Feeds

McAfee: Why we blacklisted SANS

False positives almost unknown, claims SiteAdviser boss

Choosing a cloud hosting partner with confidence

Written statements from McAfee in response to our queries were a bit ambiguous, but Dowling stated that the initial malign classification of tech-pro.net was correct. The site was only given the all clear after scheduled repeat tests came back clean. It was the need to reschedule a test that meant the whole business took time to sort out. McAfee SiteAdvisor aims to retest popular sites about once a week but it may take up to a month for it to return and test less high-profile ones.

Julian Moss, managing director of Tech-Pro.net, is adamant that SiteAdvisor's classification was wrong. McAfee took exception to a free trial download of a reputable anti-spyware product, which 32 out of 33 scanners at VirusTotal (with McAfee being the exception) said were clean.

The incident with TechPro.net, along with scattered reports of earlier false positives, raises questions about the reliability of SiteAdvisor classifications. "Our tests are very accurate," Dowling said. "The frequency of false positives is fewer than one a month. Changes in classifications we make are almost always because sites have changed their behaviour.

"The email tests are the ones than have the most false positives. Users can have confidence in our ratings."

Adware numbers gamers

Many recent surveys - by vendors including Sophos, Websense and IBM X-Force - have pointed to the planting of malicious scripts on legitimate websites (typically using SQL injection attacks) as a growing risk. Dowling however suggested that a majority of sites given the red flag by SiteAdvisor have deliberately done something bad or at least stupid.

"Website owners sometimes mistakenly link to wrong site, which creates a guilt by association. Others are attempting to game the system by linking to adware, which can be used to boost search engine ratings," he explained.

McAfee is yet to get back to us with stats to back up these observations, which run contrary to prevailing industry wisdom.

Legal beagle

In response to our earlier story about SiteAdvisor, some respondents said that false warnings that their sites were either harbouring malware or sending out spam were only addressed after hints at legal action were made. Dowling said getting lawyers involved was unnecessary.

"If a site owner comes to us with a complaint we'll take a look at the rating. We endeavour to respond to people within 24 hours," he explained.

Anyone disagreeing with the rating of a particular site is invited to notify McAfee here.

Website owners who've had problems with SiteAdvisor classifications are invited to email El Reg (Oi, SiteAdvisor. No!). ®

Beginner's guide to SSL certificates

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.