I'm trying to help my friend understand this because he believes that since a site is very popular, that it's less likely to infect its viewers because of its security! Is a popular site less likely to infect its viewers?
Please answer this question as detailed as possible so I can direct him to this site.
I think it's generally popular sites, not just porn sites. However there might be some reasons why pornsites tend to attract more malware.
Mostly malware originates from dodgy advertisement platforms. Because the morality of porn is often debated and not accepted in every culture, a lot of larger advertisement websites, such as Google Ads, do not allow their advertisements to be published on a porn site. This means that porn websites need to turn to somewhat dodgier advertisement provider to get money (porn sites make money from ads). One thing that happens is spreading adware and even right-out malware through these advertisements.
There is an interesting article "Porn Sites Aren't (Always) Dens of Malware" on pcmag's security watch. There's also Dynamoo's blog who did analysis on this. Xhamster has had issues with this before:
The problem is that even reliable advertisers sometimes can be hacked. For example, in the past we had such issues with one of the top five porn paysites in the world," xHamster told the BBC. "Now our reliable partners are checking new advertisers very strictly, so it's almost impossible to put a new site with malware on xHamster.
The conclusion of the article is that it's not inherent to porn websites alone, but generally popular websites.
It's easy to dismiss this as a problem reserved for a reviled, fringe industry but that is simply not the case. According to Bob Hansmann, security research marketing manager at Websense, any site which draws traffic is a potential target for malvertising.
"Past research by the Websense Security Labs has actually illustrated that popular beats porn when it comes to malicious content," Hansmann told SecurityWatch. He explained that even blocking access to so-called risky content like porn and gambling would do little to protect against malvertising attacks.
"Such threats are now more common on ‘business’ and ‘technology’ sites," he said. "Malware is everywhere."
It's worth noting that the ranking service Alexa lists xHamster as the 46th most popular website on the Internet, and Pornhub the 63rd. Of course, malvertisers will tailor their ads to appeal to what they perceive their victim's preferences to be but they would do this for any site.
Just a few months ago, Google detected malicious ads on the New York Times and HuffPo. The issue was malicious content being delivered through the NetSeer advertising platform. For a while, the popular Google Chrome browser blocked access to these sites. Hansmann pointed to similar attacks affecting Spotify and the London Stock Exchange.
It's a myth that porn sites are more risky to use than other websites when it comes to malware. This report published by Symantec in 2011 (PDF, see page 33) identified that you can get malware from pretty much any kind of website, even those which can be work-related for many professions. In fact, porn sites ranked lower than many other categories of websites.
Many infections originated from reputable websites which got compromised by hackers to spread malware. But according to this report, the most common source of malware are personal blogs.
I speculate that the reason for this is that many bloggers use popular content management systems like Wordpress but then do not take due diligence in updating it regularly. I assume that many black-hat hackers run automated bots which scan the web for outdated installations with known security vulnerabilities and automatically place malware payloads on them.
It depends upon the site; popularity does not guarantee that it is safe or secure. Various factors that can contribute to insecurity are (AND BE AWARE THAT THIS IS ONLY THE PARTIAL ANSWER):
Does it scrape or link to numerous other sites?
There are numerous free sites that collect links and display images to porn on multiple other sites, but do not host any of it themselves. One common theme about them is that they all redirect you to advertisements, other porn collection sites, and continually hit you with XXX dating site popups and video phone sex sites. In effect, sending you down a rabbit hole looking for what you wanted, bypassing browser protections, and offering multiple ways of collecting personal information.
What resource types of porn does it host - GIFs, downloadable videos, pictures, flash videos?
Any type of content can have something malicious embedded into it. The more it utilizes the system, the more potentially damaging it can be.
Who created the content, when was it created, and how many times has it been redistributed before it was uploaded to where it was found?
Many of the common porn sites still link to porn from decades ago, hosted on sites that are not even remotely owned by the people who originally created it. And it is sad to say, but a lot of porn is not created or hosted by the nicest of people. There is also the fact that there has always been a very strong connection between the sex trades and criminal organizations. With cyber crime in the top 5 of international crime, there is always a good chance that any site could be a drive by computer compromise waiting to happen.
Is it an upload site where multiple people can upload whatever they want?
There are sites that allow any person to upload any type of graphic material they want. Most of them that I have personally seen are pretty archaic or amateurish in terms of their web technologies or their execution. So it also implies that the back end protection might also be old, outdated. or ineptly implemented.
Exceptions like the many Pinterest clones that allow you to upload a link, and the site will scrape that content, probably have good protection; but it probably also wouldn't provide protection from unique malware with custom signatures that target zero day exploits. There are constantly new forms of viruses, trojans, and worms being produced that no anti-virus company is aware of. They only know when someone who has detected a compromise submits a sample for analysis.
Who hosts it - tumblr, reddit, GoDaddy, Amazon EC2, private servers, etc?
Porn on the web can be hosted on any number of blog services, web hosting companies, cloud platforms, or private servers. Which makes for a huge number of variables between what is displayed, and the protections in place to protect both the content and the people who surf that site. A lot of porn sites are even hosted on compromised home computers and university/business servers.
What OS, web server, and versions host the porn - Linux (Many), Windows Server (2000, 2003, 2008 R1 or R2, 2012), Apache, Nginx, IIS?
The older the operating system that hosts the web server, the more outdated the technology and the more exploits and security flaws that are known about it. The same applies to the various web servers. Every hacker worth their salt knows how to fingerprint a server's OS to determine version, scan its ports to find out which ones are open and what services are listening, as well as make an initial determination of what exploits and payloads are likely to allow them to compromise it.
Where is the host located, is it cached in various geographic regions for faster distribution, and who caches it?
The general location of the physical host can give you a strong hint about how compromising a porn site is likely to be. Servers located in Russia, China, or Eastern Europe would be very suspicious. A smart way to get around this is to have a proxy that redistributes the content from the primary server. This both makes the distribution of the content faster for various geographic locations since it is cached locally, but can also obfuscate the actual origin of the content itself and inspire a false sense of security.
What type and version of programming went into the website - Java, Ruby, Python, HTML, JavaScript, CSS, VisualBasic, etc?
The web pages themselves are composed of numerous possible elements, all with various versions, possible compromises, sloppy programming, links to databases, possible security keys, etc. Part of profiling a web site for compromise is to take apart and analyze the application itself. Just right clicking and hitting "View page source" will tell you a lot. Defacing and compromising a website is one of the most common ways for hackers to compromise identities for profit, compromise computers to create drones for a botnet, encrypt a hard drive for extortion, or just for the fun of crashing someone's computer.
I remember a malware-code sneaked into exoclick-ad-network some month ago. Within an hour on most of the popular pornsites you got a "malware warning" from Chrome.
But apart from those special incident you are actually safer, as they would lose a lot of google traffic, if they don't fix that.
I would actually take more attention to less popular or illegal (eg download) sites. Those usually have nasty popups where you can get malware within a click - which sucks.
But just as you won't pay attention on unknown onlineshop I suggest to check all sites before clicking anything.
So basically your friend is right - But he could do better ;)
