The inaugural Websense Insight – and the two clicks from danger rule
Websense has launched a new series of reports based on the huge amount of information its HoneyGrid captures. The Websense HoneyGrid is a sort of massively distributed honeypot hosted by the Websense installations all around the world: that’s something like 50 million real-time data collection systems parsing one billion pieces of content every day. That’s a lot of information in almost real-time.
Introducing these new Websense Insights, Charles Renert, senior director of security research at Websense, explained: “The security landscape changes so fast these days that it’s increasingly difficult to get that information out in a timely fashion. We’re putting in a little extra effort to take all of the information we have – which is immense – and collapse it into the core messages about what’s happening out there on the web.”
It’s a laudable intent. But is it achieved? I asked him to explain the first report.
“When we did this study we were looking at link ecosystems. The web is composed of links – it’s the links that make the web what it is. We wanted to get a better understanding of the link ecosystems on social networks and other popular sites, and then to correlate that understanding with what the bad guys are doing. How, for example, are those link ecosystems being used by the bad guys to spread malware and spam today. Something like 75% of all internet traffic on the planet is going to the top 20 sites – so how are the bad guys using this new phenomenon to spread their wares?
“We took a look at the most frequently visited sites, and we looked at their link ecosystems. We looked at the links on the popular sites and we downloaded all of the content from all those links and analysed them. That gave us the two-click analysis: are you just two-clicks away from malware when on the most popular sites?Well, if you take the top sites on the web, for example news and media sites, we found you have over a 72% chance of having at least one piece of malware within two clicks of the site. Message Boards and forums were 71%, entertainment was 53%, and social networking was 55%. More specifically, on Facebook we found that 40 percent of status posts contain a URL, and that 10 percent of those are either spam or malicious.”
I’m not sure how much value we really get from this particular Websense study. For the average user I consider the ‘2 clicks’ concept is potentially quite dangerous. My advice would be for all users anywhere on the internet to assume that you are always just one-click away from malware. Don’t ever click on any link without weighing up the possibility that it might be leading you to malware. Assume the worst and you won’t be disappointed. Trust and verify? No. Verify before you trust on the internet.
You can see the actual report here. But if you do look at it, remember Renert’s description of how much information went into the making of it; and then consider how much information we’re given within it. It’s not much in comparison – and I blame that on the medium. Websense has chosen video reports; and in my opinion a video report is almost always lightweight in comparison to a 20-page PDF document. Video makes good advertising, and to a large extent that’s what this inaugural Insight really is. I hope Websense learns for future Insights. They could be something special. The first one is not.