
The security package I generally do recommend — Windows’ own built-in Windows Defender — does not include such a feature. However, Microsoft’s browsers, Edge and Internet Explorer, have options to use “Windows Defender Smart Screen” to protect your system from malicious sites and downloads.
I don’t have a sense for exactly how good these filters are, or what Microsoft’s definition of “safe” or “malicious” might be. My guess would be that they’re fairly conservative, since the repercussions of a false positive — erroneously flagging a good site as malicious — could cause a backlash against Microsoft, whereas accidentally allowing a malicious site through would seem to be today’s norm.
A final class of tools for assessing website safety are toolbars and add-ons to whatever browser you use.
Before Web of Trust lost my trust, I would have suggested installing their toolbar. It provided a nifty approach to accessing WOT data without having to visit their site. While there are other toolbars and browser add-ons that may perform similar functions, I don’t have enough of a track record with any to make a suggestion — with one exception.
uBlock Origin is a browser plugin most people think of as a pop-up or ad blocker. It also blocks many malicious or questionable sites. I’ve been running it for a while and consider it a fine addition to the tool set.
But how can you tell if a website is safe?
Ultimately, you can’t. Not with 100% certainty, anyway.
What I’ve listed here are several tools and techniques you can use to gather data, or perhaps at least avoid the most obviously malicious sites, but the risk remains.2
What I can say is this: give these tools and techniques a try, but take that information with a grain of salt. Use it as part of your own decision-making process. Read and understand the reviews, and see if they are fair and make sense. Know that your blocking solutions may not block every malicious site, and continue to view every link cautiously.
You are the ultimate safety net. One of the best things you can do as you surf the web is to be skeptical. Don’t believe everything you read or every promise or offer made. If it sounds too good to be true, chances are it’s not true. That goes for links people send you; it goes for the information people post on crowdsourced information sites; it even goes for what you read here on Ask Leo!
I’m guessing you already have a sense for what’s good or bad. Use common sense; listen to your gut. Use tools like WOT or SafeWeb to gather additional data if you’re not sure, or even just a plain old Google search for more information.
If it’s not worth your time to do the extra checking, it’s almost certainly not worth the risk of visiting an unfamiliar site.
I’m quite interested in additional techniques readers use to identify or avoid good or bad sites on the internet. Feel free to leave a comment about what you do to stay safe.
Previous versions of this article, as well as several of the comments below, reference McAfee Site Advisor. Similar to SafeWeb and WOT, it appears Site Advisor is no longer offered.