Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

McAfee forced to back down in argument with 3Sharp over phishing report results

November 22nd 2006 in Uncategorized

McAfee, which originally disputed SiteAdvisor’s inclusion in the 3Sharp phishing filter tests back in September have quietly changed the FAQ on their Web site, and have had to back down on their claims that they should not have been included in the phishing tests according to Computerworld:
http://www.computerworld.com.au/index.php/id;838657419
http://computerworld.co.nz/news.nsf/news/90CBF5D2D2CA176ACC25722E000FACA2


When the 3Sharp test results were first released, Shane Keats of McAfee was vocal in his protests, blogging about it here:
http://blog.siteadvisor.com/2006/09/we_dont_do_antiphishing_1.shtml


Shane also disputed the Mcafee site’s inclusion in the 3Sharp study via a comment on my blog, and via a comment against the blog entry by the IE Team.


He commented here:
http://msmvps.com/blogs/spywaresucks/archive/2006/09/28/144948.aspx


and here:
http://blogs.msdn.com/ie/archive/2006/09/28/774513.aspx


He also apparently sent a “testy” email to 3Sharp:
http://www.robichaux.net/blog/2006/09/mcafee_siteadvisor_sure_looks_like_an_an.php


According to Computerworld, Keats is trying to blame the misunderstanding on the Site Advisor FAQ page, which apparently dates from the days before McAfee acquired SiteAdvisor, said FAQ having apparently been left unchanged in error.


Shane Keats may have been vocal in public when disputing the 3Sharp survey, but he has gone very quiet about the backdown.  He certainly hasn’t had the courtesy to contact me after publicly disputing the results of the 3Sharp study on my blog, nor has he submitted a fresh comment retracting his statements, but he has found the time to announce the fact that McAfee are now going to reinstate SiteAdvisor phishing detection, but only if you’re willing to pay for it.  I ask you, why would anybody pay for something that you get for free from Firefox 2 and Internet Explorer 7 anyway?  And why doesn’t Shane go back to the blogs where he disputed the 3Sharp tests and say “actually, guys, you were right.. we did mention phishing and we’re sorry – we’ve changed it now” instead of quietly changing things.


There was, and is, mention of SiteAdvisor Free protecting people from “fraudulent practices” (what, phishing isn’t fraud”?) and their FAQ still says “SiteAdvisor is a tool from McAfee that protects Internet users from all kinds of Web-based security threats and annoyances including spyware, adware, unwanted software, spam, pop-ups, online fraud and identity theft”:
http://www.siteadvisor.com/press/faqs.html#q1


Their home page still mentions “online scams”.


As far as I’m concerned, online scams, online fraud and identity theft all apply to phishing, and it seems I am not alone in my assessment.


Comments are closed.

Yes, you still need one if you have care of a domain with Active Directory directory service:http://www.microsoft.com/technet/windowsvista/security/guide.mspx
“In addition to the solutions that the Windows Vista Security Guide prescribes, the guide includes tools, step-by-step procedures, recommendations, and processes that significantly streamline the deployment process. Not only does the guide provide you with effective security setting guidance, […]

Previous Entry

The vulnerability is caused due to the Password Manager not properly checking the URL before automatically filling in saved user credentials into forms. This may be exploited to steal user credentials via malicious forms in the same domain.
No patch – workaround is to turn off “Remember passwords for sites”
Once again, myspace is apparently being used […]

Next Entry

Archives