Blog

Building a better Clearinghouse

This month, StopBadware started a pilot project to explore what a new, expanded Badware Website Clearinghouse might look like. Our idea is to create a collaborative platform that aggregates and makes available extensive data and metadata about badware URLs and domains. That might include information from malicious URL feeds, reports from our community, results of scans against some of our partners' analysis tools, DNS and AS data drawn from public sources, and so on. The platform would power tools, services, and data reports designed to benefit our partners, website owners, and the broader Web ecosystem.

We're in the early stages of what we expect to be a three month pilot. So far, there are a lot of unanswered questions. Here are a few of the big ones:

  • What will the inaugural set of tools/services look like? So far, we're thinking of a data exchange API and a basic Web interface for searching the data.
  • Who will have access to the data? Those with the best data often have valid (and occasionally not-so-valid) reasons for not wanting to share their data openly. We want to offer flexibility that encourages broad sharing but allows more limited sharing where appropriate. So, we're imagining some sort of tiered permissions model.
  • What incentives will there be to contribute data? Two models I've seen used before are quid pro quo—you earn access equivalent to what you contribute—and "minimum threshold," in which you must contribute a certain amount, after which you get full access. Both of these could have value, but it would be nice to provide access to a broader audience than just those who have substantial data to contribute.
  • Which database platform should we use? Right now, our developer, Matthew, is experimenting with MongoDB (using Java for the middleware layer that will manage the data).

We'll do our best to blog periodically throughout the pilot as we refine our answers to these and many other questions. Meanwhile, we'd love to hear your suggestions and other feedback in the comments or via email (contact <at> ourdomain).

Tags: 
badware, clearinghouse, data, stopbadware

Facebook, LeaseWeb join expanding list of StopBadware Partners

Posted on April 19, 2012 - 09:50 by ccondon

Another great day for us! Happily, both Facebook and LeaseWeb have opted to become StopBadware Partners. This means the two companies will join our monthly Partners Forum conversations with industry leaders and security experts; each of these two new Partners has a unique outlook on the security industry and the best ways to protect the integrity of the Web. We're excited to add their perspectives to our own to create better security for all!

LeaseWeb has a press release available here that outlines some of the details of our partnership. Don't forget to Like our Facebook page for info on new partnerships, security news, and tips for webmasters and Internet users!

Is malware in the domain of registrars?

What role should domain name registrars and registries play in combating web-based badware? And what stands in their way of being effective?

During our most recent Partners Forum call, we had an animated discussion related to these two questions. Our conversation covered a lot of ground, but here are a few key points that came up:

  • There is substantial variation in how registries and registrars see their own roles. Some disavow any responsibility for addressing malicious name registrations. Others are much more hands-on.
  • Registries and registrars come in all shapes and sizes. Smaller ones may need tools or support to manage abuse effectively.
  • Often, for those reporting malicious URLs/sites, it's the hosting providers rather than the registrars/registries that are the best first point of contact. (Though in some cases, the hosting providers are the registrars.)
  • Registrars/registries have understandable concerns about being overzealous in shutting down domains. It's easier to justify takedowns of harmful code than undesirable/illegal content, and of purely malicious domains than compromised domains. Registrars and registries need tools and data sources that help increase their confidence in differentiating between these cases.
  • Takedowns are not the only remedy. Education of customers (in cases of compromise) can be a valuable role for registrars/registries (possibly in collaboration with StopBadware or other parties).

It's clear that we have not definitively answered our two questions, but we've come up with great fodder for further discussion and action. If you want to be part of the conversation, we're always looking to add new Partners.

Tags: 
partners-forum, registrars, registries

Pages