Feeds

Review site furious over McAfee SiteAdvisor 'false alert'

From red alert to red faces

Secure remote control for conventional and virtual desktops

A UK business had to fight for two weeks to clear its name after falsely being accused of harbouring malware by McAfee's SiteAdvisor service.

SiteAdvisor issued a red alert against software review site tech-pro.net at the start of July. It wrongly claimed the site contained a dangerous download. SiteAdvisor uses a mixture of automated website tests and user feedback to develop its ratings.

McAfee acknowledged that tech-pro.net was clean last Friday and changed its classification. Third party services, such as Yahoo!, incorporate SiteAdvisor warnings in search results. Since Yahoo! SearchScan doesn't always use the latest SiteAdvisor database, it continued to erroneously warm of false positives on tech-pro.net until Wednesday. A McAfee spokeswoman explained this was due to the "time it takes to sync data" between the two services.

It's still unclear why tech-pro.net was issued with a red alert in the first place. A statement from McAfee gives the impression, firmly denied by tech-pro.net, that the initial malign classification was correct.

When Tech Pro highlighted its concerns about the McAfee SiteAdvisor rating, SiteAdvisor ran further tests and it was found that the sites and downloads affiliated with Tech Pro were no longer presenting an issue.

It can now be confirmed that Tech-Pro.net has been given a green rating from SiteAdvisor, indicating that it is a secure site. This can be viewed at http://www.siteadvisor.com/sites/tech-pro.net

SiteAdvisor retests sites on a regular basis, so its automated testers can tell if a site changed its behaviour for better or worse. Anyone disagreeing with the rating of a particular site is invited to notify McAfee of this at www.siteadvisor.com/feedback.html.

If a site can be retested and any previously identified issues can be seen to be resolved, the McAfee SiteAdvisor team will amend the rating to reflect this.

But independent third parties contacted by tech-pro.net straight after the malign classification reported no problems with the site. McAfee's statement finally arrived ten days after El Reg began chasing it for an explanation and bears all the hallmarks of having been written by lawyers, conscious of the need to avoid admitting any problems in case of lawsuits, rather than technicians keen to make safe surfing tools as accurate as possible.

False positives have been a problem for security tools in general for years. SiteAdvisor has been accused of false positives in the case of anti-malware forums in August 2006. To its credit, in that instance, it held its hands up to accidental errors hours after the potential problem emerged.

Julian Moss, managing director of Tech-Pro, has been left bemused and angered by his run-in with SiteAdvisor. He said SiteAdvisor's false positive rating represented a "serious defamation" of Tech-Pro's reputation while giving users a false sense of security. Moss claimed McAfee only dealt with the false classification after he hinted at legal action.

"The big unanswered question is why McAfee are giving websites red danger warnings as a result of false positives, which would be very easy to check for," Moss told El Reg.

"Quite apart from wrongly accusing safe websites like mine as being harmful, they encourage users to believe that sites marked as safe are safe."

Yahoo! SearchScan launched in beta back in May with the claim that "No other search engine today offers you this level of warning before visiting sites". On the evidence of Tech-Pro's experience, these warnings are a bit less than totally reliable. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.