StumbleUpon Secure? It Could Be

StumbleUpon LogoI like StumbleUpon, I think the concept is great and the idea of guided, accidental discovery is a worthwhile journey each time. But I am considering uninstalling it. The reason is: the thing that makes it great I don’t like because of where I might end up. It makes me a nervous wreck!

While this great extension for Firefox and now Internet Explorer is fun and is actually useful. I don’t like the fact that you can end up anywhere and be potentially infected with spy-ware, viruses and other nasties. The only sites and content that are addressed as far as I can tell from both the StumbleUpon Homepage and the Unofficial StumbleUpon FAQ are those of spam and adult content. Although on the Privacy page there is this statement:

“The sites that StumbleUpon recommends are entirely out of our control. As such, StumbleUpon takes no responsibility for them, or their content. These other sites may send their own cookies to users, collect data, or solicit personal information.”

[added emphasis]

There is also this warning in the Terms and Conditions:

“…nor may you use StumbleUpon Toolbar and Website in any manner that could interfere with any other party’s use and enjoyment of StumbleUpon’s recommendation services.”

This is a rather ambiguous statement but might cover the malicious user that might recommend a tainted website, or an ignorant, unaware user that does so unknowingly.

Spam can be reported and I assume is addressed by the admins. Adult content can be filtered out by the users’ personal account settings. In my opinion this does not go far enough. In addition I am sure that the terms of use disclaim any responsibility by the publisher of the software. This is not a criticism rather what I would expect. I am not a lawyer and I am not going to attempt to interpret the user agreement or the terms of use.

What about security in general as well as adult content? I don’t want to be taken to a website that has viruses, worms, spy-ware, ad-ware, cross-scripting vulnerabilities, or any thing else that might cause a disaster on my system. People should know that you no longer need to actually download and run a program that is infected with a virus to get one. Visiting the wrong web-page can cause problems, big ones! That is to say nothing of spy-ware which in my opinion is no different to a virus. I found this out the hard way earlier this year when my home PC was infected with a zero-day virus and I lost everything. The damn thing even wrote itself to the boot sector, very nasty. There is no mention of just how StumbleUpon handles this type of threat, or if in fact users of the extension are at risk at all. I certainly hope that it is not out of ignorance or failing to disclose the threat. As I see it now, it is a very real one.

Perhaps my paranoia is seeded in my virus experience earlier in the year. However a greater reason for it is my use of the McAfee Site Advisor extension. I rely heavily on this extension to let me know if where I am and where I am going is safe and that the files and content on the site is safe. If it is not a green site I don’t go there, period. Sure, I also use a good dose of common sense as well but the safe site extension is excellent peace of mind and so far has not let me down at all. I see it as an essential part of “safe-surfing” for any user. I don’t go to sites that I think have high risk content (regardless of the site advisor status), such as warez sites. It is not a risk I am willing to take and it is a pain in the arse building the PC again!

So I had a thought, why not make it an integrated option in the StumbleUpon Extension? For those users of StumbleUpon that also use Site Advisor; have an option for StumbleUpon to only take you to identified green sites. Theoretically this would be possible and Firefox is a relatively easy platform to modify in this regard due to it’s open source nature. I am sure it is a bigger ask for Internet Explorer. But that said I think it is a good idea. It sure would make me feel a lot better about using the application. Plus if adult content can be filtered then so can sites that are not green in Site Advisor.

Spyware free ToolbarIf that would not be possible I would like to know how StumbleUpon handle the security issue and what measures they have in place to protect users. Should they make a website that is a risk to users available as a “stumble” then potentially they could have a legal issue on their hands as they may be accused of delivering viruses or spy-ware to their user base. Albeit unintentionally, it would still be an interesting test of the terms of use. The screen-shot shown may also be regarded as miss-leading if this were or has happen. In all honesty though I am sure this refers to the extension and toolbar itself not where you are taken by it.

If the idea of the extension being incorporated into the Site Advisor extension it would make me a far more willing user and I would feel better using it knowing that I was safe to do so. As far as uninstalling it I am still undecided.

Advertisements

43 Responses to “StumbleUpon Secure? It Could Be”

  1. tin100 Says:

    Are you really sure about this? I have one installed and I think it’s ok. But if you have those sort of observations and doubts. Then maybe I should uninstall mine too. Better be careful than be sorry.

  2. Keith Says:

    The thing that annoys me about the stumbleupon toolbar is that it adds *.stumbleupon.com as a safe site in internet explorer. But if users can edit their own pages, then surely its not safe as it could have anything on it!

  3. StumbleUpon Video… Yep It’s Good « Rooster’s Rail Says:

    […] StumbleUpon is approaching 1.6 million users, most are fans. Although I have had my reservations. Now they are sure to add more to this number with the addition of video. You can log into the video page using your StumbleUpon log-in. Logging in means that your history is remembered just like with the original and the results get more in tune with your taste over the time you use the service. Although you do not have to log in to use the service, once you clear your cookies your results are reset. […]

  4. Shabs Says:

    i am using vista hp. after installing stumbleupon. i scanned my explorer.exe using shell analyzer. i was surprised to find that stumble upon has installed CSS elements in my explorer.exe.

    what i make out from other forums and websites is that stumbleupon is not safe as it sounds

  5. Piksychick Says:

    After using Stumbleupon for less than one month I received a nasty virus that took days to get rid of. It’s unfortunate because I really liked the concept. I have to rely on my own devices to find what I want instead of channel surfing. :0(

  6. Al Says:

    You can use a program like sandboxie to sandbox your browser while using stumbleupon (or, better yet, just always sandbox the browser).

  7. 3l1t3 Says:

    I can tell you from experience that stumble will get you a virus sooner or later peeps. I have two clients infected with nasty ass viruses that totally fucked their comps up. I had to re-install windows to get them back online. Needless to say neither will ever trust stumble ever again. Just be safe and wait until stumble does something about this huge lack of security on their users.

  8. whatever Says:

    You are all idiots. That’s why you run Stumble Upon via Firefox on Linux

  9. SCFleming Says:

    Two days using StumbleUpon I ended up with Trojans, malware all that garbage that makes being online and off NO fun. Was it StumbleUpon ? This was the the only new site I visited[+ visiting some sites that SU users reccomended] I really enjoyed the site …but my trash had to come from there. Seem Likley ? ? (Yea i use IE)

  10. Chanbam Says:

    After a few weeks of using the site I wound up with two viruses. One was pretty bad but I was able to get rid of it and delete it from the registry. This last one required a total reformat. F stumble upon, it’s not worth it.

  11. Mozilla_user Says:

    Firefox doesnt stop stumbleupon viruses. I’m currently cleaning up the third virus I’ve received via firefox from stumbleupon.

  12. habblie Says:

    i’m cleaning up a virus from stumble right now. and uninstalling stumble. fantastically fun concept, but all the jerks out there just ruin it. not worth the risk.

  13. Alan Says:

    My days of Stumbling are over. I didn’t learn my lesson the first time I got a virus using Stumbleupon. The second time was shame on me. I am also using NoScript now to keep some of that to a low. It is really a shem becuse I loved to Stumble, but hate the garbage that comes along with it. I really wished I stopped here and read all these posts before I had make the mistake a second time.

  14. Daft Says:

    whatever Says:
    November 9, 2008 at 1:37 pm

    You are all idiots. That’s why you run Stumble Upon via Firefox on Linux

    Actually, whatever, you are the idiot. I was using firefox when I got a virus from stumble. The virus completely incapacitated my computer. So unless you have facts to back up your claims don’t be calling people idiots. Hopefully you will learn the hard way and humble yourself.

  15. Dave Says:

    I have been using StumbleUpon for two weeks. Today I was infected with VUNDO TROJAN, which is VERY DIFFICULT TO GET RID OF! I know when I was infected, and it was directly after clicking “stumble”. The virus opened through my video card .exe, and I had no idea it was trojan until too late. I will no longer use StumbleUpon. I found some GREAT articles, but the price I paid is too great. F*CK!

  16. Ashley Says:

    Sigh…
    Yesterday I just received my second trojan from SU.
    Found this site searching to see if this is a problem w/ other people too and I see it is. It’s really a shame because I have stumbled upon many sites i liked, but this is ridiculous now 😦

  17. Kailyn Says:

    Well, I’m sorry to disappoint you guys but I intensively use StumbleUpon since 2006 and I’ve never had any problem with malware. I run a deep scan every month with kaspersky and a couple of good anti spyware programs (along with disk defragmenting and registry cleaning) and they’ve just found 1 trojan until now… one I was working on. 🙂
    So my advice to you is to keep using it, but don’t forget to use your common sense as well. And if you sandbox your browser the risk of infection is meaningless.

  18. paul Says:

    StumbleUpon seems to me, to care less about virus attacks stemming from pages that you access through their toolbar.I have been attacked twice recently and have reported these attacks (with the offending URL’s info) and asked that a response from them about what they would do..no response has been received as yet,further there is no info on their homepage as what to do about this happening ANYWHERE

  19. ProudFather Says:

    Thank’s allot for all the info,You all saved me from installing stumble..

  20. avery Says:

    The same thing that happened to Alan happened to me. I had gotten a pretty bad virus from StumbleUpon after less than a week of using it. After that I kept off the site, but I started using it again after convincing myself that it was a fluke and wouldn’t happen again. Of course I was wrong, and I got ANOTHER virus. I love StumbleUpon, and it will suck not using it, but it’s really not worth destroying my laptop over. I hope they find a way to fix the virus problem, then I would absolutely start using it again.

  21. Mike Says:

    I’ve been using stumble upon since it’s inception and always loved it. It was great to be able to get your mind off of things and go to some random website which was almost always interesting. Now I have stopped using it because I have gotten 3 viruses in the last month. The last one forced me to reformat the computer. I was not happy. If they can’t figure out a way to make it more secure the users are going to start leaving in droves.

  22. Dave Boggs Says:

    I have used StumbleUpon for 2 years now coupled with System Mechanic / Iolo Technologies and have had no problems with viruses, Malware. or Spyware. System Mechanic well “captures” all of those, no matter the source.

  23. bryan Says:

    People….
    #1 Use Firefox.. it lets you know if you are going onto a known attack site, or site loaded with virus’. IE is one big security loophole waiting to be exploited

    #2 Get a real anti-virus program, not Macaffee or Norton, those program are virus’ themselves

    #3 Get a malware detecting program such as ad-aware

    I have used stumble upon for a long time, followed these 3 simple ideas and have NEVER had a virus, trojan, worm or so much as a data miner get on my computer.

  24. t.rex Says:

    Like someone else mentioned, just stumble using LINUX and firefox.As damn near ALL malicious websites are coded to infect WINDOWS systems, using Linux pretty much takes care of your virus and trojan worries.I’ve been stumbling like a maniac for about 5 months and have caught NARY a single virus.Needless to say, I DO use linux and NOT windows for this.I use window solely for streaming movies off of netflix and to watch video with Hulu desktop player, I DO NOT stumble when booted in windows PERIOD.

  25. Alan A. Says:

    I’m using stumbleupon since 2005,

    41000 total stumbles

    NEVER a virus or trojan

  26. Max Says:

    I used to LOVE Stumble, so I let it slide after I fixed nasty virus that I got from it. But just recently I ran a virus scan on my computer, and I’m finding a whole bunch of delights that came from Stumble… So I’m done. Dammit.

  27. ellen Says:

    I wish I had found this thread before! This week we got a huge infection from a page we stumbled upon. It wiped out windows completely, leaving us with having to install it again .. and waving goodbye to everything on the pc we had never got round to backing up.
    I loved to stumble and I will miss it. But there is no way it’s getting installed again

  28. tom g Says:

    I, too, keep thinking that StumbleUpon needs to partner with McAfee and do this. I am also thinking of uninstalling it. I did just give this page a thumbs up, though

  29. Eric Says:

    You guys who say you got a virus from Stumble are killing me.

    Windows these days virtually asks you if you are sure you want to do something a million times, yet people still click “yes” and destroy their computer. I fix them all the time.

    The biggest way to protect yourself is have a failsafe in place. Have an antivirus that works and set it up properly.

    I have over 19000 stumbles and no virus has snuck in. Yes I am sure. I have stumbled on malicious sites. I saved the URL, reported it and moved on.

    It isn’t stumbles fault if you go to a website and allow the site to infect your computer. Blaming them is almost as bad as blaming Outlook or Thunderbird if you get a virus from an attachment on an E-mail.

    My last computer virus was in 2001 when my DSL modem was attacked… I surf the web, download programs, and trust very little outside my LAN. Do these things and hopefully you can be virus free:

    1. Use an antivirus program and scan regularly. If possible, periodically scan your hard drives from another computer using an external device (Hard drive enclosure, USB-SATA adapter)
    2. UPDATE EVERYTHING, browsers, Java, antivirus, etc. Windows updates are important as well.
    3. Don’t always click “yes” or install that “needed” codec. Ask yourself, is watching that video worth getting a virus.
    4. Don’t surf porn. Just don’t. Most virii and malware spread through our gluttony, (or our spouses…) If you must, Google search images with safesearch off…
    5. Change windows defaults to show you all files and extensions. It’s under folder options.
    6. If you can help it, make a limited user account and use it. You can always “run as administrator” if needed
    7. Monitor your browser, immediately exit out if you are suspicious. If the java panel comes up, but there is no need for it, get out of dodge… When I say get out of dodge, I mean right click on the browser tab and select close. Don’t click on browser generated selection boxes for this. If the browser will not close ctrl-shift-esc or ctrl-alt-del then force quit the browser.
    8. Get to know your browser’s settings, add ons, cache settings etc. Know how to disable them.
    9. Clear your caches, history and temp files, all of them.
    10. For stumbling, I recommend Firefox in a private session, this way no remnants will be left after closing.
    11. Know your computer startup items. There are three main areas: Registry, Services and Program Files Startup folder. There are many ways to set these, one of the easiest being Run>msconfig.

    Anyways, Don’t be naive, don’t knock stumbling. Just be safe, and if you can’t be safe then leave the stumbling for the pros…

  30. dannooll Says:

    I stumbled onto a malicious site recently. It put some false anti-virus crap on my computer. So i just now googled “stumble upon virus” and found this page because I’m concerned about this happening in the future. However, i typically use a mac, and “macs don’t get viruses”.

  31. Spencer Says:

    I too used stumbleupon for two weeks and now I picked up 2 trojans. I was able to clean my hard drive completely twice! I know I should of never went back! lol

  32. Devin Says:

    StumbleUpon makes you very prone to computer infections. I was a member of StumbleUpon all of about 4 days and it was fun. But I got a virus that installed a fake anti-virus program known as “Defense Center”. It disables your internet and puts pornographic files onto your desktop. I am fortunate to have solved it. I used the program called “Malware-Bytes”, I got the free version and it completely got rid of the fake program and all the viruses with it. If you have this virus, use this program. I reccomend downloading it now for future use.

  33. tiffaney Says:

    i use a mac as well, i’ve been using stumble for like 2 weeks, and yesterday while stumbling (watching a video) my computer freaked out on me- things started skipping across the screen, an error message came up and told me my system was failing.. i restarted the computer twice and when i FINALLY got it to turn on, the speakers wouldn’t work. took me forever (about 30 minutes lol) to get everything straight.

    i love stumble to death, it filled my downtime with hours of joyous internet use… but now… i’m going back to google. =(

  34. TimC Says:

    I’ve had my laptop and McAfee anti-virus for 3 years now, and have honestly NEVER had a virus or spyware infect my computer.

    However, I’ve been using Stumbleupon for a week (and really enjoying it!), but have just picked up two spyware viruses in the last 2 days (Vista Security 2011 and MS Removal). they are a real pain in the rear, as they stop you opening your web browser, using Windows Defender or any anti-virus/malware software you have installed on your PC. the only change in my usage of my laptop is that i’ve started using stumble. and it’s no surprise, it re-directs you to random, unfiltered websites and the Terms and Conditions make stumble totally unaccountable for the content of said websites. i love it, but it’s got to go!

    P.S. if you have suffered from one of the above viruses, the free software from Malwarebytes is AWESOME at clearing them out. i highly recommend it!

    • MJ Says:

      I just finished getting rid of Vista Security 2011. Took me approximately 7 hours to get rid of not just the virus but also all of the damage that it did to my computer, .exe files, and other settings. The virus popped up right when I clicked “stumble,” so there is no doubt in my mind that I got it from a stumbleupon site. Really disappointing, as I thoroughly loved SU. I even run an ativirus software on my computer browser that was unable to detect the threat. But I agree, Malwarebytes is an incredible malware protection software.

      Save yourself a headache, time, and money, and stay away from stumbleupon!

  35. Red Fraggle Bikerchick Says:

    I’m pretty security savvy as a general rule when it comes to online content. I have the lasted copy of Avira installed and I regularly run scans and checks etc. However I did manage to get a nasty trojan via stumbleupon that took me 2 days to get rid of (Rkill was my savior for anyone who’s interested) It slipped through the Avira net unfortunately so I am inclined to agree that some kind of protocal is needed, especially as the popularity of stumbleupon seems to show no signs of abating. (Just as a side note I wrote this post to share my experiences not to receive feedback comments calling me a numpty!)

  36. Red Fraggle Bikerchick Says:

    Oh and the above post mentioning Malwarebytes is also spot on… it was a combination of this, Rkill and access to a “clean” PC to download aforementioned files to a flash drive that hepled me restore everything back to normal!

  37. Red Fraggle Bikerchick Says:

    Oh and the post from TimC is spot on. It was a combination of Rkill, Malwarebytes and the use of a clean PC to download aforementioned files to a flash drive that saved my bacon!

  38. m Says:

    used stumbleupon twice and got viruses both times. i had to wipe everything on my computer and reload. never again.

  39. Marilyn Salazar Says:

    It happened to me! I stumbledupon for many many months and one night I clicked the Stumble button on the toolbar I had installed in Firefox and it took me to this awful page with a pop up that said “we need to scan your computer for spyware! blah blah blah…” and it WOULD NOT let me “x out” or even Force Quit Firefox! I restarted my computor and instead of my homepage it would redirect me there again! I was scared to death. I have to remove Firefox from my hard drive and I’m using Safari now because I’m afraid of installing Firefox again let alone Stumbling. Thank goodness I have a Mac and I don’t think the website caused any severe damage to my harddrive but it was terrifying. Beware Stumblers!

  40. Skinner Wells Says:

    Just had to deal with the after-effects of multiple viruses from stumbleupon. AVG caught them pretty quick, but not before they got to change my exe registry keys and i had to basically go in and redo some coding (not fun). It’s all fine now, but my computer was going bezerk for about 2 minutes. In total, six viruses came through from one site (wasn’t an adult site either). Fortunately, AVG is the shiznet. I will never be using stumbleupon again though.

  41. GABRIELLE Says:

    DON’T USE STUMBLEUPON. IT WILL ONLY BRING GRIEF. LEADS YOU STRAIGHT TO INFECTED SITES. IF YOU LIKE REBUILDING YOUR COMPUTER GO AHEAD.

    WHY DO MAKERS OF THESE PROGRAMS THINK THIS IS FUNNY. IT’S ALL BOGAS!!!

  42. rebelstreak Says:

    I used StumbleUpon pretty regularly for almost two years, but last week I stumbled onto an obviously bogus site (it had a cooking theme) and immediately a pop up, fake antivirus program started up on my screen. I had not installed anything of the kind so I immediately knew it was a virus. Left it onscreen and could perform a google search looking for a way to fix it. So I started up in safe mode and downloaded the Malwarebytes Anti-malware. It worked, although I’m not quite sure if my computer is totally free of problems.

    Result: I’m wary of ever using StumbleUpon again, which is a shame, cause it was really fun.

    By the way, I use a PC with Windows (yeah… I know.)


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: