Web-safety survey says: Hong Kong phooey

June 3, 2008 9 PM PT

This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

While Hong Kong might be a lovely place to visit in person, computer users should think twice before stopping there online.

More than 19% of websites in Hong Kong’s Internet domain, .hk, pose some kind of security threat, according to a just-released study (download pdf here) by anti-virus company McAfee.

Using its free SiteAdvisor service, which rates millions of sites green, yellow or red for safety, McAfee looked at the overall risk for Web-surfing in the top-level domains assigned to countries and in such generic domains as .com, .net and .edu.

Hong Kong sites zoomed from a collective ranking of 28th most risky in a similar analysis last year to No. 1 this year out of 74 top-level domains scrutinized, based on the percentage rated yellow or red.

China came in second, with nearly 12% of sites ending in .cn judged risky for behavior ranging from barraging registered visitors with unwanted e-mail to attempting to plant keystroke-loggers that steal financial information. A year ago, China was 12th.

The next-most dangerous country domains were ...

... .ph, for the Philippines; .ro, for Romania; and .ru, for Russia. The safest were .fi, for Finland; then Japan’s .jp; Norway’s .no; Slovenia’s .si; and Colombia’s .co.

The overall proportion of risky sites worldwide was the same as last year, at 4.1%. And the worst of the worst -- those sites that use security holes in Web browsers and the like to push through spyware or other malicious programs -- remain, if not few, then at least far between. They still constitute less than one-tenth of 1% of the sites tested. Romania was the only place where more than 1% of the sites contained code for exploiting security holes: 1.1% were seriously bad news.

The most logical explanation for the geographical shift in overall risk is not that Hong Kong has suddenly become more crooked than, say, New Jersey. Instead, McAfee pointed to changes in the rules for registering domain names for individual sites.

Bonnie Chun, an official with the registrar for .hk, was quoted in the report acknowledging that her office had made a number of changes that had been popular with the phishing set. Among the new ‘user-friendly’ features were the ability to register multiple sites at once and to fill out multiple sections of the electronic forms simultaneously. Chun said the situation began improving after regulations were tightened last summer.

In China, the big allure may be price. Domain names can be had for as little as 15 cents at wholesale, according to ‘Internet for Dummies’ author Michael Levine.

Among the generic top-level domains, .info was the riskiest and .gov the safest, McAfee found.

-- Joseph Menn

Technology Blog

Web-safety survey says: Hong Kong phooey

These are the California cities where $150,000 still buys you a home. Could you live here?

Nix the oven? A skinny fridge? Tips on designing a tiny kitchen in your ADU

She was saving money to move back to Nicaragua. Then she was killed on an L.A. subway

Plaschke: Dagger! Lakers’ epic collapse vs. Nuggets could send them reeling into summer

Lakers lose to Nuggets in Game 2 heartbreaker on Jamal Murray buzzer-beater