How do I check a website for malware without infecting my own machine?

Question: Can I check a site for viruses without infecting my own machine? Can that really be done for totally free? Yes, some sites do say “McAfee/Norton or some other brand trusted and tested” but that’s their word against mine.

You’re right to be suspicious about those seals that say a site has been tested and is secure. There’s absolutely nothing that prevents a malicious site from simply putting that little graphic on their page.

That said, what you’re looking for isn’t available. There’s no 100% certain way to test a site before you visit it to determine if it is malicious or contains malware that will infect your machine. That’s one of the reasons why I recommend sticking with trusted sites and making sure that your anti-malware tools are in place and up-to-date.

So, let me throw out some ideas that, while not guaranteed, can at least help protect you even if you’re visiting a potentially questionable site.

Become a Patron of Ask Leo! and go ad-free!

Use Linux

One suggestion would be to visit the site using a different operating system. If you have access to a Linux machine, try visiting the page using that. If you don’t have a spare machine, fire up Linux in a virtual machine or boot Linux from a live CD.

Most malware is targeted at Windows and Windows-based browsers, so if something happens to your Linux box, you won’t actually get infected. You’ll just presumably see malicious behavior.

Switch browsers

You could also run a non-standard browser as occasionally malware will target browsers like Internet Explorer, Chrome, or Firefox. It actually makes sense to use one of the second or third-tier browsers to see if you have any problems when you visit those sites.

But even with a different browser and operating system, there is no guarantee. Malware may try to infect you, but fail silently, so there’s no indication. Well-crafted malware may even detect the browser and Linux operating system and simply not infect you without any indication that it would have tried.

There’s no way to tell unless you…

Sacrifice Windows

In this scenario, you run Windows in a virtual machine and visit the site. That way you can simply erase the virtual machine when you’re done. Your main computer is not affected because everything – malicious or otherwise – was contained within that virtual machine.

You could also run Internet Explorer in sandboxie
(“sandbox IE”). This tool limits the malware’s ability to act outside of Internet Explorer and it deletes everything that may have been changed on your system when you exit the browser.

Avoid the site

Ultimately, if you’re really concerned about a site, I’d simply avoid it.

The unfortunate truth is that you can take a lot of steps to protect yourself, gain a good level of confidence, and still be wrong.

Backup your stuff

As always, the one level of protection that you absolutely can put in place that will protect you no matter what is a backup.

Take a system image backup of your machine on a regular basis. That way, if you do go to a malicious website and you later find out that you’ve been infected, you can simply restore that machine to the most recent backup. For example, because I backup every night, I can simply restore to the previous night’s backup if I’m ever infected. And I then also know never to go back to that website again.

So, those are your options. This is a difficult problem to solve, but hopefully, some of these ideas will help you raise either your confidence or suspicions in whichever site that you’re investigating.

16 comments on “How do I check a website for malware without infecting my own machine?”

This is far from a sure fire solution, but installing the WOT plugin for your browser will warn you of many sites containing malware and prevent them from loading when you click on them unless you choose to override their block.
Web Of Trust – Website Trust Ratings from Other Internet Users

Mike

July 23, 2013 at 4:32 pm

Mark,
Don’t those site ratings services tend to have a bunch of false positives (warnings)?
Reply
- Mark Jacobs (Team Leo)
  
  July 24, 2013 at 6:21 am
  
  Absolutely, that’s why I said it’s not perfect. Still it’s useful. When in doubt, don’t. I find a lot of false positives with political and religious sites which are often attacked by people with opposing views.
  Reply
  - Mike
    
    July 24, 2013 at 9:38 am
    
    Right. But if you’re getting warnings for sites that you’ve used for years without a problem (which I have experienced), you tend not to take the service as seriously. And that’s a similar risk to not using it at all.
    An approach might be to use Sandboxie when a site is being reported as suspicious.
    Reply

I simultaneously use WOT, Norton Site Safety, and McAfee SiteAdvisor to evaluate the riskiness of search results. It is not that rare for one of the software to show a red warning icon for a search result, while the other two software give it a green a-okay symbol. So who do you believe?

A user can go to zulu.zscaler.com to use their free URL risk analyzer tool. Just submit the URL you want to check out, and the tool will analyze various aspects of that web page, such as external links, content, full URL, and host reputation. For example, askleo.com generated a score of 38 out of 100 (the lower the score, the safer the page presumably), with the tool classifying the overall page risk as “Benign”. The askleo.com rating showed only one negative: the tool indicates the website has an “IP address (that) has been identified as risky by one/more sources”. I’m sure askleo.com is safe — right, Leo? ;-)

Leo

July 23, 2013 at 7:39 pm

That’s one of the problems with websites like that – it’s possible that when I set up the askleo.com server I inherrited an IP address that perhaps had been previously used by a “risky” website. In a sense I may have “inherited” that reputation. One of the problems with those services is that it’s nearly impossible to get off their list of possibly risky sites.
Reply

I like the OffByOne browser for checking websites I’m not sure of.
Their overview page lists two limitations (other than the HTML 3.2 support)
-No JavaScript support (so no pop-up ad windows).
-No applet, plug-in or Flash support.
This cuts out most the ways for bad things to happen.

Thank You Yeppers for mentioning zscaler as another tool for Paranoid folks like me to use before visiting web sites.
I C&P the zscaler URL from Your comments above into Firefox without checking it first with Dr. Web Link Checker, because I know Leo wouldn’t allow sites mentioned in His Comments section to go to a Harmful web page.
Thank You for the comment and Thank You Leo for having a Safe Place to learn this here complicated stuff. . .

Leo

July 23, 2013 at 7:45 pm

To be clear, I cannot vet every link that is placed in a comment. Even if I could there’s a window of time between the posting of the comment and my or my assistant’s getting around to it. Bottom line: don’t assume links in comments here aren’t risky – ultimately they could be.
Reply

Hey!, Thanks Kevin for telling about the OffByOne browser.
I’ll try it when I get a ROUNDTUIT. . .

Go to the library and test the site there.

Or if your friend’s house is closer than the library, test the site there.

i use the VirusTotal website to check files and websites for maliciousness > https://www.virustotal.com/en/#url

Thanks. Your comment says sandboxie can be used in IE, but no mention of FF. Their site does not mention is either. Does sandboxie work with FF and Chrome?

Leo

July 30, 2013 at 5:56 pm

It’s name notwithstanding, sandboxie can be used to sandbox any application.
Reply

I also use http://www.urlvoid.com/ But, as Leo says, the best bet is to not go to that site.