Jump to content

Web of Trust ; Trusted?


BornSlippy

Recommended Posts

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Web of Trust is a community based rating system, that means, like anything that is community based, that all ratings are based on the opinions of the users within the community. How trustworthy or accurate it is must be determined by those who choose to use it.

I've never personally used it, but I know many on these forums and elsewhere do use it. I see no problem with that, as it is their choice and I have no info either way on whether or not their ratings are accurate, but I generally stick to using a HOSTS file and the website blocking module in Malwarebytes Anti-Malware to block undesirable sites, simply because I know what the sources of those 'ratings' are from. They come from actual research by experienced malware and scam hunters who scour the web looking for bad sites to block.

Link to post
Share on other sites

I have had issues with WOT. eg, some members red listed my ISP and phone/tv provider's newsletter! "Telus Currents" I queried that on the WOT forum and got only some fanbois making lame excuses and trying to slag me, they never checked and delisted it either.

I mean, come on people, Telus is a huge corporation and i doubt that they would have a monthly "dangerous" newsletter problem for over a year.

Link to post
Share on other sites

Web Of Trust can be manipulated, however their system requires a certain amount of participation before you are able to manipulate the ratings at all, and there are different levels of membership. I don't know WOT extremely well (I can't properly explain their rating system or how their different levels of membership effect ratings), however I have never had any real concerns about their reliability. Their system is not foolproof, however I find it better than anyone else's systems.

Also, as a website owner I have never been in contact with WOT for any reason. They have never tried to extort me, they have never tried to sell me anything, they have never miss-rated my website, and they have never given me any trouble. I don't believe all of the anti-WOT stuff I read out there, and I dismiss it all as libel. They are trying to damage WOT's reputation because they have untrustworthy websites and they hate the fact that WOT exposes them to users, and protects users from their crap. Steven suffers through the same thing with hpHosts and his various other services, and Malwarebytes suffers through it as well.

Edit: Also, if someone's website is slapped with a bad rating on WOT, then the rating was given by visitors to the website, and thus the website owner/maintainer is responsible for the rating and for encouraging users to fix the rating. I do not like it when people throw a fit at WOT for a bad rating when WOT didn't give them the rating in the first place. If it is too much trouble for a website owner/maintainer to fix the problems with their website and then appeal to WOT users to reevaluate their website in the hopes of a better rating, then there is something else going on.

Link to post
Share on other sites

  • Root Admin

I've asked for some input on this as that is exactly what these blogs are claiming Arthur. That the numbers are bogus - and on the surface I would have to agree that something is at least fishy.

g7w (Platinum) 61,862 = 962 posts per day average, EVERY DAY since Nov 2008

40.08 posts per hour - that is .6 posts per minute every minute since Nov 2008 around the clock non stop.

This has to be either falsely inflated, wrong, or automated (any of which leads one to at least be skeptical without solid reason for these type of numbers which I was not able to locate on their site)

Link to post
Share on other sites

This has to be either falsely inflated, wrong, or automated (any of which leads one to at least be skeptical without solid reason for these type of numbers which I was not able to locate on their site)

I recognize the screen name 'g7w', and I'm fairly certain that they are a real person. I suggest asking Steven about it, as he spends some time on their forums, and may know more. I also suggest that you take a look around WOT's forums, where you will see g7w's posts.

On the subject of six tenths of a post per minute, that's easy. When typing a short comment (especially if you have canned replies), do you need more than a minute to post it? If you are a researcher that has a list of malicious sites to rate on WOT (or if you pulled a bunch of lists of malicious sites from places such as MDL) then you could easily have 1,000 posts per day just pasting in a "This site is malicious" comment on each site you rate. If you have a list already prepared, then you could easily do several per minute, if not more. On top of that, a lot of browsers support User JavaScript, and a script could be written to allow for quicker submissions and ratings, and extensions could be written that do as well. Also, do not forget that ratings can be made directly from your favorite search engine's results and from the WOT extension while at any webpage (I can click the little green circle right now and in a matter of seconds change my rating for these forums).

Also, just an FYI: g7w was born in 1959, and very well could be retired and have all day to sit there and rate websites. ;)

Link to post
Share on other sites

Just an FYI, g7w is one of a few that have access to the MRT (Mass Rating Tool), which allows rating multiple sites at once. He does actually check them all before rating.

/edit

The two links in the OP, were put up because the owner of a site selling HHO kits, didn't like the fact people didn't trust HHO kits ;)

Link to post
Share on other sites

Manipulation is only one concern, whether by mass rating tool or manual. In point of fact simply to visit the number of sites quoted by AdvancedSetup let alone give them even remedial analysis is suspicious. Web of Trust, unlike democracy, lacks a stupidity filter, When you allow stupid people more than one vote then it ceases to be a democracy. Virus total has a similar system of rating but at least the user is guided/misguided by the various scanners and the results are not definitive to the detriment of the samples submitted ( software used on this forum written by members of this forum has been subject to false positives and misrated as a consequence ). I'll give you an example which includes some of the issues to which I'm referring,

http://www.mywot.com/en/scorecard/trojan-killer.net

Now, I don't use Trojan Killer and have no particular view regarding its performance except that it isn't 'Rogue Software' by any definition that i'm familiar with. There's even a reference to HP Hosts in support of the description (which turns out to be bogus or outdated). Unfortunately this is not an isolated example, there are hundreds of these stupid ratings which would be of little consequence were it just another Siteadvisor but since the tie up with Facebook they have an impact they don't deserve.

Link to post
Share on other sites

  • Root Admin

I suppose that is my issue/contention about this whole thing. Using any "tool" to mass post does not make sense.

So you're saying that in under 30 seconds of every day since Nov 2008 around the clock he has been able to personally visit and make an "informed decision" about any posted site.

I'm sorry but I just cannot believe that. Now, using a tool to go out and scan a network is different but then that is not what is being said or explained on the site, and that would not be "personally investigating" that would be using an automated tool to scan a network for specific suspicious issues and make an educated guess that said site was bad.

I'm not saying that what the site is "trying" to do is not good, only that the methods or posted site information is highly misleading. The screenshots below were taken last night March, 24, 2012 (now that site might legally be within their rights in the Netherlands but that does not make it "trustworthy" does it?) They may not directly be participating in any type of malware or direct threats and I've not even tried but I'm willing to bet that if I visited that site daily with IE6 and no protection that within a couple days or less I would probably get infected from some link "indexed and provided" by that site. If you're going to use an automated mass posting tool then at least the basic details of what it's looking for and doing should be made available and hopefully agreed upon by other members of known security sites that it is doing the intended task of locating real threats or suspicious potential threats that may require more physical hands on review and not making it seem like someone has personally visited every single site and made an "informed" decision in less than 30 seconds. I know I certainly could not do that and I'm pretty fast at typing and posting myself, but one would also need to be reviewing the actual code content of pages for links and other issues - not just because they reside on a server with others that might be participating in such threats.

wot-user-g7w.pngWOT-Rating-for-1channel.ch.png

WOT-Rating-for-1channel.ch-site.png

Link to post
Share on other sites

For the sake of balance perhaps I should invite comments from some of the victims of this absurdity.

I was not aware that there were any legitimate victims. As I said before; if someone's website is slapped with a bad rating on WOT, then the rating was given by visitors to the website, and thus the website owner/maintainer is responsible for the rating and for encouraging users to fix the rating. ;)

Link to post
Share on other sites

In the OP the domain dukeo.com and affhelper.com are referenced. Both promote MLM/ Affiliate / stay at home, "get rich quick" schemes. There's tens of thousands of those sites online selling everything from bogus teeth whitener, to CPAlead-style SMS charge IQ tests / surveys.

look at:

http://bgp.he.net/dn...lper.com#_whois

then

http://bgp.he.net/dn...edia.com#_whois

Save this DL as a PDF:

http://www.scribd.co...ecret_password=

the domain it references is [expired Feb 2012]:

http://who.godaddy.c...MANIPULATOR.COM

I rate this crap poorly, if you trust it though and you use WOT, you have the freedom to give it excellent ratings.

QUOTE post #2:

Web of Trust is a community based rating system, that means, like anything that is community based, that all ratings are based on the opinions of the users within the community.

Not true, WOT employs trusted sources - automated ratings: hpHosts, MDL, SURBL, more:

https://www.mywot.co...Trusted_Sources

Quote post #3:

I mean, come on people, Telus is a huge corporation

previous rant here: http://forums.malwar...showtopic=80577

Apparently not many many WOT users subscribe to the Telus newsletter, compare the main domain with the newsletter subdomain scorecards:

https://www.mywot.co...ecard/telus.com

https://www.mywot.co...etter.telus.com

How to keep WOT from warning about a site (domain / subdomain / IP)? Simple: rate it. WOT does not warn you for sites you trust.

Quote post #4:

Web Of Trust can be manipulated, however their system requires a certain amount of participation before you are able to manipulate the ratings at all, and there are different levels of membership.

Wow, hear that one at least... twice a month.

Manipulation by whom? A single user? a group of 5 forum regulars? A bot? How about a user with multiple accounts [spammer]?

rather than retype, please look at the WOT wiki FAQ (in it's entirety): https://www.mywot.com/wiki/FAQ

As for "membership levels" You are referring to activity score which != a user's relibility; please see:

https://www.mywot.co...Activity_scores

https://www.mywot.co...ing_reliability

Quote post #5:

g7w (Platinum) 61,862 = 962 posts per day average, EVERY DAY since Nov 2008

40.08 posts per hour - that is .6 posts per minute every minute since Nov 2008 around the clock non stop.

Thanks!

And to think, I am #3

If you really want to do some calculations, try #1: https://www.mywot.com/en/user/1965863

I was about to rate a small group of domains when I noticed a message about this thread.

Here's my tracks, tell me if any of you disagree for rating these poorly for Malware distribution.

start here:

http://vxvault.siri-...he.php?ID=15640

snag the domain name: guarantortestingservant.info

BFK dnsLogger is good for this one:

http://www.bfk.de/bf...ant.info#result

navigate to the IP link:

http://www.bfk.de/bf...0.207.99#result

snag the domains:


crashescarepc.info
systemtesterpc.info
testcustodianperfomance.info
defenderdetectionon-line.info
scannercontrolcare.info
caredataspyware.info
perilsverifyspyware.info
keepercomputerrescue.info
crashesprotectorrescue.info
brittlenessefficiencyscanning.info
perfomancemicrosoftwreck.info
centerutilitywreck.info
verifyon-linescan.info
detectservantscan.info
processesvulnerabilityscan.info
controldebuggerclean.info
inspectorguarantorcustodian.info
stabilitythreatcustodian.info
centeron-linedetection.info
perfomancecrashesprotection.info
on-linetaskssolution.info
taskscontrolwarder.info
testwormswarder.info
preventiontestdanger.info
keeperreliabilitydanger.info
protectprotectorscanner.info
warderinfectionkeeper.info
worryprotectordeliverer.info
scantoolscenter.info
dangerinspectiontester.info
dangerinformationcomputer.info
saverpreventioncomputer.info
riskshighsolver.info
spywareantivirusminimizer.info
inspectormicrosoftminimizer.info
testerrisksoptimizer.info
infectionwindowsoptimizer.info
activitycaremonitor.info
keepprotectionmonitor.info
debugspywarecrashes.info
preventiontestercrashes.info
inspectionreliabilityanalysis.info
cleantesterrisks.info
netrisks.info
inspectorfirewallperils.info
processescustodianworms.info
remedynettrojans.info
activitycrashesqueerprocess.info
netcenterbrittleness.info
saverscanningproofness.info
windowsguarantordetect.info
stabilityprotect.info
guarantortestingservant.info
informationcustodianservant.info
controlsystemagent.info
datawarderagent.info
verifyworrylow.info
safetyefficiency.info
shieldspywareverify.info
on-linerescuereliability.info
scanningbrittlenessreliability.info
delivererscanvulnerability.info
debuggerwindowsstability.info
microsoftdangerutility.info

rate in WOT - 1 click

have the comment reference Safebrowsing

also throw in a DNS link (basically for my own future reference)

re: http://www.google.co...ic?site=!domain

DNS: http://www.robtex.co...ns/!domain.html

the !domain is a variable replaced by the list entries in the MRT, re:

https://www.mywot.co...ass_rating_tool

That takes about a minute, with no interruptions.

Have a look here: primoclients.com

Not an MBAM listed, domain - it just aggregates email address for future spam, also abuses bit.ly Snag the IP that domain sits on and navigate your browser:

http://199.168.137.5/

same page.

Go "up" or "down" the IP range, identify the domain(s) served on those IP's and you'll have this list:

https://www.mywot.co...#comment-133190

WOT wiki has catalog of popular scam / spamvertised domains, where hundreds of thousands of domains are listed on WOT forum:

https://www.mywot.co...rum_discussions

Quote post #8a:

Manipulation is only one concern, whether by mass rating tool or manual. In point of fact simply to visit the number of sites quoted by AdvancedSetup let alone give them even remedial analysis is suspicious.

You should read the wiki FAQ link I provided earlier; clearly you have no idea what WOT is or how WOT works.

People can rate domains/IP's from various resources. As an example, a few years back Conficker was "popular" - I rated about 80k domains in relatively a short amount of time (a few days) from a list I obtained here: http://www.cert.at/d...nficker_en.html

There are many resources which vary from malware to phishing to spamvertised/scams.

Quote post #8b:

Web of Trust, unlike democracy, lacks a stupidity filter, When you allow stupid people more than one vote then it ceases to be a democracy

WOT is not a democracy, it's a Meritocracy

(refer to previous link on a user's rating reliability)

But, only 1 "vote" per user. You can edit/change your "votes" or you can delete them. When you create more than 1 user account and rate domains - WOT recognizes this as an attempt to game the system [spam] and it allows you to rate, to leave comments with these multiple accounts but it also nullifies the accounts reliability so their ratings have 0 "weight" basically, they're meaningless.

Quote post #8c:

the tie up with Facebook they have an impact they don't deserve.

[all up in your] Facebook...

Facebook is a social medium

WOT is a "social reputation tool"

I suppose this is why FB selected WOT as one of many out-bound link "checkers" SURBL is another one, BTW. I don't "do" FB so I'm not sure about other "checks" - I've been informed there are others.

As for WOT on FB.

Let's say for example, HCG_diet_pharma.com has an FB page which is currently red in WOT but has 50k followers / "likes" Imagine has trustworthy that domain would be if 5% of their "users" gave high ratings in WOT.

That's the thing, many people bash WOT saying it blocked them from some site; all they have to do is rate it - WOT doesn't warn you for sites you rate green.

Every WOT add-on user is part of the *community* therefor their ratings count. Not every user is registered; actually less than 1% are registered and only registered users can post a comment: scorecard, forum, blog. I never understood those who have WOT installed but do not use it (rate) and still complain. For those who do not have WOT installed - they'll have no complaints, other than possibly an FB advisory. But that, like a WOT warning, is not blocking access, just follow through to the link - no more harm than Firefox popping up a Reported attack site warning, or OpenDNS throwing up a known Phishing site, or your AV warning against a PUP

Some WOT members are members of other forums as well, such as InBoxRevenge, the folks who maintain: spamtrackers.eu Albeit there are MBAM members who are also WOT users...

Oh yeah, forgot

WOT designed their MRT to be similar the the mass-submission tool available to SiteAdvisor users,only WOT restricts 100 domains/click while SA's is automated.

As far as my personal methods for ratings

I automate Firefox to browse a list of domains I've acquired via DNS, it builds a simple text file associating HTML Title tag with domain, paste that into a spreadsheet, sort the titles and you get the different spamvertised "brands" as referenced here:

https://www.mywot.co...vertised_brands

IDSpam - http://spamtrackers.eu/downloads/

uribl.com is a good place to start with 1 domain and follow through the DNS

example: http://rss.uribl.com...T_REG_RIPN.html

snag: hXXp://www.replicazblogz.com/

http://www.bfk.de/bf...ry=94.63.147.85

Link to post
Share on other sites

[snip]

The newsletter i got a couple days back was still rated bad, did you just change it?

It appears in the "middle green" as when I posted the 2 links

My comment was about quality / confidence of ratings; look at the "people" icons on the left-side of the rating bars, compare to the parent domain (higher confidence); it appears that the parent domain has more ratings, than the newsletter subdomain, or people view newsletters in Outlook Express or other non-web mail reader.

Link to post
Share on other sites

I was not aware that there were any legitimate victims. As I said before; if someone's website is slapped with a bad rating on WOT, then the rating was given by visitors to the website, and thus the website owner/maintainer is responsible for the rating and for encouraging users to fix the rating. ;)

I already gave one example (almost at random). Trojan Killer (as opposed to Trojan Remover) is not 'Rogue Software' as tagged by g7w and never has been.

Link to post
Share on other sites

Quote post:#18:

I already gave one example (almost at random). Trojan Killer (as opposed to Trojan Remover) is not 'Rogue Software' as tagged by g7w and never has been.

Yes, in post #8 you stated;

"I don't use Trojan Killer and have no particular view regarding its performance ..."

Is this topic you created about WOT Web of Trust or about me?

You seem to be pretty critical about things you're not familiar with or software you have not installed / evaluated.

Back in Aug 2011, I DL'ed TrojanKiller, ran it, it identified known Windows processes as malware - which is why, at that time, I chose to use the term rogue - maybe you have a different definition, I generally use "rogue" for: ransomeware / scareware / rogueware / crapware.

Here's how WOT works.

If you trust the domain:trojan-killer.net, then rate it [high / green]

offer a comment on the scorecard, if you're registered

WOT ratings are not permanent, they lose weight over time (fade away), though comments remain until the user deletes them or edits them. So, for example, ratings I made back in 2008 / 2009 / 2010 are no longer effective with a domain's reputation, though my comments proffering a reason for those ratings remain. WOT's rating system is dynamic, it realizes things change over time: a domain once registered by a known spammer then, could very well be a legitimate site today - many of these examples are on WOT's forum with new admins requesting review.

Link to post
Share on other sites

I already gave one example (almost at random). Trojan Killer (as opposed to Trojan Remover) is not 'Rogue Software' as tagged by g7w and never has been.

I thought you were pretty cantankerous about trying out a software before saying whether it was good or bad. Do you have any evidence that they were never rogue? Do they actually remove legitimate threats without resorting to scare tactics or spamming a user with requests to buy the 'pro' version to remove the 'threats' that it finds?

I assume that this is the URL to the software in question? http://trojan-killer.net/

I intend on giving this software a try, and if it is no longer worthy of the rating on WOT then you, me, and everyone else here with a WOT account can rate it according to our own experiences.

Also, I want to reiterate (and I am saying this as a website owner), that when a site receives a bad rating on WOT that it is the responsibility of the website owner to appeal to the WOT community if they do not understand why their site received the rating or if they believe that the rating is in error. If they are unable to convince the WOT community to change their rating, then it means that they were unable to convince the WOT community that there was no longer a reason to rate their website poorly.

Link to post
Share on other sites

QUOTE post #2:

Web of Trust is a community based rating system, that means, like anything that is community based, that all ratings are based on the opinions of the users within the community.

Not true, WOT employs trusted sources - automated ratings: hpHosts, MDL, SURBL, more:

https://www.mywot.com/wiki/Trusted_Sources

Fine, so SOME of the ratings are not community based or based on the opinions of users, but that does NOT invalidate my point in any way, since some still are.

To be clear, I am not saying that WOT is a bad thing (in fact, up until this topic was created, I never really heard anything bad about it at all), I was simply making the point that a community based rating system is only as valid as the opinions and research done by said community and that is still true.

Link to post
Share on other sites

Quote post:#18:

I already gave one example (almost at random). Trojan Killer (as opposed to Trojan Remover) is not 'Rogue Software' as tagged by g7w and never has been.

Yes, in post #8 you stated;

"I don't use Trojan Killer and have no particular view regarding its performance ..."

Is this topic you created about WOT Web of Trust or about me?

You seem to be pretty critical about things you're not familiar with or software you have not installed / evaluated.

I don't always choose my words carefully but on this occasion I have. I don't use Trojan Killer, that dosen't mean I haven't tested it.....properly. I have no particular view of its performance, I wouldn't recommend it over alternatives neither would I warn against using it. As for understanding what defines a Rogue I think I can say that , with the exception of some senior members here at Malwarebytes, there's no one in this industry who has caught, tested and submitted as many new rogues as I have. I think I know the difference.

Link to post
Share on other sites

I assume that this is the URL to the software in question? http://trojan-killer.net/

I intend on giving this software a try, and if it is no longer worthy of the rating on WOT then you, me, and everyone else here with a WOT account can rate it according to our own experiences.

?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.