RE: New use case for malware at previously visited site

I agree with the use case and the suggested additions

 

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Ian Fette
Sent: Thursday, August 16, 2007 12:46 PM
To: Luis Barriga (KI/EAB)
Cc: public-wsc-wg@w3.org
Subject: Re: New use case for malware at previously visited site

 

Good point... I would agree that the point in time where the site has been
cleaned up is yet another distinct case.

On 8/16/07, Luis Barriga (KI/EAB) < luis.barriga@ericsson.com> wrote:

More than that. How does Betty can re-gain trust on this site once it has
been sanitized? Should the user agent just transparently allow access to the
site upon visit after the site is clean? Or should the UA inform Betty?

 

Note the life cycle difference with (temporal) malicious sites that have
been created with bad purposes from the beginning. The use case below starts
witha good trusted site, that was infected and untrusted, but once sanitized
it would certainly want to be back in business again.

 

Luis

 

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Ian Fette
Sent: den 1 augusti 2007 23:47
To: public-wsc-wg@w3.org
Subject: New use case for malware at previously visited site

Hi all,

I took on an action item in today's distributed meeting to add a use case
for a user browsing to a known malware site which has been previously
visited. I wanted to send this out to the list for comments, since I know
we're trying to come to consensus on the scope and use cases document.
Here's the use case I would like to add: 

Betty tries to connect to a web site at <http://www.example.com/>. She
visits this site frequently to read various news and articles. Since her
last visit, the site example.com <http://example.com/>  has been compromised
by some method, and visitors are now being infected with malware. A
blacklist used by her user agent has since listed example.com
<http://example.com/>  as a known bad site, what warnings should Betty be
presented with?

Destination Site
- Known, Prior visit 
Navigation
- any
Intended interaction
- Information retrieval
Actual interaction
- software installation
Note
- This is slightly different than use case 19. It still deals with how to
present results obtained from reputation services, but in the case of a user
returning to a site that they believe to be "good" when that site is now
believed to be compromised. 


(If anyone has questions about whether this should be in scope, I would
emphatically say yes...  it falls under 4.4 in the use case document
(Third-party recommendation) in the case of blacklists, can potentially fall
under 4.5 if a user agent takes history into account (i.e. you're navigating
to example.com <http://example.com/>  which you visit daily, but now for
some reason it's on a blacklist your browser uses). This is not meant to be
detection, but how to display a warning that you're navigating to a site
known to be malicious by a trusted (3rd) party. 

Further, the document states "The Working Group will only consider Web
interactions in which a human participates in making a trust decision" -
visiting a site that is on a malware blacklist presents a trust decision -
do I trust this site to be safe to visit, or do I believe the warning that
my browser and system are about to be owned if I actually visit this site? 

If anyone has questions / concerns / suggestions regarding this proposed use
case, I'd love to hear them. 

Regards,
Ian Fette

 

Received on Thursday, 16 August 2007 17:31:40 UTC