Yahoo Search Adds SearchScan, a Good Security Step

Illustration: Harry Campbell
If you've used Yahoo Search lately, you've likely noticed a welcome new security feature. The embattled Web giant now shows some, but not all, of the site ratings from the popular McAfee SiteAdvisor service to warn of potentially dangerous downloads or spam risks among search results.

SearchScan, as Yahoo calls the feature, is a good move that can help protect users' privacy and security, and one that I'd like to see the company take further. Here's how it works.

SiteAdvisor is a browser plug-in, available as a free download, that displays icons for search-engine results to let you know if sites are deemed problematic. The issues can range from potentially dangerous downloads to spam risks to user reports of possible merchant fishiness.

On Yahoo, some of those warnings will appear automatically, without your having to first download SiteAdvisor. You'll see a red warning at the top of the results page telling you if any potentially harmful sites are among your results, along with another red warning underneath the suspect site link.

SearchScan shows only warnings for dangerous downloads or spam risks, not the full range of SiteAdvisor warnings. Yahoo does use the important SiteAdvisor data about site exploits--attempts to attack your PC through code on an infected Web site--but instead of displaying a warning, it removes the result entirely.

You won't see any warnings for sponsored results because Yahoo simply removes those that would have displayed warnings.

I'm glad to see Yahoo add this feature, since Web attacks and risky downloads are growing ever more common. If you use the SiteAdvisor download, you won't lose its more far-reaching icons for Yahoo results (though they didn't display when SearchScan first began, that's since been fixed). But I'd love to see Yahoo take the tool further, starting with adding the other SiteAdvisor warnings.

A Yahoo spokesperson explained that the company wanted to start with the most clear-cut risk warnings, and then evaluate how best to bring in the other notices. I can see how the company would want to be careful about relying, for instance, on user-submitted reviews that might not always be completely fair; nevertheless, I would still like to see the full range of warnings. I'll keep using the SiteAdvisor download, but it's nice to know that I can use SearchScan if I'm on a PC without the McAfee add-on.

One final tip: As good as SiteAdvisor is, it doesn't check results in real time, so it can miss brand-new exploits that are infecting benign sites. To scan for current exploits in search results, try AVG's LinkScanner, also free.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
  
Shop Tech Products at Amazon