This is similar to comment spam but avoids some of the safeguards designed to stop the latter practice. Six Apart started a working…

memorized…

Thanks for your message.

I certainly agree that using anti-spyware software is a good idea: it’s a way we can defend ourselves from the malware in circulation.

The aim of a site advisor service like WOT is to add ANOTHER LAYER of security.

As Deborah from WOT mentioned above, “WOT is perfect for a LAYERED approach to Internet security”.

The idea that ‘prevention is better than cure’ is the modern wisdom about PC security. E.g. anti-spyware tools are mainly aimed at preventing malware from getting onto our computer;
most modern anti-virus software concentrates a lot on preventing any virus (worm, trojan etc.) from ever arriving on our PC.

And we understand that we can be exposed to security risks on the web. So the idea behind WOT (and other site advisors) is that we can minimise risk if we NEVER VISIT any internet ‘bad neighbourhoods’ and malicious sites.
WOT is putting up the ‘Dangerous Area’ signs on the web.

When I first took an interest in computer security I was surprised by the number of people saying we should have up to three or four anti-spyware tools.

Then, when I first looked into WOT, I was surprised to see there were people using two or three site-advisor services at once.

I suppose those would be exactly the kind of people who would also have four anti-spyware programs, the best anti-virus software they can get, a firewall, and probably some extra anti-spam and email security tools as well.

Are people like that overly cautious? - excessively fearful?

I am constantly re-assessing this amorphous thing - the personal computer security thing.
Maybe those extremely-well-equipped people are the most realistic.

I say all this while thinking about ne of my recent posts:
http://computersecure.net/blog/a-season-of-relief-from-spam/

Some specific malware was mentioned in the post, i.e. the trojans Torpig and Sinowal (and Mebroot seems to belong to their family too).

I have been looking into those trojans. A representative of UK security firm RSA ranked them as the among “the most advanced pieces of crimeware ever created”. They are thought to be responsible for stealing details of about half a million bank accounts.

I will post my news about them any day now.
It can take me a long time to write a post. I have to resist my natural instinct to complete a 10,000 word essay every time. I have only spent about 16 hours on it so far - so obviously it is far from ready for publication.

But here are some things I have found out so far about these nasty trojans.

1.
This set of trojans, Torpig, Sinowal and Mebroot - and their evolving variants - can be very good at hiding. Not all anti-spyware software will even detect them.

2.
They may use rootkit techniques (the name ‘Mebroot’ is a bit of a give-away there): so, even if you think your anti-spyware software has detected and removed them, they might be back again after you reboot.

3.
Even if your security tools detect those trojans you may still be a LONG way from eliminating them. (There will be more of the depressing news about that when I finish my post about it.)

When I think about those sophisticated trojans it makes me suppose that those extremely security-conscious people might be the ones with the best grasp on reality.

I see on the WordPress sites that Yawasp has other satisfied users.

The advantage of Yawasp, to my thinking, is that it does not require any action from users. That is, people wanting to leave a comment do not need to decipher some mixed up letters, complete a math problem etc. to prove that they are human.

Instead, within WordPress Yawasp HIDES the real names of the comment fields (and other related fields).
The spam bots cannot find the fields they are looking for - such as “comment”, “author” etc.

Here is where Yawasp comes from: http://www.svenkubiak.de/yawasp-en/