McAfee: Why we blacklisted SANS
McAfee's SiteAdvisor security tool briefly blacklisted the respected SANS Institute on Wednesday. The incident highlights wider concerns about the reliability of the safe surfing tool. Websites including the main sans.org website, as well as related sites giac.org and sans.edu sites, were tagged as bad and given a red flag. The …
"Website owners sometimes mistakenly link to wrong site, which creates a guilt by association."
At least they're open about it!
So they are saying that if a site that I link to gets hacked, they will block not only that site but also *my* site, for up to a month after I find out about the block and find out who to complain to and make a complaint.
Because I'm "guilty" by association.
All Siteadvisor does is put a little coloured icon next to a link.
It doesn't stop anyone from actually going to the site.
If you - as an IT chappy - googles SANS for their website address, and get a red X next to i from Siteadvisor, I bet you still go to the site as you KNOW SANS is OK.
Siteadvisor does just that - it ADVISES, not blocks.
If I listened to every bit of advice I was given, I would not be a very happy chappy! LOL!
This nonsense about false positives being acceptable only works if YOU are not the false positive.
I guess they have a whitelist including the top 500 to make sure they don't include someone who REALLY has the money to sue them into the oblivion where this idea belongs.
...is ok if there's causation or intent; otherwise it's dumb (Nate's hypothesis).
Greater transparency is needed from McAfee becuase their repsonse raises more questions than it answers.
So El Reg, don't let them off the hook, poke them again!
Paris because she'll poke anything....
We hear a lot about the false positives, but I wonder how many false negatives make it through SiteAdvisor in a given month, leaving people open to a false sense of security?
Google links to a lot of sites, some of those sites could contain malware.
Did they block google?
I'm with AC. If I see a red mark, I'll take a bit more care with it but it doesn't stop me from going there. With SANS, let's face it, most people wanting to go there are fairly tech savvy and would know it's legitimate. They would also happily accept the explanation that it contains links to known malware sites. What would be worse is if an idiot went to the SANS site and then started clicking on the malware links!
is that some fools apparently think that a webnanny can keep their computer safe. That's about as useful, security-wise, as having to click through 234567 "Are you sure you wanna do that" boxes in Vista. McAfee is kinda like the US customs: "we won't catch anything dangerous, but we'll annoy you so much that you'll think we're trying".
I can hear the "think of the children" crowd: if McAfee prevents even one single exploit, it's justified, right? Well, not quite.
is there a checker somewhere on McAffee web site? or do I just have to wait until someone using this software tells me?
Why not just tag the url hosting the malware rather than all sites which might have a link to it? The only excuse might be to prevent zero-day exploits from sites linking to malware.
Do they advise against Google too for linking to malware? I smell a PR exercise.
Dead bird for intelligence. I guess it could equally have been the other bird ;)
their own links there is no chance of clicking on any offenders there if you go to third party sites they generally warn the shit out of you as to what the links are. There really is no danger at all of a mistaken click from that quarter they are as paranoid as we are possibly more so.
SANS cries wolf at the drop of a hat. Some of their handlers are s#$$ing fools (DH). And Ulrich used to distribute virus samples on an FTP site. Don't bother with SiteAdvisor, just don't go there.
Sign up, sign up for The Register's weekly IT security newsletter - click here
