Browser Defender Help

1. What is Browser Defender?
2. How do I use Browser Defender?
3. Browser Defender toolbar
   1. Protection from phishing
   2. Protection from exploits
   3. Exploit Detections
   4. Browser Defender Toolbar ratings
4. Browser Defender website
   1. What are the site ratings?
   2. What do you take into consideration when determining site ratings?
      1. File downloads
      2. Online affiliations
      3. Annoyances
      4. Characteristics of malware found (if any)
      5. Categories

What is Browser Defender?

Browser Defender is a utility which protects your computer by providing you with an informative and helpful assessment of websites and the possible dangers they pose, thereby allowing you to make better informed choices when you browse the Internet.

A simple green, red or yellow rating lets you know immediately if, in ThreatExpert's opinion, the website is safe to visit, harmful or needs to be visited with caution. If the website is not amongst our millions of crawled domains, then a grey rating will be shown. If you wish to submit a site to be assessed you can do so from the Browser Defender website.

Safe

Visit with caution

Unsafe

Not assessed as yet

ThreatExpert, a market leader in security analysis, has already done the homework for you by crawling websites and assessing them for possible threats including viruses, spyware, adware, exploits, spam and other unwanted software. Our patent pending technology then analyzes each file download on the site to produce a detailed report. The files are also scanned with PC Tools' multi-award winning security software products, Spyware Doctor and PC Tools AntiVirus.

How do I use Browser Defender?

There are two ways to take advantage of Browser Defender's protection:

• Browser Defender toolbar
• Browser Defender website

Browser Defender toolbar

The toolbar is a useful utility that provides you with a safety rating for website links returned from a Google™ or Yahoo!^® search, so that you are aware before you visit a website whether, in ThreatExpert's opinion, it is safe, unsafe or needs to be visited with caution. When you install the Browser Defender toolbar, search results through Google™ and Yahoo!^® searches will be marked with a green, red, yellow or grey icon beside each link to indicate their safety level.

Moving your cursor over the rating will display a summary of the site's rating for downloads and links.

Additionally, when you click on a website link, a highlighted bar at the top of the browser indicates the safety rating along with a short explanation for it.

Protection from phishing

ThreatExpert defines phishing sites as those sites which attempt to acquire your sensitive information, such as usernames and passwords, often by posing as another legitimate site. The Browser Defender toolbar offers additional protection from phishing sites by detecting them in real-time and displaying a red or yellow warning depending on the threat posed.

Protection from exploits

ThreatExpert defines exploit sites as those sites which host a piece of code that takes advantage of an existing software vulnerability, which in turn can silently download malicious software.

The Browser Defender toolbar offers protection from exploit sites by detecting them in real-time and displaying warnings depending on the threat posed.

Exploit Detections

When Browser Defender detects an exploit or if you attempt to access a bad URL (in our list), Browser Defender will block access to the site and instead display a blocking page, shown below:

The blocking page displays the reason for the block, the name of the exploit detected and the domain you were trying to view. For example, you may see the following messages on the blocking page:

"IDB Blocked the Site", "UDB Blocked the Site": The site was blocked because the site you were attempting to access is listed in our bad URL list.

Click on "Go to home page" to go to your default home page.

If you still wish to view the blocked site, click on "Access this Website for this session" or "Always Allow". Please note that accessing a blocked page could cause your computer to be infected. "Access this Website for this session" will permit access to the site for that particular session only.

If you have Spyware Doctor installed on your PC, clicking on "Always Allow" will display instructions on how to add a site to Spyware Doctor's Global Action List. This will allow you to grant access to the site every time you access it without blocking your action.

Browser Defender Toolbar ratings

You can turn the toolbar protection on and off by toggling the menu.

When checking for a phishing site, the anti-phishing engine will look for a range of characteristics of phishing sites. The more characteristics it identifies, the higher the rating will be.

The anti-phishing engine will evaluate each site in real-time to check for any potential threats. It will then display one of these ratings:

If the anti-phishing engine does not detect any potential threats, the toolbar will then check Browser Defender's database of pre-crawled websites and display one of these ratings:

Browser Defender website

Simply go to the Browser Defender website, www.browserdefender.com and enter the site you would like Brower Defender to assess. All tested websites will be returned with a full analysis report. We are continually expanding our database of websites analyzed, but if your requested website is not amongst our millions of crawled domains, then a grey rating will be shown. You may also submit a site for assessment here.

What are the site ratings?

The ratings displayed are those calculated at the time of the last evaluation cycle. Sites are regularly re-evaluated. A feedback form is also provided for your input if you believe a site is incorrectly rated.

The ratings are:

• Green: This rating indicates that the tests we performed have led us to form an opinion that this is a safe site to visit which poses no threats either in terms of file downloads, links to unsafe sites or annoyances.

• Yellow: A yellow rating indicates that, in our opinion, this site should be visited with caution. This may be because, in our opinion:

  • At least 50% of the links from the site have a red and/or yellow rating;

  • The site has one or more browser exploits;

  • The site has one or more potentially malicious downloads;

  • A phishing site is detected; and/or

  • The site belongs to a list of independently known bad sites

• Red: A red rating indicates that, in our opinion, this is an unsafe site. This may be because, in our opinion:

  • The site has one or more potentially malicious downloads;

  • The site belongs to an independent list of known bad sites; and/or

  • A phishing site is detected

• Grey: The website has not yet been assessed by ThreatExpert.

What do you take into consideration when determining site ratings?

We take the following factors into consideration when we analyze and form an opinion on a website:

• File downloads : Both direct file downloads, as well as links to file downloads in other domains;

• Online affiliations : Links to other domains;

• Annoyances : Software which ThreatExpert believes are unwanted, such as pop-ups, spam, exploits, cookies;

• Characteristics of malware found (if any): Any malware which ThreatExpert believes compromises the integrity/security of your system; and

• Categories: Evaluating keywords on a website to determine whether the content falls under a certain category.

ThreatExpert forms its opinion on the overall rating of a site through a cumulative rating determined after examining all these factors independently, and in relation to each other.

File downloads

Here is an example of a site with dangerous file downloads:

The threat level for each file is indicated by a colored bar, incrementing from left to right, allowing you to easily identify ThreatExpert's opinion on the magnitude of a threat.

To access the full file report, generated by ThreatExpert, simply click on the link to the file. If the file has been calculated a full Threat Expert report will be generated. If the file is still being calculated a smaller trimmed down AntiVirus report will be generated.

Online affiliations

Online affiliations of a site are its links to other websites. A site's online affiliations greatly influence ThreatExpert's overall safety rating for that site. This is because a site may link, in ThreatExpert's opinion, to one or more potentially high risk websites. The site report lists all online affiliations of the assessed site.

Here is an example of a site with a number of potentially high risk links:

Annoyances

ThreatExpert determines its opinion on web annoyances for a given site, in terms of:

• Browser Exploits: Any browser exploits present on the site, i.e. a short piece of code which exploits a vulnerability in a browser to potentially cause harm to your system;

• Spam: Unsolicited web spam originating from the website;

• Cookies: Cookies downloaded from the site;

• Popups: Popups generated by the site; and

• Redirections: Redirections to other domains.

Characteristics of malware found (if any)

The site report lists any malware, which Browser Defender has found. These may include:

Keylogger: An application, which ThreatExpert believes is malicious as it attempts to steal passwords, login details, and other confidential information by recording your keystrokes.

Worm: A network-aware computer program that, in ThreatExpert's opinion, attempt to replicate across the existing network.

Trojan: A threat that, in ThreatExpert's opinion, compromise your computer by opening a proxy server on it.

Backdoor: An application, which ThreatExpert believes is malicious as it runs in the background and allows remote access to your system, giving the attacker full control of your system.

Virus: A computer program which, in ThreatExpert's opinion, copies itself and infects a computer without the permission or knowledge of the user.

Dialer: A computer program that, in ThreatExpert's opinion, dials high-cost phone calls to services offering pornographic content.

Downloader: A program that attempts to download files, which ThreatExpert believes are malicious, to the local computer and execute them.

Hacktool: A potentially unsafe program, in ThreatExpert's opinion, is designed to access the passwords in your system.

Exploit: A piece of code that, in ThreatExpert's opinion, takes advantage of an existing software vulnerability.

Hijacker: A program that, in ThreatExpert's opinion, can be used to hijack certain aspects of users' web browser functionality (such as homepage, search page, and security settings).

Spyware: A spyware program that, in ThreatExpert's opinion, represents a security risk for a local system.

Rootkit: A code, which in ThreatExpert's opinion, has the rootkit-specific techniques designed to hide the software's presence in the system.

Rogue AntiSpyware: Rogue antispyware application that, in ThreatExpert's opinion, uses aggressive and deceptive advertising along with false detections to persuade users to download and purchase their product

Monitoring Software: Monitoring software that, in ThreatExpert's opinion, is designed to run in stealth mode and monitor users' activity

Adware: Potentially unwanted adware program that, in ThreatExpert's opinion, is designed to deliver various advertisements to the users' systems

Categories

Using a keyword evaluation, ThreatExpert is able to form an opinion on certain content categories prevalent in websites. When any such category is identified, it is listed in the site report.

Content categories found on a site, include:

Adult
Dialers
Gambling
Hacking
Violence