What Is McAfee SiteAdvisor software?

What Is McAfee SiteAdvisor software?
SiteAdvisor software is an award-winning, free browser plug-in that gives advice about Websites before you click on a risky site.

With SiteAdvisor software installed, browsers will look a little different than before. We add small site rating icons to search results as well as a browser button and optional search box. Together, these alert users to potentially risky sites and help them find safer alternatives.

These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats. The result is a guide to Web safety.

The SiteAdvisor technology is free, easy to install and even easier to use. And it doesn't collect any personally identifiable information.
What Is a SiteAdvisor Site Rating?
A site rating is our opinion of a website's reputation. The site rating is based on our interpretation of a variety of test results that provide the best indication of a site's reputation over time.

We test sites for downloads, browser exploits, e-mail, phishing, e-commerce, pop-ups and cookies and affiliations with other sites.

We use proprietary techniques to visit and test sites. We then analyze the resulting data and present it to users in the form of colored icons.

Very low or no risk issues found.

Minor risk issues found.

Serious risk issues found.

Not yet rated. Use caution.

Detailed information about our test results can be found on each site's profile page which can be accessed at http://www.siteadvisor.com/sites/.

Why Is a Site Rated Red?
Sites are rated red when, in our judgment, the site poses especially hazardous risks to a user's computer security, there are an exceptional number of annoying behaviors, or there is exceptional information that we believe our users would want to be aware of before or during a visit to that site. Behaviors that typically lead to red site ratings are hosting drive-by exploit code, impersonating a legitimate business (phishing), making unrequested or unexpected system changes, or hosting malware for download at the time of our visit. Sites can also be rated red when we receive unexpected e-mail to the unique e-mail address we submitted to that site, and the e-mails we receive exhibit characteristics consistent with spam e-mail, such as unusual volume or a high "spamminess" score as determined by an automated scanning program. Additionally, we may rate a site red for certain types of linking behavior with other red sites, or when we find a site that engages in activities we believe could be misleading.

Site ratings are calculated automatically based on McAfee's opinion of the risks associated with the results of the tests performed on a site. The rating is not intended to measure the site owner's intent or knowledge. For example, a site that posts the e-mail addresses of its users in plain text, even though unintentionally and without any spam e-mail being received, can earn a red rating because of the increased risk this behavior poses to users to receive spam. Similarly, a site with numerous links to sites with red site ratings, even though the site owner may be unaware of the risk profile of those linked sites, can earn a red rating because of the increased risk to users to visit potentially dangerous sites or to download dangerous programs.
Why Is a Site Rated Yellow?
Sites are rated yellow when, in our judgment, the site exhibits behaviors or has a history that we believe SiteAdvisor users would want to be aware of before or during a visit to that site. However, for yellow sites these factors are not as acutely severe as they are for a red site, or there are other mitigating factors that weigh in favor of a yellow rather than a red rating.
Why Is a Site Rated Gray?
Sites are rated gray when we either have no evidence or are currently collecting evidence about a site. If you would like your site to be tested, please submit your request on our feedback form by clicking here.
What Is Rated? How Is It Rated?
We test the following attributes of a site. Red, yellow, and green scores are computed from the outcome of these tests.

Downloads
We test downloadable software that is hosted by and directly linked to from a site. We use our award-winning McAfee anti-virus engine to determine if the file includes malware, such as viruses, Trojans or adware. We also test for program behaviors that we deem to be risky or merit a cautionary note. Behaviors can include resetting the browser's home page, adding toolbars or desktop shortcuts or contacting 3rd party Web servers. Based on these results, we score the site's downloads accordingly.
E-mail practices
We test sites for e-mail practices by entering a valid, unique personal e-mail address into a site's e-mail form. Then we measure any mail that is received at this unique address. We score the site according to the quantity of mail received as well as the "spamminess" of those e-mails. Spamminess is a measure of the mail's commercial content, as well as the presence of tricks used by spammers to try to escape detection by spam filters.
Browser exploits
We perform tests to detect the presence of exploits on a site. An exploit is any content that forces a web browser to perform operations that the user does not explicitly intend.
Web reputation
McAfee tests websites for web reputation using the TrustedSource™ system. This system collects security data from tens of millions of sensors located in more than 120 countries. McAfee's proprietary technology analyzes traffic and linking patterns, website behavior, content analysis, site registration and hosting, to develop an overall reputation rating for the website.
Annoyances
When we visit a site, we record how many pop-ups occur and how many cookies we receive. In addition, we monitor prompts to change a browser's home and search page settings.The presence or cookies is only noted. Cookies do not affect a site's score.
E-Commerce
McAfee tests sites for the following e-commerce issues.

Phishing: We use proprietary, award-winning real-time phishing software to evaluate whether the site in question is attempting to mimic a legitimate business or financial institution.

Scams: We use a variety of criteria to determine whether a site in question is engaged in questionable business practices, such as selling rogue anti-spyware.
Links (online affiliations)
We collect information about the URL links posted on a site to determine whether the site is affiliated or effectively directing traffic to another site. We rate a site based on our estimation of the risk users could experience if they used these links to be led to other risky sites.
How can a site owner dispute a site rating?
McAfee welcomes feedback about its site ratings and encourages site owners to contact us if they believe one or more of our facts regarding their site are in error. We pledge to work cooperatively with those site owners and to respond reasonably to dispute inquiries as quickly as possible. What follows is a description of the site rating dispute process.

How do you submit a site rating dispute?
To begin, please submit your rating dispute via email at support@siteadvisor.com or online.

http://www.siteadvisor.com/userfeedback.html

During the evaluation of this dispute, McAfee communicates with site owners via e-mail.
How will McAfee evaluate the dispute?
McAfee will acknowledge your dispute via e-mail and begin to evaluate the concerns you raise.

Our evaluation can go quicker if you include details about your dispute. For example, let us know what parts of our test results you are disputing and why you are disputing them. You should review the profile of your site’s test results by searching for it here: http://www.siteadvisor.com/sites/.

Disagreements with site owners typically fall into two categories. The first kind can be described as "Our site never did what you say it does." The second kind can be described as "Our site no longer does what it used to do."

There are many different cases, but here are two typical examples:

A site owner says that the file he offers for download is not a virus. A site owner says that his site no longer offers the download we found in our previous test, or that the behavior of download itself has been modified. How long will the evaluation process take?
McAfee will acknowledge your dispute within one business day of receipt. We will initiate an evaluation within five business days.

Once started, evaluations will typically be completed within the following time frames:

Claims that a site has changed: Five business days once the evaluation is begun.
Exception: E-mail practices. Evaluating changed e-mail practices takes 60 calendar days once the evaluation is begun because we must give our new test e-mail address significant time to see what kind of e-mail it receives, if any. Claims that McAfee made a mistake: 10 business days once the evaluation is begun. What happens after the evaluation is done? When will my site's rating change?
McAfee will e-mail the site owner to share the results of its evaluation.

If our evaluation confirms that our test data was in error, the site's rating will be changed within one business day after we complete our evaluation.

Please note that in some cases, the overall rating for a site might remain red or yellow even if one of the test results used for that rating was wrong. For example, a site with multiple, red rated downloads will remain red even if one of those download ratings is found to be mistaken.

Sites that were accurately rated red or yellow as a result of our previous tests but have now improved will undergo a re-assessment period before the site rating is changed.
How long does this re-assessment period last?
The re-assessment period can vary from as few as 10 calendar days to as many as 365 calendar days. The length of this period depends on the site's historical test information and the severity of the issues we found during those previous tests.

For example, sites that were rated red or yellow and have no history of risky behaviors will "go green" faster than sites that have been rated red or yellow multiple times. Sites that re-engage in a behavior that we believe is risky will "go green" slower the next time. Sites that engage in particularly risky behavior like hosting exploit code will also "go green" more slowly.

There are many different cases, but here is a typical example:

A site that is rated red for the first time for posting links to a few red rated downloads disputes their site rating and removes the links. The site rating could become green in as few as 10 days after our tests show that the links are gone and no other issues are discovered. If a subsequent test of that site finds new links to red rated downloads or finds other risky behaviors, the site rating will remain red for at least 30 days after our tests show that the links and other risky behaviors have been removed. What if my site is rated risky due to McAfee TrustedSource™?
SiteAdvisor ratings now incorporate web reputation analysis from the McAfee TrustedSource system. To contact McAfee about this analysis, just follow the same steps described in the section titled How do you submit a site rating dispute?
How can I contact McAfee?
Site owners are welcome to e-mail support@siteadvisor.com. E-mail inquiries will result in a "ticket" being created and assigned to a technical support representative. This representative will direct the site owner to begin the dispute resolution process by submitting his complaint at http://www.siteadvisor.com/userfeedback.html.

The fastest and best way to check on the status of a dispute, submit additional information or express additional concerns is by e-mailing your technical support representative.
What can site owners do to help keep their websites safe?
Site owners and webmasters face many challenges as they strive to keep their sites, and their visitors, safe from malicious hackers. What follows are some suggested best practices – steps webmasters can follow in order to maintain the good reputations of their sites. This list is not comprehensive and following it does not guarantee a Green site rating.

Hosting files for download
Site owners are encouraged to perform simple checks on downloadable files, such as scanning a file with a reputable anti-virus scanner before making it available. One option is to upload the file to VirusTotal.com, a free service that scans the file and provides detection information from multiple anti-virus software vendors including McAfee. Note that this only checks for those detections that exist at the time you submit the file.

Removing risky programs includes removing the links to the program and deleting the program from the site's public server. Removing only the link may not be sufficient because users may still be able to access the program.
E-mail practices
Site owners are encouraged to be responsible for what happens with information, including e-mail addresses, submitted to their site. For example, posting e-mail addresses in a manner that allows them to be harvested by third parties, or sharing data with partners who might be spammers or who might pass the information on to spammers are considered poor data handling. Poor data-handling practices can cause users to receive unexpected e-mail.

The e-mail test used by SiteAdvisor technology is an "action-result" test. The action is providing a unique e-mail address to forms found on the site; the result is the e-mail received. McAfee's e-mail test does not attempt to identify either the reasons for, or the source of, the emails received. We simply count the e-mail received by that address and score it for spam-like characteristics.
Browser exploits
Site owners are encouraged to routinely monitor their websites for browser exploits - content that attempts to control a visitor's computer in an unauthorized manner. One important best practice is to implement change-control and content-management procedures so that webmasters will know when files change on their sites. Site owners should be suspicious of any files that change outside of the accepted processes.

Other best practices include conducting routine security assessments. These assessments should be used to check and patch vulnerabilities in the server operating system, and web, database, and application servers. A good place to start for security best practices is on the Open Web Application Security Project.
Online affiliations
Links to external domains are powerful tools for webmasters, but site owners should be aware that linking to other sites on the Internet can be seen as an endorsement or collaboration between the sites. Malicious site owners use these relationships to their advantage by creating their own "safe" sites or leveraging the links posted on third-party sites to drive traffic to a specific location. This technique can drive traffic to risky sites from a site that is otherwise benign.

Site owners are encouraged to periodically review the sites they are linking to using SiteAdvisor site ratings or other sources.
Pop-Ups
Pop-ups windows are often considered a nuisance by users. Site owners are encouraged to limit the number of pop-ups or windows that open when users interact with the site.

Pop-ups may also be used to deliver malicious code to site visitors or to drive traffic to malicious sites. When using certain advertising companies and tools, site owners may not be in full control of how many ads of this nature are being displayed as well as the exact content of the ads.

Site owners are encouraged to present to their users only content that is under their control or content from trusted third parties that have strict controls in place.
E-commerce promotions
When a site hosts promotions or links to promotions from other sites, site owners are encouraged to pay attention to the product offering. For example, promotions can be considered misleading in situations where the offer’s description, the fine print, and the terms and conditions are contradictory or unclear, or where there is credible information that the claims are suspect or require very careful consideration.

Even worse, some promotions could be malicious; these include free offers that collect personal information and sell or use this data in ways other than what the user understood.