Feeds

Review site furious over McAfee SiteAdvisor 'false alert'

From red alert to red faces

Website security in corporate America

A UK business had to fight for two weeks to clear its name after falsely being accused of harbouring malware by McAfee's SiteAdvisor service.

SiteAdvisor issued a red alert against software review site tech-pro.net at the start of July. It wrongly claimed the site contained a dangerous download. SiteAdvisor uses a mixture of automated website tests and user feedback to develop its ratings.

McAfee acknowledged that tech-pro.net was clean last Friday and changed its classification. Third party services, such as Yahoo!, incorporate SiteAdvisor warnings in search results. Since Yahoo! SearchScan doesn't always use the latest SiteAdvisor database, it continued to erroneously warm of false positives on tech-pro.net until Wednesday. A McAfee spokeswoman explained this was due to the "time it takes to sync data" between the two services.

It's still unclear why tech-pro.net was issued with a red alert in the first place. A statement from McAfee gives the impression, firmly denied by tech-pro.net, that the initial malign classification was correct.

When Tech Pro highlighted its concerns about the McAfee SiteAdvisor rating, SiteAdvisor ran further tests and it was found that the sites and downloads affiliated with Tech Pro were no longer presenting an issue.

It can now be confirmed that Tech-Pro.net has been given a green rating from SiteAdvisor, indicating that it is a secure site. This can be viewed at http://www.siteadvisor.com/sites/tech-pro.net

SiteAdvisor retests sites on a regular basis, so its automated testers can tell if a site changed its behaviour for better or worse. Anyone disagreeing with the rating of a particular site is invited to notify McAfee of this at www.siteadvisor.com/feedback.html.

If a site can be retested and any previously identified issues can be seen to be resolved, the McAfee SiteAdvisor team will amend the rating to reflect this.

But independent third parties contacted by tech-pro.net straight after the malign classification reported no problems with the site. McAfee's statement finally arrived ten days after El Reg began chasing it for an explanation and bears all the hallmarks of having been written by lawyers, conscious of the need to avoid admitting any problems in case of lawsuits, rather than technicians keen to make safe surfing tools as accurate as possible.

False positives have been a problem for security tools in general for years. SiteAdvisor has been accused of false positives in the case of anti-malware forums in August 2006. To its credit, in that instance, it held its hands up to accidental errors hours after the potential problem emerged.

Julian Moss, managing director of Tech-Pro, has been left bemused and angered by his run-in with SiteAdvisor. He said SiteAdvisor's false positive rating represented a "serious defamation" of Tech-Pro's reputation while giving users a false sense of security. Moss claimed McAfee only dealt with the false classification after he hinted at legal action.

"The big unanswered question is why McAfee are giving websites red danger warnings as a result of false positives, which would be very easy to check for," Moss told El Reg.

"Quite apart from wrongly accusing safe websites like mine as being harmful, they encourage users to believe that sites marked as safe are safe."

Yahoo! SearchScan launched in beta back in May with the claim that "No other search engine today offers you this level of warning before visiting sites". On the evidence of Tech-Pro's experience, these warnings are a bit less than totally reliable. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.