Vikings Best, Polynesians Worst In Domain Safety

SiteAdvisor, the domain risk assessor acquired by McAfee Associates last year, has completed an extensive scan of 265 top level domains (TLDs)  on the Internet, ranking sites by the percentage of malicious code found in visiting the site.

The survey found that 4.1 percent of all Web sites pose some sort of risk to a visitor, whether it’s viruses, adware, spyware, phishing or some other form of malware .

The worst offenders are an odd mix of Slavic countries and South Pacific islands. Russia, the country where malware authors offer service contracts, was far and away the worst of the larger nations, followed by Romania. But also problematic were tiny island nations like Tokelau and Samoa.

The worst offender was a place you’ve probably never heard of: Sao Tome. SiteAdvisor found that 18.5 percent of all .st domains had some kind of exploit. Among the cleanest nations were Iceland, Finland, Norway and Ireland. Other notables included Australia, Singapore and Canada.

There was only one spotless domain, and that was .gov. While some U.S. citizens may think their government is full of crooks, there are no rootkits, key loggers or spyware to be found on a government Web site.

So, do the Vikings know something the Slavs and Polynesians don’t, or is it all a grand conspiracy? Neither, said Mark Maxwell, senior product manager at McAfee. Rather, it has to do with how hard it is to register a domain.

“There is a direct correlation between the risk of the TLD and the hoops or barriers through which an individual has to go through to register a domain,” he told

For example, In addition to paying for the domain name, Australia requires verification to the government side that the entity is registering the site for legitimate business and operates within the nation’s borders. Canada and Finland have similar rules for registering domains as well, he said.

With Tokelau, you can get a .tk domain for free and set it up that day. The tiny island has a population of 1,200, and is not a very wealthy one at that. Maxwell thinks the island nation tried to get in the domain sales business and is being used.

“It’s my guess that this is naiveté on the part of Tokelua, not malicious intent. That being said, they are ultimately responsible for whom they are awarding their TLDs to and managing that,” he said.

Russia, however, doesn’t get a pass. Maxwell said he was shocked at how badly infected .ru sites are. “The proliferation of malware and drive-by downloads on Russian domains was a big surprise. I knew there was plenty of garbage there but I had no idea how bad it was,” he said.

But there is no simple answer, such as tossing Russia off the Internet. “I think exposing the reality that that top level domain is significantly riskier than others is one way. Do I anticipate that TLDs will clean up their act? I’m skeptical there. It would depend on technologies and education of end users to help,” he said.

Some of that technology, naturally, is SiteAdvisor’s self-titled software, a free plug-in for both Internet Explorer and Firefox that gives a color-coded score to a domain to alert the user of its relative danger. The ranking is based on SiteAdvisor’s own testing, which involved interacting with thousands of sites worldwide and interacting with each one as a user would to see if anything untoward would happen.

News Around the Web