Abstract
We examine the outcomes of the Web of Trust (WOT), a user-based system for assessing web security and find that it is more comprehensive than three automated services in identifying ‘bad’ domains. Similarly to PhishTank, the participation patterns in WOT are skewed; however, WOT has implemented a number of measures to mitigate the risks of exploitation. In addition, a large percentage of its current user inputs are found to be based on objective and verifiable evaluation factors. We also confirm that users are concerned not only about malware and phishing. Online risks such as scams, illegal pharmacies and misuse of personal information are regularly brought up by the users. Such risks are not evaluated by the automated services, highlighting the potential benefits of user inputs. We also find a lack of sharing among the vendors of the automated services. We analyze the strengths and potential weaknesses of WOT and put forward suggestions for improvement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The UK Card Association: New Card and Banking Fraud Figures (March 10, 2010) http://www.theukcardsassociation.org.uk/media_centre/press_releases_new-page/922/
Provos, N., Mavrommatis, P., Rajab, M., Monrose, F.: All your iFRAMEs point to Us. In: Proc. USENIX Security (2008)
Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying Malicious Websites and the Underground Economy on the Chinese Web. In: Proc. WEIS (2008)
Moore, T., Clayton, R.: The impact of incentives on notice and takedown. In: Johnson, M. (ed.) Managing Information Risk and the Economics of Security (2008)
Wondracek, G., Holz, T., Platzer, C., Kirda, E., Kruegel, C.: Is the Internet for Porn? An Insight into the Online Adult Industry. In: Proc. WEIS (2010)
Edelman, B.: Adverse selection in online “trust” certifications and search results. Electronic Commerce Research and Applications (2010)
Surowiecki, J.: The wisdom of crowds. Anchor Books (2005)
PhishTank: Vendors using PhishTank, http://www.phishtank.com/friends.php
Web of Trust (WOT): http://www.mywot.com . Query API: http://api.mywot.com/0.4/public_query2?url=site
McAfee SiteAdvisor, http://www.siteadvisor.com/sites/site
Norton Safe Web, http://safeweb.norton.com/report/show?url=site
Google Safe Browsing diagnostic page. http://www.google.com/safebrowsing/diagnostic?site=site
Moore, T., Clayton, R.C.: Evaluating the wisdom of crowds in assessing phishing websites. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 16–30. Springer, Heidelberg (2008)
Sheng, S., Wardman, B., Warner, G., Cranor, L.F., Hong, J., Zhang, C.: An empirical analysis of phishing blacklists. In: Proc. CEAS (2009)
Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding Phish: An Evaluation of Anti-Phishing Toolbars. In: Proc. NDSS (2007)
SpamCop, http://www.spamcop.net
LegitScript, http://www.legitscript.com
Alexa top million sites, http://www.alexa.com/topsites
McAfee TrustedSource, http://www.trustedsource.org
Moore, T., Clayton, R., Anderson, R.: The economics of online crime. Journal of Economic Perspectives 23(3), 3–20 (2009)
Clauset, A., Shalizi, C.R., Newman, M.E.J.: Power-law distributions in empirical data. SIAM Review 51(4), 661–703 (2009)
Chia, P.H., Heiner, A.P., Asokan, N.: Use of ratings from personalized communities for trustworthy application installation. In: Proc. NordSec (2010)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chia, P.H., Knapskog, S.J. (2012). Re-evaluating the Wisdom of Crowds in Assessing Web Security. In: Danezis, G. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27576-0_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-27576-0_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27575-3
Online ISBN: 978-3-642-27576-0
eBook Packages: Computer ScienceComputer Science (R0)