Friday, April 14, 2006

anti-malware linking policy

linking policy? what's a linking policy?... well, it's basically the rules i follow (or should be following) when including links in my blog posts (or elsewhere)...

it occurred to me that i need to take a look at this question because i've approached the issue in a very ad hoc sort of way in the past and on occasion i've had to go back and remove links when i realized what i'd done...

why does that even matter? well it's like this - i'm an anti-malware sort of guy and so links that lead people to malware or otherwise make it easier for people to find malware goes against my principles... i'm really not big on helping people find malware online, i'm more interested in helping people avoid malware, so links to malware are kinda counter-productive... also such links raise the search profile of the malware and make it easier to find with search engines like google... avoiding this kind of link really is not a problem, in fact it's quite easy to not link directly the malware...

on the other hand, sometimes a site has information on it that i really want to reference/cite in one of my posts, but the site also hosts malware... this is a much harder case to figure out the right solution... i could just be hardcore about my principles and say 'nothing doing' and maybe copy the information verbatim with author attribution...

how about if a site with interesting info only links directly to malware that's hosted elsewhere?.. you see where this is going, the shades of gray are a big headache... search engines caches of sites hosting malware would fall under this category, am i going to avoid using google's cache entirely? or simply not use google's cache as a way to get around my principles when they're inconvenient...

how about if a site with interesting info only links to other sites that have malware but not to the malware directly? even if the site is also anti-malware and just doesn't follow as strict a linking policy as me? that would be verging on the absurd...

after much deliberation i've come up with the following:
  1. i will not link directly to malware
  2. i will not link to pages (or caches of those pages) with links to malware
  3. i will not link to domains (or caches of those domains) whose sole purpose is to distribute malware (like commercial malware vendors) or which make malware distribution a major part of their purpose (so vx sites are out, but most sans.org pages are ok)
    1. unless the page i'm interested in linking to has no links that could lead back to malware (and just to be on the safe side sticking with no links at all is generally best for this exception)
  4. i will correct any non-compliant linking when i find out about it

0 comments: