McAfee's SiteAdvisor security tool briefly blacklisted the respected SANS Institute on Wednesday. The incident highlights wider concerns about the reliability of the safe surfing tool. Websites including the main sans.org website, as well as related sites giac.org and sans.edu sites, were tagged as bad and given a red flag. The …
Guilt by association
"Website owners sometimes mistakenly link to wrong site, which creates a guilt by association."
At least they're open about it!
So they are saying that if a site that I link to gets hacked, they will block not only that site but also *my* site, for up to a month after I find out about the block and find out who to complain to and make a complaint.
Because I'm "guilty" by association.
its 'cos your eyes are too close together
All Siteadvisor does is put a little coloured icon next to a link.
It doesn't stop anyone from actually going to the site.
If you - as an IT chappy - googles SANS for their website address, and get a red X next to i from Siteadvisor, I bet you still go to the site as you KNOW SANS is OK.
Siteadvisor does just that - it ADVISES, not blocks.
If I listened to every bit of advice I was given, I would not be a very happy chappy! LOL!
Taking to court is the only option
This nonsense about false positives being acceptable only works if YOU are not the false positive.
I guess they have a whitelist including the top 500 to make sure they don't include someone who REALLY has the money to sue them into the oblivion where this idea belongs.
Guilt by association?!
...is ok if there's causation or intent; otherwise it's dumb (Nate's hypothesis).
Greater transparency is needed from McAfee becuase their repsonse raises more questions than it answers.
So El Reg, don't let them off the hook, poke them again!
Paris because she'll poke anything....
What About False Negatives?
We hear a lot about the false positives, but I wonder how many false negatives make it through SiteAdvisor in a given month, leaving people open to a false sense of security?
Let's see them apply the rules fairly
Google links to a lot of sites, some of those sites could contain malware.
Did they block google?
Yeah but....no but yeah
I'm with AC. If I see a red mark, I'll take a bit more care with it but it doesn't stop me from going there. With SANS, let's face it, most people wanting to go there are fairly tech savvy and would know it's legitimate. They would also happily accept the explanation that it contains links to known malware sites. What would be worse is if an idiot went to the SANS site and then started clicking on the malware links!
What always surprise me
is that some fools apparently think that a webnanny can keep their computer safe. That's about as useful, security-wise, as having to click through 234567 "Are you sure you wanna do that" boxes in Vista. McAfee is kinda like the US customs: "we won't catch anything dangerous, but we'll annoy you so much that you'll think we're trying".
I can hear the "think of the children" crowd: if McAfee prevents even one single exploit, it's justified, right? Well, not quite.
So how can I find out if my site is on the list?
is there a checker somewhere on McAffee web site? or do I just have to wait until someone using this software tells me?
A lack of granularity?
Why not just tag the url hosting the malware rather than all sites which might have a link to it? The only excuse might be to prevent zero-day exploits from sites linking to malware.
Do they advise against Google too for linking to malware? I smell a PR exercise.
Dead bird for intelligence. I guess it could equally have been the other bird ;)
SANS always sanitizes
their own links there is no chance of clicking on any offenders there if you go to third party sites they generally warn the shit out of you as to what the links are. There really is no danger at all of a mistaken click from that quarter they are as paranoid as we are possibly more so.
Most Respected? Henny-Pennies
SANS cries wolf at the drop of a hat. Some of their handlers are s#$$ing fools (DH). And Ulrich used to distribute virus samples on an FTP site. Don't bother with SiteAdvisor, just don't go there.