Skip navigation.
Home

McAfee Site Advisor Gives us the "Bad" Rating

McAfee SiteAdvisor is a service that is available to everyday users to determine the "safety" of websites. The idea behind it is that you can use their software prior to visiting to determine whether or not you want to visit a site. It is very similar to the Google warnings, and Stop Badware. It was recently pointed out to me that Offensive Computing is now officially listed as a bad site.

I'm not upset by this, in fact, I think it's a really good idea to have us listed here. The big reason for this is that we do in fact collect and spread malware albeit for research purposes. The type of people that would use the SiteAdvisor service really have no business coming here. It's a good thing.

If SiteAdvisor actually rated us down because we distribute malware that would be a completely valid reason. Instead the reason listed on their site at the time of this writing was the following:

"When we tested this site we found links to reconstructer.org, which we found to be a distributor of downloads some people consider adware, spyware or other potentially unwanted programs."

Frank Boldewin runs reconstructer.org and he makes valid contributions to the field of research. This entire conviction reeks of automated scanning. Since Frank analyzes real malware he probably had a sample included in his files. Since we link to his site (happily I might add) we are therefore guilty. This seems like an extremely naive way to perform a test of maliciousness. What's more a quick glance of other malicious sites reveals that we are in good company. Examples of other malicious sites include projects such as Metasploit.

UPDATE 2/21/2008 We are now officially listed as "good". Thanks McAfee

that's ridiculous news. so

that's ridiculous news. so mcafee tells everyone it's dangerous to surf to my site,
meaning my malware research is equal to other "real" spreading sites?

that really makes my day! :(

btw: a symantec blog entry also links to my site. does that mean they are also guilty? ;)

Sophos sucks aswell.. they

Sophos sucks aswell.. they dont know shit.
just wanted to "add" to the hate :D

By the McAfee logic, the

By the McAfee logic, the Symantec page should definitely be listed. I wouldn't take it too personally. This is just more bad vendor behavior.

hmmz

I don't understand why this site would be dangerous to visit.. At least if you're smart enough Not to run any files or something which are told to be harmful, it should be fine.

Still weird. Maybe this site just gives more information than McAfee, and they are jealous ^_^

Why don't you ask ...

...to be de-listed?

I made an effort last night,

I made an effort last night, but they seemed to be having problems. This is the error I got:

"Posting Web Site Owner Comments
Error Verifying Site

We are currently experiencing difficulties with our site verification process. Please try again later."

a friend of mine works for

a friend of mine works for mcafee and currently tries to remove the rating.

Thanks for looking into this

Thanks for looking into this Frank.

In my experience, companies

In my experience, companies as large as Symantec or McAfee routinely rely on automated scanning as it reduces the workload of constantly monitoring what otherwise would amount to the whole of the net for new pieces of malware/bad sites. I would imagine that they're using some garden variety spidering/crawling software to do most of this so, of course, it's not personal.

As others have stated, if it becomes a "high-impact" matter for your business you really have little recourse other than to contact the company, which is unfortunate.

In the end, you have it absolutely correct though. Those people that are likely using Site Advisor really have little/no business at a place like this. Which is:

Quite OK. :)

It's not really a problem

It's not really a problem and keeping the people who shouldn't be here from downloading something they shouldn't is a good thing.

It seems like SiteAdvisor implemented a broken pagerank-like algorithm for determining maliciousness of a website.

Good Company

Sure the BBC will be happy with this http://news.bbc.co.uk/1/hi/technology/6657677.stm links to Franks site.

Rating change for offensivecomputing

Hi, It's Shane from McAfee SiteAdvisor.

Thanks for bringing the questionable rating to our attention. We took a look and it's pretty clear that both offensivecomputing.net and reconstructer.org aren't malicious. We'll switch their ratings to 'Green' (no problems found). You should see those changes take effect soon with the following text:

"This is a security-related site that links, as part of its analysis, to downloads that some people consider adware, spyware or other potentially unwanted programs."

We believe that automated download analysis and link testing are efficient and useful ways to map the mal web, especially helpful for the casual user. Link testing is particularly effective when it comes to exposing adware and rogue anti-spyware vendors who use complex affiliate structures (and aggressive linking) to avoid exposure of the "mothership".

However, one downside of these processes is that sites like yours get unfairly tagged as malicious. Please don't hesitate to leave additional feedback at http://www.siteadvisor.com/userfeedback.html.

Thanks again.

hi shane, thanx for changing

hi shane,

thanx for changing this! ;)

cheers,
frank

Quoted from Shane's Reply:

Quoted from Shane's Reply: "We believe that automated download analysis and link testing are efficient and useful ways to map the mal web, especially helpful for the casual user."

No offense meant to DannyQ or to Frank, but that's exactly my point ... SiteAdvisor is for "casual users" not for malware analysts, collectors, or people who understand computers and virus infection in-depth.

So I suggest we'll leave this for now, and we've all got better things to do.

Cheers :)
Kish

--
Remember there is alwayz someone who knows more than us out there

Website reputation rating by WOT, Web of Trust

Knowing the problems with automated testing of websites, I want to mention another website security tool: WOT, Web of Trust. Offensive computing is rated green (safe) in WOT.

WOT is an online community for reputation rating that lets Internet users share their knowledge of websites. WOT also uses hundreds of trusted sources such as phishing site listings and warns users about online scams, spyware, spam etc. Since the community members have their saying in site ratings, WOT seems to give more accurate results than automated testing can do. Check www.mywot.com for a free download.

Regards,

Esa

Thanks for responding and

Thanks for responding and fixing the issue Shane. :)

Haha...

"The type of people that would use the SiteAdvisor service really have no business coming here."

Hit the nail on the head there!! ;D

what about the thousands of other sites that are marked red?

One of my websites is marked red for spamming and for the e-mails sent site advisor is listing some e-mails sent from hotmail and gmail, emails that were never sent from my mail server. I am not sure how automated this process is but I can not figure it out how site advisor decided that my site is spammy?? After browsing trough some blogs I can tell that a LOT of other sites faced the same thing.

But as you say it is automated process and mistakes happen... no problems. But how would site advisor comment that after 3 months persistant contatcs with their support teams and supervisors I can not get my website retested or listed as safe as it should be. In other words if the automated test is wrong then the information "advice" that site advisor is giving to its users is wrong. I believe the problem with the lack of retesting or correcting system is a huge mistake and will cause huge damage to site advisor reputation if any is left.

The website that I am referring to is a real estate website which never sent any spam. The damage that site advisor is causing to my serps in yahoo are considerable which means that some people are paying attention to the flags. If someone knows how the red flag could be removed please advice. Thanks.