Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>McAfee reveals SiteAdvisor's retesting policy

Windows Secrets Newsletter • Issue 185 • 2009-02-19 • Circulation: over 400,000

Table of contents 
  • Top Story: McAfee reveals SiteAdvisor’s retesting policy
  • Known Issues: CNN/Octoshape, SiteAdvisor stories make waves
  • Wacky Web Week: Harmless new game, or ‘Bambi: First Blood’?
  • LangaList Plus: Why am I locked out of the Registry?
  • Best Software: Two freebies that will knock your socks off
  • Woody's Windows: Windows 7 moves Live Essentials to the cloud
 
Top Story

McAfee reveals SiteAdvisor’s retesting policy

Brian livingston By Brian Livingston

SiteAdvisor.com, which rates Web sites on a green-yellow-red scale, is releasing details for the first time on how quickly it retests sites, after a story on the subject appeared in Windows Secrets on Feb. 12.

To its credit, the site-rating service — which was acquired in 2006 by the security firm McAfee Inc. — is publishing a phone number for complaints and says it will reverse within days any genuine rating errors that are brought to its attention.

The Feb. 12 article was headlined “SiteAdvisor ratings may be 1 year out-of-date.” The story was written by WS contributing editor Mark Joseph Edwards, and I was credited with research assistance for interviewing McAfee representatives.

The article gave as one example a site named HometownZone.com. This site, which had been legitimately rated “green,” showed up in SiteAdvisor’s analysis as hosting several harmless hyperlinks to “good” sites. No problem there, except that site owner Scott Thompson said he’d removed the links approximately six months earlier.

The implication was that SiteAdvisor hadn’t scanned the site in months, or the nonexistent links wouldn’t be shown.

McAfee research analyst Shane Keats was quoted in the article as saying the company wouldn’t comment on how often it scans sites for spam, infected downloads, and other threats. “We’ve made a public decision not to tell how often we test sites,” Keats said at the time.

Further, Keats was quoted as saying it would be difficult for a site owner to get a rating changed in fewer days than the “probationary period” published by SiteAdvisor. These periods range from 30 to 365 days if a site is judged to have a Web exploit, 60 to 270 days if its e-mails are considered spammy, and so forth.

The article asked: If a site’s e-mails were erroneously scored as spammy, but the site owner protested, is it true that the site wouldn’t be tested again for 60 to 270 days? “That’s correct,” Keats was quoted as saying.

Even paying U.S. $859 per year or more to be tested daily and certified as clean by the “McAfee SECURE” program wouldn’t reduce the probationary period, Keats added, after confirming this with other McAfee executives. “The probationary period is no different for a McAfee SECURE customer or a non–McAfee SECURE customer,” he was quoted as saying.

More precise wording in newly disclosed procedure

After the article appeared, McAfee representatives contacted me, saying the article contained inaccuracies.

In a subsequent telephone interview, Keats said he’d been asked not whether a site with an erroneous rating “wouldn’t be tested again for 60 to 270 days” but whether it “wouldn’t be out of the probationary period for 60 to 270 days.” I believe the original question included the words “tested again,” but that’s not important now. Keats said the article had raised several questions and that McAfee had decided to review and publicly release its policies on scanning and retesting sites.

I’m pleased to report that McAfee has e-mailed me a previously undisclosed set of complaint-resolution policies, and the documents reveal a great deal about the service’s re-evaluation process.

Keats tells me, “This is the first time, at least in some cases, that this information is going out to the public.” The documents I’ve seen are not yet visible at McAfee.com or SiteAdvisor.com. Since I’ve been given them in writing, however, I trust that they’ll be posted by SiteAdvisor soon.

SiteAdvisor is making a public commitment to quickly change to “green” a rating that a Web site owner can prove is in error. The published probationary periods of up to 365 days do not apply before a genuine false positive can be corrected in SiteAdvisor’s ratings.

A site owner who is the victim of a false positive must first file a complaint using SiteAdvisor’s feedback form. After that, according to the documents I’ve received:
  • A review begins within “5 business days, usually less,” the documents say.

  • If a Web site owner says a downloadable file on the site should not be rated “yellow” or “red,” contrary to SiteAdvisor’s automated scan, the complaint is scheduled for a false-positive evaluation. “We will evaluate within 10 business days to see if we agree/disagree,” McAfee says. If the complaint does not involve a false positive, such as a site that unintentionally hosted a suspicious download but no longer does, “we will evaluate within 5 business days to see if the file is still hosted.”

  • If a complaint involves a false positive, a retest/re-evaluation takes 10 business days to complete for all categories of threats.

  • If the complaint is determined by SiteAdvisor not to involve a false positive, a retest/re-evaluation requires 60 calendar days of monitoring if a site sent e-mails considered spammy. It takes up to 5 business days for all other categories, such as infected downloads, exploit code, and links to questionable sites.

  • If the complaint is confirmed by SiteAdvisor to be a false positive, the situation can be patched in the scanning system (so the site won’t be wrongly flagged again) in “1 business day,” the documents say. In addition, “There is no probation period for confirmed false positives.”

  • If a site was not the victim of a false positive, but was able to correct or remove a threat, the site will remain “in probation” and continue to bear a “yellow” or “red” rating. “First-time ‘reds’ will go green in as few as 10 days,” the documents say. “Repeat reds will stay red for as long as 365 days.”
That can all add up to a lot of days for a frustrated site owner. But at least now the public can see SiteAdvisor’s timetable for correcting false positives.

Best of all, McAfee revealed to me a U.S. toll-free number that Web site owners can call to talk with a human being about erroneous ratings. The number — which hasn’t been visible at SiteAdvisor.com but has previously been used by McAfee.com — is 1-866-622-3911. (This number is not accessible or toll-free from every country.)

Keats emphasizes, “We will make it clear to site owners that this is largely a Web-based form and e-mail process.” It’s important that site owners feeling wrongly accused first submit a report via SiteAdvisor’s feedback form. But I believe it’s also essential for any system that’s subject to false positives to provide live human telephone support in special cases.

Information won’t necessarily be up-to-date

How about the example used in the article, in which SiteAdvisor claimed that a site was hosting hyperlinks that actually hadn’t existed there for months?

“We looked at HometownZone,” Keats explained to me in an e-mail after the original article appeared. “We originally rated it in March of 2008. We recrawled it several times subsequently. Most recently, we crawled and rated it again in December of 2008. … We didn’t find any red-rated links, and we didn’t find any heavier green-rated links, so we could continue to show that link analysis for up to a year.”

In a telephone interview, Keats indicated to me that some links could be given greater weight by SiteAdvisor’s crawler and therefore be considered “heavier” than other, newer links.

Hmm, old components of a site could remain in SiteAdvisor’s ratings “for up to a year”? As you recall, the headline on the Feb. 12 article said data might be “1 year out-of-date.” In certain cases, that’s absolutely true, and I stand by the wording of the original article.

Despite criticism, McAfee is proud of its rating service and wants it to be as responsive as it can be. Keats says, “Without equivocation, we can say that McAfee policy is that no site rating is a year old. Many of the sites in our database are tested at least weekly.”

The day the original article appeared, Keats told me that “some sites we test every day, some sites we test several times a day.” When I received McAfee’s newly released documents, he backed away from asserting that SiteAdvisor scans any sites that frequently, saying it was McAfee’s policy to make that claim.

Because SiteAdvisor’s policy statements are certain to change, I’ve posted the company’s original PDF files on dispute resolution and escalating a complaint at WindowsSecrets.com. Readers can judge for themselves whether the older documents gave much hope to site owners who were falsely accused.

In my view, a rating service should reverse within hours or days, not weeks, any negative ratings that are wrong. If a threat really has been removed from a Web site, I’d like to see the site upgraded to “green” but scanned every day, instead of bearing an inaccurate rating for up to 365 days.

But scanning the Web costs money, and SiteAdvisor is rating sites as frequently as it can within its budget. I hope independent test labs can soon give us objective scores for the accuracy of SiteAdvisor and all similar services. (See today’s Known Issues column for alternatives.) SiteAdvisor is a “white-hat” service and I commend it for revealing some of its previously unposted policies.

Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.
 
Known Issues

CNN/Octoshape, SiteAdvisor stories make waves

Dennis o'reilly By Dennis O’Reilly

Our two most-recent Top Stories — on CNN.com’s use of the Octoshape peer-to-peer service and on the reliability of McAfee’s SiteAdvisor security service — generated quite a response among the media as well as from readers.

As you’ve seen in this week’s Top Story, McAfee is reacting to our report by clarifying the process used to generate and update SiteAdvisor ratings.

Whenever an article receives the kind of positive response from readers that the last two Windows Secrets Top Stories garnered, we’re on cloud nine. And if the stories get picked up by other news sources — as our coverage of CNN.com’s use of the Octoshape peer-to-peer streaming technology and of McAfee’s SiteAdvisor policies has — it’s gravy.

Here’s a smattering of the news sources reporting on editorial director Brian Livingston’s Feb. 5 Top Story on CNN.com’s use of Octoshape:
  • Broadband DSL Reports.com: Debate Springs Up Over CNN P2P Use
  • Huffington Post: Watch CNN.com Live Video, Share Your Computer With CNN
  • Mediabistro: What You Probably Didn’t Know If You Watched the Inauguration on CNN.com Live
  • Inside Cable News: CNN.com’s Video Trojan Horse
The following are some of the media reports following Mark Joseph Edwards’ Feb. 12 Top Story on McAfee’s SiteAdvisor security service:
  • Safe Computing Bulletin: McAfee SiteAdvisor Ratings May Not Be a Good Guide to Website Safety
  • Freedomlist: SiteAdvisor Plug-in for Browsers May Be Out of Date
Two more free alternatives to SiteAdvisor

Mark’s SiteAdvisor story recommended the Web of Trust browser plug-in (more info) as an option for people who want an indication of the safety of the sites they visit. Reader George Elting points out two similar free services:
  • “I quit using SiteAdvisor a short while after McAfee took over. I now use two free programs to do similar things. One is CallingID [more info], which tells me how honest a site is about its ownership. The other is LinkScanner Lite [more info], which scans links in Web searches and e-mail. Between the two, I feel secure.”
Special paid columns warned of glitches

Following last week’s publication, we e-mailed on Feb. 14 to paid subscribers two premium columns that we deemed too important to postpone until today. Susan Bradley’s special Patch Watch column describes how to avoid a serious glitch related to the update described in Microsoft security advisory KB 960715. In the PC Tune-Up column, Mark reports on holes discovered in two popular remote-access programs, UltraVNC and TightVNC.

If you’re a free subscriber and you’d like to read these two stories (and all our paid content), you can do so by visiting the upgrade page and contributing whatever amount you feel it’s worth. You’ll then receive 12 months of our paid content and access to the full Windows Secrets archive.

George will receive a gift certificate for a book, CD, or DVD of his choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.
 
Wacky Web Week

Harmless new game, or ‘Bambi: First Blood’?

game demo By Katy Abby

Computer games just aren’t what they used to be. The days of playing World of Warcraft from the comfort of your computer chair are giving way to smarter, more interactive interfaces. Every day, new technological advances blur the lines between reality and fantasy, introducing gamers to a virtual experience that stretches the limits of the imagination.

Check out this clip from the SimAnimals Press Demo for a startlingly apt example of this trend. (Maybe these games should come with safety equipment.) Play the video
 
LangaList Plus

Why am I locked out of the Registry?

Fred langa By Fred Langa

Malware may prevent you from opening Windows’ Registry Editor.

There can be benign causes, but hostile software sometimes blocks Registry access and makes it difficult to root out the offending program.

Re-enable your ability to edit the Registry

Long-time reader Henry S. Winokur wrote in to tell us about a PC with a serious problem:
  • “Recently, I was working on a client’s XP computer and couldn’t access the Registry using Regedit. I think the error message was ‘You must have Administrator rights’ or something like that. I was going to try to use Regedit in Safe Mode, but first I ran a full Malwarebytes scan and it told me about the problem and then fixed it.

    “I was [then] able to use Regedit to edit the Registry and fix some other problems. What I’d like to know is, what did Malwarebytes do that allowed Regedit to work after running the software?

    “I asked Malwarebytes, but they refused to answer, citing trade secrets and something about having to kill me if they told me. I have to assume that the fix isn’t that big a deal if you know how to do it.”

Indeed, malware sometimes tries to prevent its own removal by preventing you from editing the Registry. Other times, Registry access is blocked by design to prevent you from tampering with the PC.

But in XP and Vista, the ability to edit the Registry is controlled through the Group Policy Editor. Follow these instructions to open the tool:

  • Step 1. Log onto an Administrator account and click Start, Run (in XP; Start in Vista).
  • Step 2. Type gpedit.msc and press Enter.
  • Step 3. In the Group Policy Editor, click User Configuration, Administrative Templates, System.
  • Step 4. In the Settings area, scroll to and double-click Prevent access to registry editing tools.
  • Step 5. Select either Disabled or Not Configured and choose OK.
  • Step 6. Close the Group Policy Editor and restart your computer.
You should now have full editing access to the Registry from any admin-level account. If you’d like an easier, free way to restore Regedit in XP, Doug Knox’s Disable/Enable Registry Editor script makes it a point-and-click snap (download page).

What do external hard drives do best?

I’m a recent convert to the pleasures of using a very large external hard drive, so I was glad to read Robert Conley’s question:
  • “I’m considering an external HD that could be disconnected from the desktop — if necessary — and later used with a notebook. Also, Windows 7 may require complete reinstallation of all programs, so I would like to back up and store my data elsewhere.

    This article is part of our paid content. Subscribe.

    Already a paid subscriber? Click here to login.

 
Best Software

Two freebies that will knock your socks off

Ian richards By Ian “Gizmo” Richards

For a piece of software to get onto my personal PCs, it must win a fierce Darwinian battle with the hundreds of other freeware programs I review each year.

Of all the software I looked at in the last year, only two utilities won the fight for survival, impressing me so much I installed them on all my office computers.

Fast search utility piggybacks on NTFS

There are dozens of utilities that allow you to find files quickly on your hard drive by searching on the file name. Most of these programs share a common weakness: they create large index files that eat up your hard disk space. Worse, the maintenance of these big index files can slow down your PC.

The Everything file-search program doesn’t suffer this problem. The index files that Everything creates are very small — just a few megabytes. Furthermore, the program updates these indexes so quickly you won’t even notice it. Yet this doesn’t affect Everything’s search performance. The tool can find a file anywhere on your drive nearly instantaneously.

Everything achieves this near-miracle by employing a clever trick. Rather than building totally self-contained search indexes from scratch, it leverages the information already contained within the NT file system (NTFS).

The results are spectacular. Everything can index a fresh install of Windows XP SP2 (about 20,000 files) in about one second. Yet the index files it creates are a tiny 3MB to 5MB.

Blink and you’ll miss seeing it work

In a fraction of a second, Everything can locate any file or folder anywhere on your PC, including attached USB drives. On startup, Everything updates its indexes automatically and displays all files and folders on your PC. The updating is so quick, you won’t even notice it.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Woody's Windows

Windows 7 moves Live Essentials to the cloud

Woody leonhard By Woody Leonhard

Windows 7 ushers in a new bifurcation of Windows applications: some apps that used to ship with the OS are now available only by download.

Allow me to help you find which of these Live Essentials you’ll find handy — most of which work in XP and Vista as well as in Windows 7.

What’s ‘essential’ about Live Essentials?

Microsoft says Windows Live Essentials — Mail, Messenger, Photo Gallery, Movie Maker, and a handful of others — form a “seamless whole” that will be “integrated but not bundled” with Windows 7 when it ships later this year.

Can you hear the hairs splitting?

Here’s the version without the candy coating. Microsoft realized long ago that it couldn’t ship Windows 7 quickly unless it got rid of several big, unwieldy (note that I didn’t say “bloated”) applications that have shipped with Windows since time immemorial — or at least since Vista.

Microsoft has ripped the big programs out of the box and sent them to the cloud. When you install Windows 7 — or, presumably, when you buy a new computer with Windows 7 preinstalled — you don’t get the Essential programs. Instead, you’re given pointers to, uh, help you download the programs from the Internet. Liberating the Essentials — taking them out of the box — has several interesting consequences:

  • The Essential programs, since they’re available online, don’t have to rev in concert with Windows. There’s no reason, for example, why you should have to wait for the next version of Windows to get a new version of Movie Maker. More than that, minor upgrades to the Essentials can appear with greater frequency — in the case of Messenger, with startling frequency — without forcing customers to change Windows itself.

    This article is part of our paid content. Subscribe.

    Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb