0

How can I know if visiting a website is safe?

Is a scan with virus total good enough? If it says that the website is clean then can I be sure that I won't get hacked by visiting it? Could a website still be unsafe to visit even if virustotal says it is clean? Is it possible that a website has malicious code that is not present in virustotal database?

What about addons like WOT (web of trust)? Can their assessment of websites be relied on?

Linux_user0987
  • 261
  • 1
  • 8

1 Answers1

1

Neither a virus scan nor a web of trust can judge the security of the website. WOT is just about the trust others have in this site, which says nothing about the security of the site in general and especially not of the security at the very moment. A virus scan will also not find typical coding problems like SQL injection or cross site scripting nor will it give you any clue how well your data are protected.

How can I know if visiting a website is safe?

You don't. Which already starts with the problem what "safe" actually means?

Is it that the site itself does not try to deliberately attack you (phishing or malware), i.e. safe to visit. It is about privacy, i.e. how much the site will track you? Is it about the safety of the data you enter into the website, i.e. safety of stored passwords and credit cards, no deliberate sharing with others etc.

What about addons like WOT (web of trust)? Can their assessment of websites be relied on?

This is more like the rating of products on shopping sites or the rating of restaurants. If everything is bad the site likely behaves in a bad way. If everything looks good it can actually be good right now, it could have been good once, the rating could be deliberately manipulated ... So it is some kind of indicator but nothing you can fully rely on.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • I am concerned about being deliberately attacked. Are you saying it's not possible to tell if a website will do this from a virus scan? What do you suggest then? Sandbox? Virtual machine? – Linux_user0987 Nov 05 '19 at 05:02
  • @Linux_user0987: see [How do I safely inspect a potentially malicious website?](https://security.stackexchange.com/questions/121610/how-do-i-safely-inspect-a-potentially-malicious-website). – Steffen Ullrich Nov 05 '19 at 05:35