When accessing the World Wide Web over the Internet a computer user must be careful not to access, use or download files from a Web site of unknown reputation. Unfortunately, disreputable operators of certain Web sites can implement the Web site such that an unknowing user might download a computer virus, spyware, or other type of malware simply by accessing or using that Web site. For example, it is generally known that downloading free software or games from a variety of Web sites is risky in that spyware and other types of malicious software might be downloaded as well onto the user computer. Further, a disreputable Web site might be involved in a phishing or pharming scam and attempt to steal information from a user even without the user trying to download malicious software onto the user computer. In addition, it may be desirable on the part of a company, organization or even a parent to restrict access to certain Web sites simply because of the content.
As such, it is known in the art that a variety of filtering technologies are used to block a computer user from accessing certain disreputable or undesirable Web sites. For example, network traffic filtering is used to block traffic to particular Web sites. In this technology, a kernel driver or a layered service provider (LSP) is first installed on the user computer. This installed software filters network traffic and blocks such network traffic specific to a particular Web site when the software determines that the user is attempting to browse to a Web site that is considered dangerous.
Unfortunately, this technique has some disadvantages. Firstly, the user must install the network traffic filtering software on their computer and must update the software periodically. Secondly, both the kernel driver-based approach and the LSP-based approach cannot handle Web site browsing requests using the secure HTTP protocol. Thirdly, both approaches have trouble filtering all Web site browsing requests because both approaches cannot clearly identify whether a packet begins an HTTP protocol transition or not—there is no information in a packet that can guarantee that it belongs to an HTTP protocol transition. These approaches can only make an educated guess based on common practices. For example, a packet might belong to an HTTP protocol transition if its target port of TCP protocol is one of the well-known HTTP service ports or if its payload matches with the pattern of an HTTP protocol. This uncertainty, though, can cause false positives.
Another filtering technology used involves Web browser plug-in software. A user installs special plug-in software in their browser and the software filters all Web browsing requests sent by the browser and blocks specific requests when the requested Web site is considered disreputable or dangerous. Similar to the first technique, one disadvantage is that the user must install and then maintain the special plug-in software. Further, a provider of this technology must implement multiple versions of the browser plug-in software in order to adapt to different Web browsers. Currently there is no standard for a browser plug-in.
A third filtering technology is proxy-based filtering. A user must first configure his or her Web browser in order to route the browsing request via a specific proxy server. Or, the Internet service provider sets up a transparent proxy server to handle the Web site browsing requests from the user. From that point on, the proxy server will intercept and review all Web site browsing requests from the user and then block specific requests when the target Web site is considered dangerous. One disadvantage of this technique is that if a target Web site is considered safe, the proxy server must fetch data from the target Web site and then redirect that data to the user. This approach requires very careful hardware and software design in order to achieve acceptable throughput. Also, this data redirection has an enormous cost in terms of network traffic. If the proxy server is hosted centrally in a particular company, bandwidth and scalability issues can be major challenges.
Considering these previous approaches and their disadvantages, a Web site reputation service is desired that would be simple, flexible and easy for the end user to use.