« Intuition Not Enough to Spot “Spammy” Sites | Main | Free (Asterisk) Credit Reports »

We don’t do anti-phishing

Posted by Shane Keats on September 28, 2006 06:48 PM

Really

Microsoft commissioned a study that hit the wires today, ranking a number of well-known, popular anti-phishing toolbars. And SiteAdvisor.

Despite the fact that we're not an anti-phishing toolbar, despite the fact that we explictly say we don't offer phishing protection, SiteAdvisor was included in the study. Guess what happened.

We lost.

Of the 200 test sites, we got 3 right. Netscape 8.1, the next closest "competitor" to SiteAdvisor, got 56 correct. Microsoft's IE7 beat the popular Netcraft by a whisker, 172 to 168.

A score 18 times worse than the next nearest competitor should have been a clue to the study's authors that something was wrong. Oh well. We suppose the study needed some comic relief to take away from the fact that a study that finds its paid sponsor to be the best at something is more of an ad than a study.

A score of 1.5% correct would indeed be shockingly bad, if, in fact, we tested sites for phishing. But we don’t. There are a couple of places on our site where we make that clear. On our support pages, we've answered "Does SiteAdvisor offer 'phishing' protection?" nearly 2,000 times, each time the same way:

SiteAdvisor's software does not currently provide automated or real-time phishing detection.

On a July 28 blog entry about an American Express related phish attack, we said it again:

A quick note. We wanted to remind readers that McAfee's SiteAdvisor plug-in warns users about a wide range of site-based threats including spyware, spam and exploits, but for anti-phishing and more complete threat protection, readers should look at our award winning security suites.

Comparing SiteAdvisor's anti-phishing efficacy with Netcraft's or IE7's is like comparing our restaurant ratings to Zagat's. Or comparing IE7's (non-existent) spam, spyware, exploit, link practice, and pop-up analysis with McAfee SiteAdvisor's.

That's part of the point. SiteAdvisor has focused on these kinds of analyses because no one else has. By contrast, there is a lot of good anti-phishing software on the market today. Oddly enough, the study didn’t bother to test McAfee's actual anti-phishing tools, included in our Internet Security and Total Protection Suites.

For the record: SiteAdvisor doesn't include anti-phishing protection. If and when it does, we promise it will be great, and that we'll let you know about it.

TrackBack

TrackBack URL for this entry:
http://blog.siteadvisor.com/mt/mt-tb.cgi/71

Comments

If SiteAdvisor doesn't do anti-phishing, then perhaps you should amend the pages on the McAfee and SiteAdvisor web sites that claim that it does; in particular, question 2 of the SiteAdvisor FAQ.

Don't get me wrong: I am very impressed with SiteAdvisor's overall capabilities. As you point out, it does several things that the pure anti-phishing products don't. I like it, really.

However, when McAfee's own PR people position SiteAdvisor as an anti-phishing product, and when that's confirmed by your own web site, I think a dispassionate observer might admit that it's reasonable to include it as an anti-phishing product.

Far be it from me to argue with the folks who created the product, but there seems to be a disconnect between what you say and what the rest of McAfee is saying.

Posted by: Paul Robichaux | September 28, 2006 09:54 PM

The fact remains, SiteAdvisor doesn’t do anti-phishing. We invite 3sharp to remove us from the study and to include tests of McAfee's actual anti-phishing tools. That's a contest worth studying.

Posted by: Shane Keats | September 29, 2006 04:12 PM

Comments in the Support Centre, that users will not see unless they go looking for support, or in a blog, which your users may not read, are not a sufficient disclaimer. Not when we take the rest of your site (and your own employee's and PR firm's comments) into consideration.

Why am I being so hard on McAfee about this? Not because they "lost" or IE7 "won", but because protection of users is my primary concern. As noted by the Anti-Phishing Working Group, and as I have seen in my own tests, phishing sites may attempt to download keyloggers and other dangerous software, and may attempt to take advantage of known Web browser exploits, to infect systems.

Phishing sites can be extremely dangerous and if SiteAdvisor is going to disclaim protection from phishing sites and their users will not be protected, then their users deserve, nay they NEED, such a disclaimer to be clearly communicated to them right from the start, and not have the information buried in a support site or a blog. And they certainly don't deserve to be misled by statements on the SiteAdvisor site like those highlighted above.

SiteAdvisor need to make it very very clear that they are disclaiming protection against phishing sites. Reality is that SiteAdvisor users are assuming that they are protected from phishing, and they are not being dissuaded from this misapprehension by the FAQ or the Learn More page, and will not be dissuaded unless and until they visit the SiteAdvisor Support Site and/or the SiteAdvisor blog.

Oh, and do me a favour and change your home page. In my world phishing sites *are* "online scams".

http://msmvps.com/blogs/spywaresucks/archive/2006/09/30/147191.aspx

Posted by: Sandi | September 29, 2006 10:39 PM

Well, we HAVE the Internet Security Suite that McAfee is touting, and these sites are not showing up as viruses, nor is there any suggestion on the SiteAdvisor telling how to get rid of the automatic links once you HAVE Internet Security Suite. Plus, I don't see any method of contacting McAfee with questions about how to delete links to sites they already know are dangerous! I cannot seem to get away from "thesafetyupdate" page or how to remove unwanted items from my toolbar even though I HAVE Internet Security Suite!

Posted by: Phillips | October 2, 2006 10:25 AM

Amazingly that you devloped a plugin like Site Advisor and that doesn't include phising whilst that is a ready product within McAfee also via a plugin.

I find it a very poor product when it shows a green "Safe" sign for pages that McAfee already has internal knowledge of to be unsafe because two branches of the company produce plugin's that check different kinds of fraudulent behaviour and warn only on it's own findings...

Posted by: hAl | October 2, 2006 10:44 AM

Just add that feature, it's what ppl want with SiteAdvisor

Posted by: J.Wolf | October 7, 2006 12:14 PM

For the record, McAfee did *not* create SiteAdvisor; they simply bought the company that did and made a few improvements. They have yet to integrate anti-phishing with SiteAdvisor.

Furthermore, I don't expect that the Firefox version of SiteAdvisor will ever do anti-phishing, as such a feature will be made redundant in Firefox 2.

Posted by: Pikadude No. 1 | October 10, 2006 02:49 PM

So you recommed IE7 as a safe browser? Everyone thinks that FireFox is extremely safe when it comes to adware, spyware, phising, etc... What do you think?

Posted by: Antonie Potgieter | October 14, 2006 04:48 PM

Why not go with phishtank (I run their latest extension right now).

It blocks know phishing sites from even trying to scam you.

I find it works really well.

http://gamespotting.net/phishtank.xpi

Posted by: MASA | October 14, 2006 10:28 PM

How is this possible? The answer is that number of servers (or home computer) per attack is increasing all the time.

Someone should notice this phishing and prevent it. If this becomes as common-place as spam has, it's time to wake up.

Posted by: Supansa McLean | November 3, 2006 02:57 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)