Neat Net Tricks Software Reviews

LinkScanner Pro
Reviewed August 2007

What’s It Do? Ensures that actual data passing through one’s firewall is checked for exploits and other security breaches; monitors open Internet connections and secure vulnerabilities until the software’s manufacturer can release a patch; inspects all major search engine results for online threats and displays advice in Internet Explorer; analyzes risks of HTML Web pages in real time; blocks drive-by downloads; protects against zero-day attacks and other vulnerability exploits; and more.

Does it do what it says it does?

Reviewer 1: Yes, it runs in the background and monitors all Web page URLs clicked on and pops up a dialog box that is colored based on the threat it assesses after pre-scanning the page. It outright blocks access to some pages based on its findings and the database it uses.

Exploit Prevention Labs responded: More correctly, it blocks access to some pages based on real-time evaluation process and findings.

Reviewer 2: Yes, it provides real-time analysis of the data coming onto my computer from the Internet to assure that the data contain no exploits or other malicious content. It also integrates with Google, Yahoo, and MSN search engines (as long as I use Firefox or Internet Explorer) so I can know whether a site is problematic before I go to it.

Reviewer 3: Yes. As stated in its Web site, “LinkScanner Pro provides real time analysis of network traffic [through your firewall] and Web content to stop exploits and malicious content automatically” and it identifies suspicious Web sites through real time scanning of search results, hyperlinks, or by manually entering URLs; however, its claim to identify or prevent phishing attacks is exaggerated. To its favor, however, Exploit Labs (the developer’s of LinkScanner and its predecessor, SocketShield ) do only claim that its product will “expand your threat protection.” It does not claim, as so many do, to be the all and end of all of threat protection.

Reviewer 4: There is some debate about how the “anti-malware” industry may be profiting from our nervousness about the possibility of our being attacked in one way or another as we use the Internet. However, it is in fact true that, unless you take exceptional and diligent care to avoid foolish or dangerous behavior on sites, some very unpleasant things can happen. As well, there are many people who really do not take any particular care at all about their Internet behavior. Viruses and other malware used to be relatively harmless and/or annoying, but the pranks started to become nastier, from causing your computer to malfunction, to destruction of programs or your personal data. Now, though, it can get to be very serious, including the theft of personal and financial information, and even identity theft. Increasingly, people are using the Internet “interactively”: they do online banking and shopping, they plan travel and purchase tickets and reservations, they set themselves up in social networks (such as MySpace or Facebook), or they play online games. In other words, they interact with Web sites, rather than just look at them and collect information as they would from a book. These activities have opened new ways for criminals to ply their various trades. LinkScanner is responding to the dangers that we can be subjected to, even when visiting normally benign Web sites which may have been compromised, often without the knowledge of the site owners themselves.

Reviewer 5: Yes, it seems to. It appears to be a good addition to standard firewall protection. A firewall may only detect know or suspected malicious sites by IP address, thereby either alerting you or prohibiting entry to your computer. However, exploits can be introduced within hacked legitimate site pages. The firewall may admit such a page, but usually will not detect the embedded exploit. It is for this reason you may need supplementary protection to the firewall itself, such as using this freestanding program. It also serves an overlay to the Google, Firefox and MSN, providing active detection and reporting of malicious sites or potentially malicious activity within those sites – at the socket level. This warning will help you steer clear of those sites found that are or may be places to avoid. Also, though it is difficult to prove that there were no missed true positives, in my vast, sometimes arbitrary meanderings around the Internet, LinkScanner did pick up and alert me of problems or prevented known download of malicious sites entirely. Detection is done by identifying the “behavior” and “patterns” of malicious activity by the basic written code, rather than depending entirely on previously detected, identified malware.

Was it easy to install?

Reviewer 1: Yes, it installed quickly with no problems but the user must have Administrator privileges to install this program. Some personal information must be provided during installation, but a link is provided to their “Privacy Policy”. Supported system configurations are; 1.2 Ghz, 256 RAM and IE 6 or higher running on Windows 2000 or XP Home or Pro and there is no mention that Vista is supported. Installation includes the option of opting out of the “Community Intelligence Network” that is part of their vetting process for Web sites. A reboot is required the first time after installation and thereafter the program runs in the system tray to monitor incoming net traffic. If the free trial is not registered within 30 days it reverts to the Lite version that will provide advise about a Web site but not block attempted exploits.

Exploit Prevention Labs responded: Linkscanner Pro has supported Vista since February 2007.

Reviewer 2: Yes. I had no problem installing the program.

Reviewer 3: Yes. It is a very small 3.13MB file that downloads in as little as 28 seconds on a fast broadband connection and the installation was effortless thanks to an easy wizard and interface. One more plus for which to give Exploit Labs: As a part of the installation procedure it notified me that I had to add a service pack update and it did that for me during the overall installation. The program also uninstalls easily; however, I was less than pleased that it left 58 “junk” entries in my registry that I had to remove separately. While unfortunately this is not unusual nor is it the worst I have seen, it is something that needs to be given some attention.

Reviewer 4: Yes. Normally, I like to be able to tell programs where I want them located on my hard drive. LinkScanner does not let me do this. After rebooting, it is installed in the Systems Tray.

Reviewer 5: Yes, I ran into no problems whatsoever. Since the download is only 3+ MB, it should be a relatively quick download even for basic telephone connections. The installation itself is a snap. Upgrading/updating the program allows installing on top of the previous version, through a “repair” process, which also runs smoothly. The previous version may be removed first but this is normally not needed.

Good Points:

Reviewer 1: LinkScanner Pro appears to run quietly in the system tray, consuming little or no resources. It blocked a few Web pages I was trying to get to, warning of “known exploits” detected on the page. This happened on a few “adult” sites that I tried as a test. LinkScanner Pro uses a different system to “rate” Web pages. It uses human- (user participation in the “Community Intelligence Network) and machine-generated information (specialized Web crawlers) to evaluate a page. LinkScanner’s parent company, XPL (Exploit Prevention Labs) monitors network traffic as well as on-line applications for possible problems. The information they use is generated in a number of ways: Exploit Intelligence is an extended network of human researchers, automated probes, honeypots, "hunting pots," and search bots focused on discovering new vulnerabilities and exploit examples. The Reputation Filter creates an intelligent filter for known and suspected exploit distribution sites. Community Intelligence is the community of Exploit Prevention Labs users who allow information about attempted exploitation of their computers to be collected. This data collection process allows LinkScanner users to serve as an extension of Exploit Prevention Labs’ research efforts, providing a virtual Neighborhood Watch of the Web to report new malicious web sites, hyperlinks and exploits back to Exploit Prevention Labs researchers. The Correlation Engine aggregates intelligence gained through this research, assembles it in real time, and distributes it transparently back to the community, providing exploit-specific protection within minutes of a zero-day exploit discovery. SiteID digs beneath the surface of any site’s publicly-stated ownership to determine whether the site is really operated by the person or entity who claims to own it. If a site is blocked or the warning box pops up the user can click on a link in the warning box pop-up to get more information about the suspected exploit based on their findings. The database updates about every 15 minutes to stay ahead of the curve with “zero day” exploits. LinkScanner Pro Console provides the ability to “pre scan” a site that might be risky. Double click the icon in the system tray to bring up the “Console”. One of the several tabs available is called “Quick Scan” to check suspect URLs. Network Activity provides information about any processes that have access to the Internet. displays information about all exploits that LinkScanner stopped from executing. Sites Blocked lists sire address ob locked sites and provides a “WhoIs” lookup.

Reviewer 2: LinkScanner Pro adds a valuable layer of protection to what a firewall provides. The firewall will stop hackers from penetrating, but it is usually powerless to provide protection when visiting a malicious or hacked Web site that could download Trojans or other malware. LinkScanner Pro inspects the visited Web pages and warns (via a pop-up and/or a warning sound) if a page contains exploits, malicious content, or links to a problematic site. If the threat is sufficiently severe, LinkScanner Pro will block access to the Web site. By using QuickScan and typing or pasting a URL of any Web site into LinkScanner Pro, or by simply right clicking on the URL and selecting QuickScan, LinkScanner will determine whether the site is safe. QuickScan also gives the option to go automatically to the site if it is safe. LinkScanner Pro can integrate with Google, Yahoo, and/or MSN search engines to provide color-coded safety ratings for all search results. These ratings make it easy to avoid problematic sites found in a search. This feature works with Firefox and Internet Explorer, but not, alas, with Opera. Also, unlike McAfee SiteAdvisor, which I also use, LinkScanner Pro offers real-time assessments of Web sites and URLs, including search engine results. It can thus respond more quickly to changes (e.g., if a previously safe site is hacked, LinkScanner Pro may recognize this long before SiteAdvisor).

LinkScanner Pro has extraordinarily responsive and helpful tech support, among the best I’ve ever encountered.

Reviewer 3: There are similar programs to LinkScanner, namely and most well known of which is McAfee Site Advisor. Unlike the others, however, LinkScanner works in the background independently of one’s browser as a standalone application and not a plug-in, and which constantly monitors Internet traffic (data) through the firewall and Web sites visited (and email received) to check for exploits for which it then offers color-coded warnings labeled as “Dangerous,” Risky,” or Questionable.”

Exploit Prevention Labs responded: Linkscanner Pro does not monitor email received to check for exploits.

Also unlike the aforementioned McAfee program, LinkScanner has its own GUI (Graphic User Interface) which allows for increased functionality by allowing the user to cut and paste suspicious URLs which it will scan for safety. (This is, by the way, also available for free on the Exploit Labs Web site.) The interface also provides tabs to examine exploits prevented, all active Internet services on one’s system, exploited sites blocked, and choices as to configuration, such the ability to turn off or on the protection for added flexibility—the interface which is accessed through a right click context menu from the icon in the system tray. It overlays its safety warnings or ratings atop of Google, Yahoo, and MSN search results and is the only tool of its kind that works with and fully integrates with Internet Explorer, Firefox, and Opera. By monitoring the data that flows through the firewall, it prevents threats from being downloaded onto the computer, most often in your temporary files. This proactive rather than reactive approach to security is the right way. I purposely visited several sites that I knew to be infested with spyware. In each instance, LinkScanner opened a warning stating “LinkScanner detected threats on this site” and then promptly blocked the IP address and then, through its online “Whois” server, tracked the source of the IP, letting me know who tried to infest my machine. The real advantage of LinkScanner over its competitors is that it is evaluating each Web site link in real time unlike, again for example, McAfee’s Site Advisor which might not provide a warning for days or weeks if a previously trusted site gets hacked. In addition, LinkScanner checks a site’s ownership information using a licensed technology to either verify the ownership as legitimate or provide a “questionable” warning flag if the ownership cannot be verified, thus allowing further investigation. Support is limited in that it by email only and offers only a possible two day response time; although, both times that I contacted support my questions were answered professionally and clearly within the stated two day turn around time. There is a knowledge base and FAQ available on the web site and there is an Exploit Labs blog (which I could not find even referenced on the Web site).

Exploit Prevention Labs responded: The Blog is referenced on our Web site’s home page.

In addition, there is an easily understandable and quite thorough 30-page User Guide downloadable from the Web site as a PDF document. At a cost of $29.95, the software is very competitive.

Reviewer 4: All the links brought up by a search engine (I usually use Google, but it also works for Yahoo and MSN search engines) are scanned simply by being listed. Beside each link will appear a small colored icon that rates that that link. The ratings are easy to understand, as the color codes are like traffic lights, and each category is a different icon. The categories range from Safe (a green check-mark), through Warning (yellow exclamation points) to Dangerous (red X). Hovering the mouse over the icon it will bring up a more detailed description. For example, a Safe link will read (in part): “Safe: This page contains no active threats”. More information about that page, including its domain, the IP address, and the name and address of the owner, is included. Or, for example, it will read: “Dangerous: This page contains active threats.” The kind of risk, the name of the risk and (sometimes, as this information may be hidden or frequently changed) the domain, IP address and owner, may be listed. If a site is visited that surreptitiously attempts to download malware, another message warns that an “exploit” is being blocked, along with information about the exploit, based on LinkScanner’s database and research and input from LinkScanner users. The “Network Activity” Tab in the LinkScanner “Console” (i.e. Main Screen) provides all “connective” activities on both local or home network and the outside Internet. For some time now, I have tried to examine and understand what some of the Programs, Processes or Services that appear in listings by the Task Manager are actually doing. Some of these items, which have heretofore eluded my understanding, appear in this list. Now I begin to have a clearer comprehension of why they are there, and realize that they have functions related to my computer's connection to other computers locally and worldwide. With the “Quick Scan” module I can check a link by copying and pasting it and have it verified immediately.

Reviewer 5: I found LinkScanner to run very unobtrusively in the background. I experienced no slowdown nor conflict with my other programs. The only time its operation became apparent is when it produced a color-coded notice of some sort as the user can define in the settings. It ran so smoothly, I even had to occasionally check to make sure the program and selected components were still active (easily done by a right-click on the task bar). LinkScanner steered me away from known malicious sites, yet allowed me to go to sites that within them have hacked malware, blocking the portion(s) with malicious code, yet allowing access to the remainder of that site. LinkScanner provides a tab for the user to monitor current operations, specifically highlighting those currently interacting with the Internet. This can provide valuable assistance in trying to detect and/or identify malicious processes. AutoUpdate is provided as an option in the settings menu. Any URL can be entered in the quick scan feature of the LinkScanner console to ask LinkScanner to examine it prior to even visiting the site.

Weak Points?

Reviewer 1: LinkScanner Pro occasionally generates “false positives”, usually when the site owner is not clear such as with small, non-mainstream” Web sites. Typically, these occur when grabbing some freeware program from a link in a newsletter. Sites such as SourceForge or MajorGeeks were no problem.

Reviewer 2: I have not received many severe warnings from LinkScanner Pro, but several of those I did receive turned out to be false positives. Another weakness is LinkScanner Pro’s practice of flagging harmless sites for minor problems. Warnings appeared even for the Neat Net Tricks website (because “site ownership or registration is not clear”)! Moreover, there’s currently no way to have the program show a minor warning just once. Each time I went to the Neat Net Tricks forum or to other equally harmless sites, the pop-up warning would appear. The only way to stop this was to instruct LinkScanner Pro never to show warnings for any “questionable” site. I’ve been told, however, that it may be possible in a future version to whitelist specific sites. Another weakness is LinkScanner Pro’s inadequate support for the Opera browser, in spite of a quote on the LinkScanner Web site claiming that it supports Opera. If a site is truly dangerous, LinkScanner Pro will issue a warning and block access to the site even when using Opera, but it offers neither less severe levels of warning nor search engine integration in Opera. Yet another weakness, though not a serious one, is that the search engine integration feature tends to slow down the search. The results appear just as quickly as they would without this feature, a few extra seconds are required for some of the ratings to appear. When LinkScanner Pro issues a warning, it provides the IP address of the offending site rather than the URL. Thus, if the program spots one dangerous link on a page containing many links, I am usually unable to determine which link is problematic. Even though LinkScanner Pro makes it easy to trace the IP address using Whois, usually such traces merely reveal the organization in charge of large blocks of IP addresses. I raised this issue with LinkScanner Pro’s tech support and was told that an upcoming version may provide the specific URLs.

Reviewer 3: There really are no glaring flaws that I discovered in my three-month use and testing of this program, and the few weaknesses I did find do not keep this program from fulfilling its promise to help expand a user’s computer security. In its current state of development, LinkScanner’s weakest feature is its ability to detect and/or prevent phishing attacks. Using several active URLs posted at a well respected phish-tracking site, LinkScanner detected or blocked less than 20% of phishing sites that did not contain active exploits. A bit more worrisome on my computer, the built-in virus scanning software that comes with AOL and which is actually a version of Kaspersky Antivirus, flagged a file in the LinkScanner setup file (checker.exe) as containing a virus (Win32.KME). I have not yet resolved this matter with Kaspersky/AOL but Exploit Labs believes this is a false-positive. Either way, it was a temporary file and when cleaned/deleted did not recur and had no effect on the operation of LinkScanner. The LinkScanner protection does not come without a price. You will find that it does noticeably slow down the speed of your browsing. I continually saw my CPU spiking to 100% for several seconds on some pages. Depending on Internet speed, this could be a serious problem for some users. Additionally, and this is a constant and continual complaint I have of nearly all computer security programs, I find the use of resources far too high. On my computer, LinkScanner Pro used 39MB of memory; and while this may be somewhat insignificant when running 1G of RAM memory, for many users this number could represent over 20% of their available memory and for most over 10%. This is unacceptable in my opinion. The EULA (End User License Agreement) while far too restrictive and anti-consumerist as I believe are nearly all EULA’s, was relatively standard in its caveats. I will applaud its candidness in declaring what information this program may collect about its users as well as its declaration and instructions as to how a user may limit this collection of data by configuration options in the program. I would suggest that a 15-day trial of the program is far too short of a time for a user to reasonably test this program and is, in fact, out of step with the vast majority of shareware programs today. This is a relatively young program which is still in active development and as such there is reason to believe that it will continue to improve and address those weaknesses as they are discovered.

Reviewer 4: A function that I would like to see implemented involves the “Network Activity” feature. Services or programs that are currently active or doing something are highlighted in green. Beside most of them there is a small + sign. Clicking on the + sign produces more information. This is usually a list of different numbers (for example 0.0.0.0:68) followed by acronyms such as TCP or UPD or IP. Some of processes are quite clear, such as Firefox.exe or skypePM.exe. However, some are much less obvious: vmnat.exe or alg.exe. I would like to be able to right-click on one of the items in the list, and have a drop-down menu appear, which would include, among other things, “More Information”. Even a simple Google Search Link should be easy to implement. Another useful “right-click” function would be to turn that process off, disable it, or even kill it.
Reviewer 5: No assistance or guidance is provided by the program itself and the user must go to the online LinkScanner site for the user's manual. I had to stumble around a bit before I found the manual, which can be downloaded and saved as a .pdf file. This arrangement is awkward. In fairness, the manual is informative, well-organized and quite helpful. Although a FAQ's section is listed, it is not underlined as a link would be and I was unable to locate or access a FAQ section.

Comments:

Reviewer 1: I’ve been using this for several months now. It is effective, lightweight and informative. I forget it is even running until it pops up a message box of some sort.

Reviewer 2: LinkScanner also comes in a freeware version, LinkScanner Lite, that offers search engine integration (in Firefox and Internet Explorer) and what seems to be a version of Quick Scan (“immediate, up to date analysis of any HTML Web page for exploits and other risk factors”).

Reviewer 3: This reviewer believes that the entire computer security software industry has become a self-fulfilling prophecy and as such is over-burdening people’s computers and their computer’s resources with unnecessary security software. So, while LinkScanner Pro does, for the most part, what it claims to do, I am not convinced that this software is needed on a system with an up-to-date antivirus program, antispyware program, and firewall.. If you feel, however, that you need yet one more tool in your arsenal of overkill to fight the real or perceived spyware threat so that you can feel more secure, then you could do much worse than LinkScanner Pro.

Reviewer 4: My first impression was that this was just another anti-malware product, in a marketplace that is increasingly crowded. In fact, the Neat Net Tricks Panel has reviewed quite a number of similar programs over the past two or three years. But as I explored LinkScanner, and used it on my computer for several months, I began to appreciate it more. It does not seem to interfere with the normal running of my computer, unlike some other anti-malware products. I am online all the time, as is LinkScanner continuously monitoring the ports to the Internet; however, I would not recommend that LinkScanner replace your current anti-malware defenses, but be used to complement them.

Reviewer 5: The program has a small footprint, stays out of the user's way and uses very few resources. LinkScanner found what appeared as several false positives, not many, and not to the frequency that was overly disruptive. The price of the additional protection that is provided by LinkScanner seems reasonable.

Will you continue to use it?

Reviewer 1: Yes, it is not a resource hog and does its job in the background until there’s a problem. You can turn the blocking feature off, but why would you?

Reviewer 2: Yes.

Reviewer 3: No, but not because of any flaws or weaknesses in the program. I will, however, use the free URL scanner available on its Web site.

Reviewer 4: Yes, not only for my own computer, but also on the other computers in my home network here.

Reviewer 5: Yes. Until now I have used it sporadically and selectively, but probably will put it in my start menu to load automatically and use it consistently, since the program does not seem to get in the way of what I do and provides additional protection which I feel I should have.

OPERATING SYSTEMS USED IN THIS REVIEW
Windows XP Pro, XP Home

Back