McAfee SiteAdvisor Blog

Microsoft’s OneCare team issued an update on January 31, 2008 that resulted in SiteAdvisor users receiving a Microsoft warning message recommending that SiteAdvisor be removed due to interference with OneCare.

SiteAdvisor doesn’t interfere with OneCare in any way; we communicated this to Microsoft and they’ve begun to resolve the issue.

As of February 21st, new installations of OneCare will not message against SiteAdvisor. However, existing users of OneCare will continue to receive these messages until sometime in the spring, when Microsoft says it will fix OneCare installations made prior to February 21.

Turns out that as a general rule, Microsoft recommends running only one security application at a time because of potential performance and "PC stability" issues. We explained to Microsoft that SiteAdvisor functionality is totally unrelated to OneCare. They agreed.

Rest assured, there is no need to disable SiteAdvisor or OneCare. The two products co-exist nicely (aside from the pop-up!).

Because OneCare doesn’t allow white listing of applications, affected consumers have limited options until all installations of OneCare are patched. Thanks for your patience during this time.

Permalink | TrackBacks (0)

We’ve been hearing from some of our users that their systems are slowing to crawl when trying to access Gmail. Ugh!

It turns out Google’s November Gmail release included some fairly significant, and unexpected, changes that are affecting many SiteAdvisor users on the Internet Explorer 7 platform. The effect is unacceptably high CPU usage.

We’re finishing a patch now that will go out to all our users the week of December 10.

In the meantime, add google.com to SiteAdvisor’s Do Not Warn list and reopen the browser. Doing so will alleviate the issue.

For step-by-step instructions, please visit McAfee's support center.

Permalink | Comments (1) | TrackBacks (0)

In early September 2007, concurrent with SiteAdvisor build 2.5, we changed the privacy policy for SiteAdvisor participants in our optional Product Improvement Program (PIP). As you may know, the PIP allows us to keep anonymous statistics on how our software is performing so we are better able to improve it.

Here's what's changed: Under the new privacy policy, we can now share these anonymous statistics with partners. Examples of these statistics would be the number of active SiteAdvisor users in a day, or the number of times users 'mouse over' SiteAdvisor's safe search ratings.

Here's what hasn't changed: We do not collect any personally identifiable information from SiteAdvisor users, whether the user is in the PIP or not. The PIP remains purely optional and by default, SiteAdvisor users do not participate. Users who opt-in to the PIP can still leave at any time by clicking on the settings menu found on the McAfee SiteAdvisor logo.

Permalink | Comments (3) | TrackBacks (0)

Back in March, we published Mapping the Mal Web an in-depth look at country-level domains. Tokelau (.tk) was the riskiest overall, with 10.1% of all tested domains rated red or yellow. Turns out that the people in a position to do something about that score took notice.

Dot TK, the private company that administers the domain on behalf of Tokelau (a territory of New Zealand), says it will install a system to filter malicious content. According to the CEO of Dot TK, the McAfee report spurred the new process: “We saw a decline of approximately 10% of new registrations in the countries where this report hit the press.”

According to press reports, Tokelau earns a double digit percentage of its GDP from revenue generated by the .tk domain.

Permalink | Comments (2) | TrackBacks (0)

Update:

Thanks to the hundreds of thousands of people who took our phishing quiz. We're now examining the results. Look for more interactive features from McAfee in the future!

Can you spot the phish?

How well can you spot phishing sites? Many of the readers of this blog are pretty savvy when it comes to security issues. So, we’ve created a deceptively easy but devilishly hard 10-question phishing quiz. Are you up to the challenge?

Our Phishing Quiz follows on the heels of our Spyware and Spam quizzes. More than 120,000 test results later, we can safely say that we have a lot of work left to do. The average score for the spyware quiz was 59%. For the spam quiz, 55%.

MailFrontier published the first phishing quiz back in 2004. Given the persistence and mutability of this plague, we thought it was time to revisit the issue. Whether it's rockphishing, or Flash phish or MySpace scams, phishing continues to evolve and ensnare both the ignorant – the people who don’t know better – and the arrogant – the people who should know better. And victims continue to lose real money. According to Gartner, per victim losses soared from $257 in 2004 to $1,244 in 2006. That’s nearly a 5-fold increase.

We encourage folks to share the quiz with friends and family. Use your expertise and the opportunity presented by the quiz to share some of our hard earned collective knowledge about phishing. Who knows? We might even save a few people from getting hooked.

Permalink | Comments (4) | TrackBacks (0)

Our automated crawlers detect thousands of exploits every day. Recently, we have detected a spike in the number of exploits spreading across certain hosting sites. The worst offender seems to be proboards.com, an Internet forum provider, which hosts over two million online forums. We have also seen spikes in active exploits on hosting sites like neosite.ro.

The examples above may be indicative of a trend of hosters being targeted for attack. That, in turn, is affecting hundreds or even thousands of their sub-domains. In the wake of this threat, hosting providers need to be more vigilant, so that they’re not putting their users at undue risk the way that ProBoards seems to be doing.

On proboards.com, we have detected hundreds of unique exploits, and we estimate thousands of sub-domains may actually be affected. When we visited one of the hacked ProBoards sub-domains we were redirected to advancedhunt.com, which hijacked our browser to display deceptive warnings of spyware infestation followed by a stealth installation of the rogue anti-spyware program PestTrap.

We are contacting the providers and will keep you posted. In the meantime, users should be very cautious of any sub-domains on these sites.

We will soon be marking these sites red until the providers clean up their acts. The irony is that many providers have recently proclaimed increased concern about anti-malware. We wish they would direct some of that concern to themselves and spend some time to clean up their own sites.

Permalink | Comments (9) | TrackBacks (0)