Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

McAfee Site Advisor in damage control after the release of the 3sharp report

September 29th 2006 in Uncategorized

As noted in this blog post, McAfee's SiteAdvisor scored an extremely low 3 out of 200 (putting them in last place) in the 3sharp antiphishing tools test released just the other day.

McAfee are now crying foul.  Shane Keats has posted to my blog, and to the IE blog, disputing the inclusion of McAfee's Site Advisor in the tests because, in his words, McAfee "[doesn't] offer anti-phishing".

McAfee's online response can be found here (unfortunately they don't seem to use RSS, nor do they have unique links for individual blog posts):
http://blog.siteadvisor.com/2006/09/we_dont_do_antiphishing_1.shtml#comments

So, I went to have a look at the SiteAdvisor site to see what it *does* say.  The SiteAdvisor site says that it warns of "fraudulent practices" and has tested "sites representing more than 95% of worldwide Web traffic" and performs "tens of thousands" of tests every day (but phishing sites aren't included??)

"Web sites are tested for excessive pop-ups, fraudulent practices, and browser exploits."
http://www.siteadvisor.com/download/ie_learnmore.html

There is no mention of excluding phishing sites here either:

"SiteAdvisor is a consumer software company dedicated to protecting Internet users from all kinds of Web-based security threats and annoyances including spyware, adware, unwanted software, spam, pop-ups, online fraud and identity theft."
http://www.siteadvisor.com/press/faqs.html#q11

Perhaps McAfee should be more specific about what they consider to be "fraudulent practices", "online fraud" and "identity theft" and add a very clear statement that they do not protect from phishing in the FAQ in addition to the Support Centre URL Shane cites (people will not go to the support site unless they have problems).

Then I read Paul Robichaux's blog. He's also been contacted by Shane Keat and has some interesting points to share:
http://www.robichaux.net/blog/2006/09/mcafee_siteadvisor_sure_looks_like_an_an.php

Of particular concern is this comment:

"On August 3rd, I spoke via phone with both Craig Kenwec of McAfee and Scott Van Sickle of Global Fluency, a PR agency that handles client-security PR for McAfee. Both of them told me that SiteAdvisor incorporates anti-phishing functionality"

Here's the thing McAfee.  Comments in the Support Centre, that users will not see unless they go looking for support, or in a blog, which your users may not read, are not a sufficient disclaimer.  Not when we take the rest of your site (and your own employee's and PR firm's comments) into consideration.

Why am I being so hard on McAfee about this?  Not because they "lost" or IE7 "won", but because protection of users is my primary concern.  As noted by the Anti-Phishing Working Group, and as I have seen in my own tests, phishing sites may attempt to download keyloggers and other dangerous software, and may attempt to take advantage of known Web browser exploits, to infect systems. 

Phishing sites can be extremely dangerous and if SiteAdvisor is going to disclaim protection from phishing sites and their users will not be protected, then their users deserve, nay they NEED, such a disclaimer to be clearly communicated to them right from the start, and not have the information buried in a support site or a blog.  And they certainly don't deserve to be misled by statements on the SiteAdvisor site like those highlighted above.

SiteAdvisor need to make it very very clear that they are disclaiming protection against phishing sites.  Reality is that SiteAdvisor users are assuming that they are protected from phishing, and they are not being dissuaded from this misapprehension by the FAQ or the Learn More page, and will not be dissuaded unless and until they visit the SiteAdvisor Support Site and/or the SiteAdvisor blog.

Oh, and McAfee, do me a favour and change your home page.  In my world phishing sites *are* "online scams":


6 comments to...
“McAfee Site Advisor in damage control after the release of the 3sharp report”

joe schmoe

what should i use in place of site advisor. i used or relyed on i should say site advisor. i guess i should think that people the quality they pay for. in this case, mcafee site advisor is free. can you tell me where i can find the list of the 200 you are telling people about. i am very interested in what companys won the top five most acurate adviseing sites.



Michael Stransky

McAfee's response to me, that I will share with everyone about how quick they jump to fix things when they are DEAD WRONG, sad! and I am mad how they hinderd our customers in fear that it they visit or click in our site, system config files are at risk of being changed? McAfee should be accountable with the FTC on the right for businesses to do business without illeagel, untrue statements against another company to do business with the web or the sites visitor base! I guess they are going to make us wait for three weeks? I figured I would find a blogger site which was related to the topic. Then they can make a statement like "McAfee makes causality sites, in their wake on the web wars against bad sites." When SiteAdvisor from McAfee is contacted that they have done wrong against your site, its all here — "From: Jxxxxxx_Cxxxx@McAfee.com To: mxxxxxxxx@knology.net Sent: Tuesday, October 24, 2006 12:25 PM Subject: RE: Legal action against your illegitimate, false, statments about our site. Hi Mike, Thank you for your e-mail. We apologize for the aggravation that we have caused you. Bigperrysale.com will switch to green in an upcoming data push. Please allow approximately 3 weeks for the change to propagate through our system. Kind regards, Jonathan McAfee, Inc. —– " (I have the emails!) But besides them being so incorrect with their software and working out the bugs, what in their right mind did they take it upon themselves to use another websites url in a botched attempt to make an example out of for there software promo which is indexed in the search engines? These scattered incorrect statements hinderd business to operate, AND leave niave people relying on their software which is full of wholes at the verification level. And second, if they want the pubic to believe that they have everything undercontrol with bugs and their software, why does it take more than 3 weeks to correct anything? Hey Heaven forbid if you get a worm or virus and it takes them about 3 weeks to update their system to trickle it out to those who purchased the McAfee / SiteAdvisor software. Something like that?!? Hey they are using our sites url as a key word to make a mockery out of us, and their attitude is more or less hey you are collateral damage in our wake. I have read so many blogs of them giving good rating to know bad sites of other top rated software, and yet makes me believe they are trying to use unchecked beta testing of the software with out ever verifying the results. real easy follow me site in question http://www.bigperrysale.com is hosted on http://www.goldlink.net FACT: both sites are safe sites! now watch closely, put in Google just the word bigperrysale we are #1 they are #2 go ahead in http://www.siteadvisor.com/sites/bigperrysale.com/summary/ take careful note how they make their claim on all the goldlink.exe files which are not on our site, nor are goldlinks leaving links to other sites, yet we get the rap for it. The they have the summery report on http://www.goldlink.net as a green site? WOW what a shocker? get what I am saying? McAfee SiteAdvisor software is clueless what do they do? roll dice for each site they visit? Get real!!!! I think McAfee needs to back up, stop making smoke and mirrors about how great their software is. AND worst off all McAfee never follows up the results. They should first have their software flag a site, AND NOT SPOOF websites URL names into html examples of bad sites without HUMAN EYE VERIFICATION that the links DO, OR DO NOT belong to the site in question! AND THIRD CONTACT THE COMPANY THAT YOU HAVE MADE A CLAIM AGAINST THIER SITE(S) of which, SINCE McAfee if givin the right to flex a "web rod of correction", can be whipped with that same rod at a cost for McAfee's bad faudulaent statements! Michael Stransky

Sandi says: I will say this. It is unacceptable for McAfee to say it will take three weeks for an error that they have made to be fixed.



Michael Stransky

McAfee found hindering the rights of other business to the freedom and rights to fair business.

Its been over a wek now. Sure they said they would fix it. Well we are a clean site. and even they striped my comments on the page they made about our site. Oh yeah they fixed it to green. they think they are on our good side.

http://www.siteadvisor.com/sites/myhorselinks.com/summary/

Even all the exchanged links with other sites have dropped our return link because McAfee still has us yellow on their summeries.

McAfee you have cause us to lose a major portion of back links. Your have left an inpression on people using your software with a free of entering our site. And not once did you ever contact us with the claims you posted agaisnt our website with your illegal FALSE data that was not even our site.

I am about feed up with how McAfee can ruin all the hard work and web relations in 3 to 6 months which took a years worth of email responsding to other sites.

Who does McAfee Siteadvisor answer to in legally too? If you read this and have them same problems I have had. were in the world can we all make McAfee responsiable for the damage they are creating in their wake on the web wars?

What legal body has the right to put McAfee in check?



Michael Stransky

McAfee found hindering the rights of other business to the freedom and rights to fair business.

Its been over a wek now. Sure they said they would fix it. Well we are a clean site. and even they striped my comments on the page they made about our site. Oh yeah they fixed it to green. they think they are on our good side.

http://www.siteadvisor.com/sites/myhorselinks.com/summary/

Even all the exchanged links with other sites have dropped our return link because McAfee still has us yellow on their summeries.

McAfee you have cause us to lose a major portion of back links. Your have left an inpression on people using your software with a free of entering our site. And not once did you ever contact us with the claims you posted agaisnt our website with your illegal FALSE data that was not even our site.

I am about feed up with how McAfee can ruin all the hard work and web relations in 3 to 6 months which took a years worth of email responsding to other sites.

Who does McAfee Siteadvisor answer to in legally too? If you read this and have them same problems I have had. were in the world can we all make McAfee responsiable for the damage they are creating in their wake on the web wars?

What legal body has the right to put McAfee in check?



caveman

Seems they took your comments into consideration and they have realised the error of their ways and fixed the product to now include anti-phishing.

Now here is the rub:

The existing product remains unchanged.

They have fixed it but launched it as a NEW PREMIUM product for which they will be charging $25 per user per year !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Incredible these guys. Marketing verus reality, wow what a gap between those two !

Stay with IE7 or FF2 and get anti-phishing for $0.

What a scam.



zhelyazko

Not only McAfee site advisor is a plugin that could harm you by telling that a site is safe but it also could mislead you by flag genuine websites in red such as some of the google versions and others. At the same time websites which are obvious spam are flagged as genuine. 3 out of 200 is a great rating for this plugin I would give it -200.


Despite all the headlines to the contrary, this is not an IE vulnerability, although IE is an exploit vector – it is a vulnerability in the Windows Shell – a subtle but important distinction (it just goes to show – always doublecheck what is being said, no matter who the source is – sorry Tony)  [:(] MS Security Advisory here – patch due by […]

Previous Entry

http://docs.info.apple.com/article.html?artnum=304460CFNetwork – Impact: CFNetwork clients such as Safari may allow unauthenticated SSL sites to appear as authenticatedFlash Player – Impact: Playing Flash content may lead to arbitrary code executionImageIO – Impact: Viewing a maliciously-crafted JPEG2000 image may lead to an application crash or arbitrary code executionKernel – Impact: Local users may be able to run […]

Next Entry

Archives