Well, the time is now here. Starting this week, Google Chrome will start sending “not secure” warnings to every user visiting a non-https site. We took a look at our own threat blocking data to see how often HTTP sites are classified as malicious.
Back in June, we wrote a post that gave a heads up on the upcoming changes to Google Chrome. It was practically a warning to website owners that if they don’t have an SSL certificate for their blog or website that it’s time to get your butt in gear—with free options out there, there’s no excuse to not encrypt your website data.
Well, the time is now here. Starting this week, Google Chrome will start sending “not secure” warnings to every user visiting a non-HTTPS site—not just those with form elements. This is another step by Google in helping to improve security and privacy on the internet (since 2015, https has been a positive ranking factor in their search algorithm). This week’s change should be even more effective because it directly impacts the end user in a commonly used browser.
In light of this, we took a look at the recursive http traffic going to the D-Zone DNS Firewall service, specifically at four customers in the education sector. Each has a large number of users including students, faculty and administration.
When we looked at the amount of HTTP traffic that was blocked due to phishing or malware distribution, we found that in the best-case situation a full 27% of HTTP traffic got blocked as malicious. In the worst, a whopping 52% of HTTP traffic was classified thusly.
|
Status |
Customer 1 |
Customer 2 |
Customer 3 |
Customer 4 |
|
Permitted |
56 |
73 |
48 |
67 |
|
Infected or phishing page |
44 |
27 |
52 |
33 |
Why HTTPS?
Well, when you encrypt the communications you protect users from things like data snooping and man-in-the-middle attacks.
Is it a surprise that bad guys don’t use HTTPS? Probably not. To be HTTPS you need an SSL certificate, and this generally requires providing personal information – even for the free ones. In other words, this move to HTTPS will not only help safe browsing but also hopefully make it a little more difficult for people to set-up nefarious web properties.
For more information on SSL you can read our interview with our in-house expert.
Rob brings over 20 years of experience in the technology industry writing, presenting and blogging on subjects as varied as software development tools, silicon reverse engineering, cyber-security and the DNS. An avid product marketer who takes the time to speak to IT professionals with the information and details they need for their jobs.
