McAfee SiteAdvisor Blog

From time to time, it's helpful to remind site owners and others how we respond to site owners who are concerned about our rating for their site, and how we go about resolving disagreements over a rating.

McAfee welcomes feedback about its site ratings and encourages site owners to contact us if they believe one or more of our facts regarding their site are in error. We pledge to work cooperatively with those site owners and to respond reasonably to dispute inquiries as quickly as possible.

What follows is an FAQ style description of the site rating dispute process.

How do you submit a site rating dispute?

To begin, please submit your rating dispute online.

http://www.siteadvisor.com/userfeedback.html

During the evaluation of this dispute, McAfee communicates with site owners via e-mail.

How will McAfee evaluate the dispute?

McAfee will acknowledge your dispute via e-mail and begin to evaluate the concerns you raise.

Our evaluation can go quicker if you include details about your dispute. For example, let us know what parts of our test results you are disputing and why you are disputing them. You should review the profile of your site’s test results by searching for it here: http://www.siteadvisor.com/sites/

Disagreements with site owners typically fall into two categories. The first kind can be described as “Our site doesn’t do what you say it does.” The second kind can be described as “Our site no longer does what it used to do.”

There are many different cases, but here are two typical examples:

• A site owner says that the file he offers for download is not a virus.
• A site owner says that his site no longer offers the download we found in our previous test, or that the behavior of download itself has been modified.

How long will the evaluation process take?

McAfee will acknowledge your dispute within one business day of receipt. We will initiate an evaluation within five business days.

Once started, evaluations will typically be completed within the following time frames:

• Claims that a site has changed: Five business days once the evaluation is begun.


• Exception: E-mail practices. Evaluating changed e-mail practices takes 60 calendar days once the evaluation is begun because we must give our new test e-mail address significant time to see what kind of e-mail it receives, if any.


• Claims that McAfee made a mistake: 10 business days once the evaluation is begun.

What happens after the evaluation is done? When will my site’s rating change?

McAfee will e-mail the site owner to share the results of its evaluation.

When our evaluation confirms that our test data was in error, the site’s rating will be changed within one business day after we complete our evaluation.

Please note that in some cases, the overall rating for a site might remain red or yellow even if one of the test results used for that rating was wrong. For example, a site with multiple, red rated downloads will remain red even if one of those download ratings is found to be mistaken.

Sites that were accurately rated red or yellow as a result of our previous tests but have now improved will undergo a re-assessment period before the site rating is changed.

How long does this re-assessment period last?

The re-assessment period can vary from as few as 10 calendar days to as many as 365 calendar days. The length of this period depends on the site’s historical test information and the severity of the issues we found during those previous tests.

For example, sites that were rated red or yellow and have no history of risky behaviors will “go green” faster than sites that have been rated red or yellow multiple times. Sites that re-engage in a behavior that we believe is risky will “go green” slower the next time. Sites that engage in particularly risky behavior like hosting exploit code will also “go green” more slowly.

There are many different cases, but here is a typical example:

• A site that is rated red for the first time for posting links to a few red rated downloads disputes their site rating and removes the links. The site rating could become green in as few as 10 days after our tests show that the links are gone and no other issues are discovered.
• If a subsequent test of that site finds new links to red rated downloads or finds other risky behaviors, the site rating will remain red for at least 30 days after our tests show that the links and other risky behaviors have been removed.

How can I contact McAfee?

Site owners are welcome to e-mail support@siteadvisor.com. E-mail inquiries will result in a “ticket” being created and assigned to a technical support representative. This representative will direct the site owner to begin the dispute resolution process by submitting his complaint at http://www.siteadvisor.com/userfeedback.html.

The fastest and best way to check on the status of a dispute, submit additional information or express additional concerns is by e-mailing your technical support representative.

Permalink | TrackBacks (0)

From time to time, we think it's helpful to remind our users, site owners and others what SiteAdvisor software rates and how it rates it. Here's a summary:

What Is a SiteAdvisor Site Rating?
A site rating is our opinion of a website's reputation. The site rating is based on our interpretation of a variety of test results that provide the best indication of a site's reputation over time.

We test sites for downloads, browser exploits, e-mail, phishing, e-commerce, pop-ups and cookies and affiliations with other sites.

We use proprietary techniques to visit and test sites. We then analyze the resulting data and present it to users in the form of colored icons.

Green Icon: Very low or no risk issues found.
Yellow Icon: Minor risk issues found
Red icon: Serious risk issues found
Grey Icon: Not yet rated. Use caution.

Detailed information about our test results can be found on each site’s profile page which can be accessed at http://www.siteadvisor.com/sites

What Is Rated? How Is It Rated?
We test seven attributes of a site. Red, yellow, and green scores are computed from the outcome of these tests.

Downloads
We test downloadable software that is hosted by and directly linked to from a site. We use our award-winning McAfee anti-virus engine to determine if the file includes malware, such as viruses, Trojans or adware. We also test for program behaviors that we deem to be risky or merit a cautionary note. Behaviors can include resetting the browser’s home page, adding toolbars or desktop shortcuts or contacting 3rd party Web servers. Based on these results, we score the site’s downloads accordingly.

E-mail practices
We test sites for a variety of e-mail practices including the amount and type of e-mail resulting from a sign up, the ease of unsubscribing and the posting of e-mail addresses.
Receiving Mail: We test receiving mail by entering a valid, unique personal e-mail address into a site’s e-mail form. Then we measure any mail that is received at this unique address. We score the site according to the quantity of mail received as well as the "spamminess" of those e-mails. Spamminess is a measure of the mail’s commercial content, as well as the presence of tricks used by spammers to try to escape detection by spam filters.
Unsubscribe: If we receive e-mail at an address submitted to a site, we try to unsubscribe. We then measure e-mail, if any, received after the unsubscribe attempt. If unsubscribing is not successful after several tries, the site is rated accordingly.
Posting e-mail addresses: After entering unique contact information into a site’s e-mail form, we then see whether that e-mail is posted on the Internet in its unaltered form. We also measure what, if any, e-mail results from the posting.

Browser Exploits
We perform tests to detect the presence of exploits on a site. An exploit is any content that forces a web browser to perform operations that the user does not explicitly intend.

Annoyances
When we visit a site, we record how many pop-ups occur and how many cookies we receive. In addition, we monitor prompts to change a browser’s home and search page settings.The presence or cookies is only noted. Cookies do not affect a site’s score.

E-Commerce
McAfee tests sites for the following e-commerce issues.
Phishing: We use proprietary, award-winning real-time phishing software to evaluate whether the site in question is attempting to mimic a legitimate business or financial institution.
Scams: We use a variety of criteria to determine whether a site in question is engaged in questionable business practices, such as selling rogue anti-spyware.

Links (online affiliations)
We collect information about the URL links posted on a site to determine whether the site is affiliated or effectively directing traffic to another site. We rate a site based on our estimation of the risk users could experience if they used these links to be led to other risky sites.

Why Is a Site Rated Red?
Sites are rated red when, in our judgment, the site poses especially hazardous risks to a user's computer security, there are an exceptional number of annoying behaviors, or there is exceptional information that we believe our users would want to be aware of before or during a visit to that site. Behaviors that typically lead to red site ratings are hosting drive-by exploit code, impersonating a legitimate business (phishing), making unrequested or unexpected system changes, or hosting malware for download at the time of our visit. Sites can also be rated red when we receive unexpected e-mail to the unique e-mail address we submitted to that site, and the e-mails we receive exhibit characteristics consistent with spam e-mail, such as unusual volume or a high “spamminess” score as determined by an automated scanning program. Additionally, we may rate a site red for certain types of linking behavior with other red sites, or when we find a site that engages in activities we believe could be misleading.

Site ratings are calculated automatically based on McAfee’s opinion of the risks associated with the results of the tests performed on a site.

The rating is not intended to measure the site owner’s intent or knowledge. For example, a site that posts the e-mail addresses of its users in plain text, even though unintentionally and without any spam e-mail being received, can earn a red rating because of the increased risk this behavior poses to users to receive spam. Similarly, a site with numerous links to sites with red site ratings, even though the site owner may be unaware of the risk profile of those linked sites, can earn a red rating because of the increased risk to users to visit potentially dangerous sites or to download dangerous programs.

Why Is a Site Rated Yellow?
Sites are rated yellow when, in our judgment, the site exhibits behaviors or has a history that we believe SiteAdvisor users would want to be aware of before or during a visit to that site. However, for yellow sites these factors are not as acutely severe as they are for a red site, or there are other mitigating factors that weigh in favor of a yellow rather than a red rating.

Why Is a Site Rated Gray?
Sites are rated gray when we either have no evidence or are currently collecting evidence about a site. If you would like your site to be tested, please submit your request on our feedback form by clicking here: http://www.siteadvisor.com/sites/domain/writeComments?firstTry=1§ion=domainSuggestion&domain

Permalink | TrackBacks (0)

We’ve got some big enhancements to the McAfee® SiteAdvisor® software to share with you today.

Secure Search

McAfee SiteAdvisor technology with Secure Search allows users to block and filter malicious Web sites from search results, provides a Secure Search Box for simplified security and integrates McAfee SECURE^TM trustmarks throughout the consumer Web experience. Together, these Secure Search features extend McAfee’s commitment to making it easier than ever for consumers to enjoy comprehensive Web Security. The upgrade is free and is available immediately for new and existing users.

Secure Search Box

Secure Search is centered on the new Secure Search Box. Now, wherever you are on the Web, you can search more securely without first having to navigate to a search engine page.

The search box can be toggled on and off via the settings menu.

Risky Site Filtering

The Secure Search Box also offers you the ability to filter and block red-rated risky sites from your search results.

That greyed out link means it’s not clickable unless you change your settings.

This feature goes beyond the safety guidance offered by the standard settings and delivers active protection. It’s great for families with children, or for computers that are shared with less experienced, novice Web users.

Yahoo! Toolbar

Many of you will also see an option to download and install the popular Yahoo! Toolbar, integrated with our Secure Search features! When you download the toolbar and do your searches through the Yahoo! search box, you get a three benefits: great Yahoo! search results that get you straight to your answers by predicting what you’re searching for and offering instant suggestions as you type, our safety annotations, and risky site filtering. In addition, after you set it up with your favorite bookmarks, the Yahoo! Toolbar gives you one-click access to the sites you care about most, both on and off Yahoo!

The integrated Yahoo toolbar is only available to our IE users at this time.

Safer Shopping with verified McAfee SECURE sites

We’d also like to call your attention to something you may not have noticed. This summer, we began displaying the McAfee SECURE™ trustmark on sites that have passed rigorous daily testing by the McAfee SECURE service.

What does this mean for you? Your personal information is safer with participating McAfee SECURE vendors! That’s because daily scanning for known threats can help prevent Web sites from falling prey to many forms of hacker crime. Only sites that pass the McAfee SECURE program of daily testing and maintain their overall Green rating from SiteAdvisor technology testing can display the trustmark.

McAfee SECURE shopping Portal

When you get a chance, be sure to check out McAfee SECURE shopping, a convenient one-stop-shop with more than 1,500 well known e-commerce sites, all of which earn the right to display the McAfee SECURE trustmark. This is a safer online experience whether you’re surfing, searching or shopping.

Your feedback

Have a comment or suggestion? We're listening here.

Permalink | TrackBacks (0)

For millions of Yahoo! users, their search experience is now a little different. Alongside their regular Yahoo! search results, they may encounter a new piece of information – the site’s risk rating!

We recently announced that McAfee and Yahoo! have partnered to launch Yahoo! SearchScan Beta Powered by McAfee, the Web’s first search engine to incorporate such site safety ratings.

What’s under the hood?

Under this beta launch, Yahoo! users in the US, Canada, UK, France, Italy, Germany, Australia, New Zealand and Spain will experience much safer searching thanks to site safety ratings from SiteAdvisor, McAfee’s 5-star rated, award winning safe search tool.

Yahoo! users will immediately benefit by avoiding Web sites that can result in spyware, spam and "browser exploits."

SiteAdvisor users will now see two annotations when they search on Yahoo! – McAfee’s circle and Yahoo! SearchScan’s red triangle. The rating and additional information are the same.

Yahoo! will remove all sites that McAfee has rated red (risky) for download and e-mail practices from sponsored results (the ones on the right and top of the page). In addition, Yahoo will remove all sites that test positive for malicious exploit or "drive-by" code, no matter where they appear on the page. Finally, Yahoo! will display alerts next to red-rated download or e-mail results in the organic part of the search page.

For those Yahoo! users who are unfamiliar with SiteAdvisor, when they mouse over a red rating and click "more details" they’ll open a site profile providing the same in-depth information about the site’s test results that SiteAdvisor’s existing users have come to expect.

The added safety will be "on"by default for all users of Yahoo!’s U.S. search portal. Under Yahoo!’s "Search preferences" consumers can easily turn off the new feature or decide to filter out all red results from search results.

What’s Different?

SearchScan uses almost all of our data – but not all of it. For example, the SiteAdvisor plug-in offers phishing protection. SearchScan does not. Why? Phishing sites are largely a "surfing" phenomenon. They almost never show up in search so it makes sense for Yahoo to work with the most common types of red for now. For another example, we use a pretty complex algorithm to mark sites red if they link to too many other risky sites. SearchScan is brand new to the Yahoo! community and they’re rightly focusing at first on threats that are easiest to understand – like downloads, spam and exploits.

Taking SiteAdvisor wherever you search and surf

If Yahoo!’s users enjoy this safer search environment, we hope they’ll consider adding the SiteAdvisor plug-in to their browser as well. This way, they can take that new layer of safety to the surfing experience.

In fact, Yahoo!’s SearchScan Beta is not a replacement for SiteAdvisor. Our existing SiteAdvisor users will want to keep their plug-in installed so they can benefit while surfing and while searching on other engines.

Permalink | TrackBacks (0)

Microsoft’s OneCare team issued an update on January 31, 2008 that resulted in SiteAdvisor users receiving a Microsoft warning message recommending that SiteAdvisor be removed due to interference with OneCare.

SiteAdvisor doesn’t interfere with OneCare in any way; we communicated this to Microsoft and they’ve begun to resolve the issue.

As of February 21st, new installations of OneCare will not message against SiteAdvisor. However, existing users of OneCare will continue to receive these messages until sometime in the spring, when Microsoft says it will fix OneCare installations made prior to February 21.

Turns out that as a general rule, Microsoft recommends running only one security application at a time because of potential performance and "PC stability" issues. We explained to Microsoft that SiteAdvisor functionality is totally unrelated to OneCare. They agreed.

Rest assured, there is no need to disable SiteAdvisor or OneCare. The two products co-exist nicely (aside from the pop-up!).

Because OneCare doesn’t allow white listing of applications, affected consumers have limited options until all installations of OneCare are patched. Thanks for your patience during this time.

Permalink | TrackBacks (0)

We’ve been hearing from some of our users that their systems are slowing to crawl when trying to access Gmail. Ugh!

It turns out Google’s November Gmail release included some fairly significant, and unexpected, changes that are affecting many SiteAdvisor users on the Internet Explorer 7 platform. The effect is unacceptably high CPU usage.

We’re finishing a patch now that will go out to all our users the week of December 10.

In the meantime, add google.com to SiteAdvisor’s Do Not Warn list and reopen the browser. Doing so will alleviate the issue.

For step-by-step instructions, please visit McAfee's support center.

Permalink | Comments (1) | TrackBacks (0)