The Security Mentor

Siteadvisor.com has an online quiz which shows you pictures of the front page of various sites and tests you on whether you can tell if they distribute spyware.

It's hard to do, which is exactly their point -- they want you to use their product, which sits in your browser and checks the reputation of a web site before you go there.

If you're concerned with privacy you might be interested in how SiteAdvisor's product works. There are two ways to program a product like SiteAdvisor. One is to download the list of good and bad websites to your computer. The other way is for the plugin to phone home to SiteAdvisor and say the electronic equivalent of "my user is about to visit 'amazon.com', is that all right?". Which means that SiteAdvisor is getting a continuous stream of what web sites people are visiting. Here's part of their privacy policy:

Our database of ratings is far too large and too frequently changing for us to send it to you in advance when you download our software.

We never store information about where specific users go online or about what they do online. We do keep master anonymous logs of which sites our users visit so we can prioritize those sites for retesting.

I know you're dying to ask how your friendly security consultant did on the quiz. I got 6 right out of 8, was unsure about one of my wrong answers, and was just plain dead flat wrong on the eighth. To do even that well I had to use a lot of what I know about the economics of web sites, the names of some of the crooks, and the "feel" of a page prepared by an honest software developer. I don't think anyone who's normal or who has a life could do better than chance.