Feeds

McAfee: Why we blacklisted SANS

False positives almost unknown, claims SiteAdviser boss

Securing Web Applications Made Simple and Scalable

Written statements from McAfee in response to our queries were a bit ambiguous, but Dowling stated that the initial malign classification of tech-pro.net was correct. The site was only given the all clear after scheduled repeat tests came back clean. It was the need to reschedule a test that meant the whole business took time to sort out. McAfee SiteAdvisor aims to retest popular sites about once a week but it may take up to a month for it to return and test less high-profile ones.

Julian Moss, managing director of Tech-Pro.net, is adamant that SiteAdvisor's classification was wrong. McAfee took exception to a free trial download of a reputable anti-spyware product, which 32 out of 33 scanners at VirusTotal (with McAfee being the exception) said were clean.

The incident with TechPro.net, along with scattered reports of earlier false positives, raises questions about the reliability of SiteAdvisor classifications. "Our tests are very accurate," Dowling said. "The frequency of false positives is fewer than one a month. Changes in classifications we make are almost always because sites have changed their behaviour.

"The email tests are the ones than have the most false positives. Users can have confidence in our ratings."

Adware numbers gamers

Many recent surveys - by vendors including Sophos, Websense and IBM X-Force - have pointed to the planting of malicious scripts on legitimate websites (typically using SQL injection attacks) as a growing risk. Dowling however suggested that a majority of sites given the red flag by SiteAdvisor have deliberately done something bad or at least stupid.

"Website owners sometimes mistakenly link to wrong site, which creates a guilt by association. Others are attempting to game the system by linking to adware, which can be used to boost search engine ratings," he explained.

McAfee is yet to get back to us with stats to back up these observations, which run contrary to prevailing industry wisdom.

Legal beagle

In response to our earlier story about SiteAdvisor, some respondents said that false warnings that their sites were either harbouring malware or sending out spam were only addressed after hints at legal action were made. Dowling said getting lawyers involved was unnecessary.

"If a site owner comes to us with a complaint we'll take a look at the rating. We endeavour to respond to people within 24 hours," he explained.

Anyone disagreeing with the rating of a particular site is invited to notify McAfee here.

Website owners who've had problems with SiteAdvisor classifications are invited to email El Reg (Oi, SiteAdvisor. No!). ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.