TRUSTe Certified Websites May Still Contain Malware
Web sites labeled with the TRUSTe certificate that assures the site's security have more chances of hosting malware or malicious code than Web sites without security certificates, alleges spyware and adware researcher Ben Edelman. Net-security published this on March 28, 2007.
An independently working certification authority, TRUSTe issues 'security certificates' to secured websites. The certificate therefore helps businesses and consumers to recognize legitimate online organizations via the authority's Web Privacy Seal, E-mail Privacy Seal, and Trusted Download Programs. There are 2,000 or more Web sites under the certification of TRUSTe, some of which are AOL, IBM, Oracle, Intuit, eBay and Microsoft. TRUSTe also settles numerous privacy disputes round the year. One can visit www.truste.org to educate himself / herself about online privacy, reported Webknowhow in the first week of March.
Edelman further said in his recent report that Direct Revenue and Webhancer, providers of adware had featured their sites with TRUSTe certificates to try and appear more legitimate than they actually are. The New York Attorney General is conducting a legal action against Direct Revenue for spreading its adware program. Edelman also said that users often do not realize when Webhancer gets installed on their PCs.
The independent certifying authorities verify if the website's operator complies with the privacy guidelines. If a site meets the criteria it can then display the TRUSTe logo on its pages.
Websites wanting to push malware and adware often seek such certificates to hide their deception. In his research Edelman analyzed a comparison between TRUSTe certified websites with a number of websites hosting viruses, spam, spyware and online scams. From his sample of 500,000 websites, Edelman determined the TRUSTe certified sites and assessed them for malicious software and drew the conclusion that there is no incentive for TRUSTe to adequately verify privacy standards' compliance.
TRUSTe disagreed with Edelman saying that its certification process was thorough and specific. Further, it challenged Edelman in that blacklist does not provide an accurate analysis of websites considered untrustworthy.
TRUSTe noted that it no longer certified Direct Revenue. Also, it has asked Webhancer to surrender its software for an assessment for fresh certification.
Related article: Targeted Attacks Replace Mass Outbreaks
» SPAMfighter News - 06-04-2007