Well, the time is now here. Starting this week, Google\u00a0Chrome will start sending \u201cnot secure\u201d warnings to every user visiting a non-https\u00a0site. We took a look at our own threat blocking data to see how often HTTP sites are classified as malicious.\u00a0<\/p>\n
<\/p>\n
Back in June, we wrote a post that gave a heads up on the upcoming changes to Google Chrome<\/a>. It was practically a warning to website owners that if they don’t have an SSL certificate for their blog or website that it’s time to get your butt in gear\u2014with free options out there, there’s no excuse to not encrypt your website data.<\/p>\n Well, the time is now here. Starting this week, Google Chrome will start sending \u201cnot secure\u201d warnings to every user visiting a non-HTTPS site\u2014not just those with form elements. This is another step by Google in helping to improve security and privacy on the internet (since 2015, https has been a positive ranking factor in their search algorithm). This week’s change should be even more effective because it directly impacts the end user in a commonly used browser.<\/p>\n In light of this, we took a look at the recursive http traffic going to the D-Zone DNS Firewall<\/a> service, specifically at four customers in the education sector. Each has a large number of users including students, faculty and administration.<\/p>\n When we looked at the amount of HTTP traffic that was blocked due to phishing or malware distribution, we found that in the best-case situation a full 27% of HTTP traffic got blocked as malicious. In the worst, a whopping 52% of HTTP traffic was classified thusly.<\/p>\n
| \n Status<\/strong><\/p>\n<\/td>\n Customer 1<\/strong><\/p>\n<\/td>\n Customer 2<\/strong><\/p>\n<\/td>\n Customer 3<\/strong><\/p>\n<\/td>\n Customer 4<\/strong><\/p>\n<\/td>\n<\/tr>\n Permitted<\/p>\n<\/td>\n 56<\/p>\n<\/td>\n 73<\/p>\n<\/td>\n 48<\/p>\n<\/td>\n 67<\/p>\n<\/td>\n<\/tr>\n Infected or phishing page<\/p>\n<\/td>\n 44<\/p>\n<\/td>\n 27<\/p>\n<\/td>\n 52<\/p>\n<\/td>\n 33<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n <\/p>\n Well, when you encrypt the communications you protect users from things like data snooping and man-in-the-middle attacks.<\/p>\n Is it a surprise that bad guys don’t use HTTPS? Probably not. To be HTTPS you need an SSL certificate, and this generally requires providing personal information – even for the free ones. In other words, this move to HTTPS will not only help safe browsing but also hopefully make it a little more difficult for people to set-up nefarious web properties.<\/p>\n |