How Trustworthy Are Certified Sites?

n the views of Ben Edelman, a researcher in spyware and adware, websites with certificates that confirm their security are not necessarily safe. In his report he wrote that sites having TRUSTe Security Relevant Products/Services certificate have greater possibility of containing malware than websites without any certification.

Companies like David-revenue and Webhancer are providers of adware who use TRUSTe certificates to make themselves appear highly credible than they actually are, says Edelman. In fact Attorney General of New York has come down legally on Direct-revenue for circulating adware software. Webhancer often installs its adware without the user's knowledge, alleged Edelman.

TRUSTe is an apparent independent certification body that provides security certificates to websites. These certificates mean to say that the site services follow certain privacy guidelines, which users can verify to confirm that they are viewing the website they intended to go to.

Before certifying a site, the certification authorities check the background to verify the identity of the operator of the website and ensure the site complies with the privacy standards. Websites that fulfill the organization's criteria are permitted to flash the TRUSTe logo on their site pages. Since these websites are considered trustworthy and safe, they tend to take advantage of the situation by injecting malware and adware.

Edelman conducted a comparative study of TRUSTe certified sites with a selected number of malware sites that he obtained from McAfee's SiteAdvisor product. SiteAdvisor is a service for blacklisting websites containing viruses, spyware, online scams, and spam.

Edelman picked 500,000 websites's samples, verified the number of TRUSTe certified sites to crosscheck them against the McAfee list. After doing this examination, he established that 5.4 percent of TRUSTe websites were regarded untrustworthy while SiteAdvisor blacklisted just 2.5 sites.

In response to Edelman's study, marketing director of TRUSTe, Carolyn Hodge disagreed stressing that their certification process was specific and thorough.

While it is not easy to write tough rules it is even harder to enforce them. Since certification bodies get paid for a certificate they issue and nothing for rejecting a site, they are unlikely to frame hard-hitting rules, said Edelman in a blog posting.

Related article: Hi-Tech Security Systems To Counter Sophisticated Hacking

» SPAMfighter News - 1/3/2007