Exploit Prevention Labs Linkscanner Pro takes a decidedly different approach to identifying and alerting users to potentially harmful Web sites. Rather than scan all the Web sites on the Internet and rank them, as McAfee SiteAdvisor does, Linkscanner Pro scans sites as they download onto your browser, identifying code and links known to be malicious. Linkscanner Pro is available as a paid service, and it's the only secure browsing tool we reviewed to include Firefox, Internet Explorer, and Opera. A free version, Linkscanner Lite, is only available for Internet Explorer, although a Firefox version is promised. Linkscanner is the brainchild of veteran antivirus researcher Roger Thompson, and rather than rely on database information, it takes a live snapshot of the health of any given Web site as it loads, quickly identifying sites that have been altered by criminal hackers via cross-site scripting attacks, such as the 2007 Super Bowl Web site. For blocking malicious code from entering your brwoser, Linkscanner is excellent, however, we found it doesn't always identify ordinary, nonexploit-related phishing and fraud sites with such zeal.
We had no trouble installing Linkscanner Pro. Unlike the free Netcraft toolbar and SiteAdvisor, Linkscanner Pro works in the background, identifying Web site content independent of which Internet browser you use. Unlike SiteAdvisor and the Netcraft toolbar, Linkscanner Pro has its own interface. There's a tab to cut and paste suspicious URLs--handy for ferreting out e-mail phishing attacks. There's a tab that displays all active Internet services on your computer--handy for spotting spyware. There are tabs for exploits prevented and exploit sites blocked (that is, sites hosting the exploit code).
Unlike the Netcraft toolbar, which only detects suspected phishing sites, Linkscanner Pro and SiteAdvisor display their safety ratings over your current Internet search result page when using Google, Yahoo, or Live.com, but not Ask or A9. While Linkscanner Pro and SiteAdvisor generally agreed, we did find more than one legitimate Web site that Linkscanner Pro identified as suspicious that SiteAdvisor did not flag.
One defaced Web site is a Massachusetts-based restaurant Web site infected with a malicious Trojan. When viewing the source of the page, the hacker-added iframe script appears at the very bottom, calling out to a site in Korea known to host malicious code. Linkscanner blocked only the iframe code and otherwise allowed us access to the legitimate site. SiteAdvisor, both free and paid, allowed us to access the legitimate site without so much as a warning. Clicking the SiteAdvisor detailed explanation reveals that the site was checked and marked safe for browsing within the SiteAdvisor database. Neither Netcraft toolbar nor the antiphishing protection in Firefox 2 or Internet Explorer 7 blocked our access to this site.