topbarfade

Home > Notice

What is wrong with SiteAdvisor?



For those of you that are not familiar with McAfee SiteAdvisor, they are an online service that classifies websites into green, yellow and red safety categories. The green classification indicates a site with "very low or no risk", yellow represents "minor risks" and the red flag warn users of "serious risks" associated with the site. The service can be accessed via their website (siteadvisor.com) and is widely distributed as toolbar version for Internet Explorer and Firefox, providing on-the-fly site classifications as you browse the web.

There has been widespread criticism for false positives/negatives and the limited, slow or non existing efforts of McAfee to address complaints from site owners.[read Wikipedia article]

We have been flagged "red" or "yellow" for several times in the past, but were able to get this rating corrected, although it took weeks or months to change our status back to "green".

As you may have noticed, we are back to "yellow" again and the time has come to publicly address this false and unfair classification, since it has the potential to defame our reputation and cause visitors to avoid Snapfiles.com.

How does SiteAdvisor work?

As far as downloads are concerned (they also check for browser exploits, popups, spam etc.) McAfee claims to download all the files that it finds on a site and then tests them for malware. In their own words:

"We download and install each file we find we even open zip files. We then scan our test computer to see what changes have been made. If a program is determined to be a virus, Trojan, or certain other types of malware, that program will earn a red rating."

Sounds great, in theory, and if these ratings were fair and consistent, the service could be quite useful. Unfortunately however, the McAfee SiteAdvisor ratings are far from being fair and even further from being consistent. In fact, one could argue that due to the large number of false and misleading results, the service has become a potential danger to those who rely on the results.

McAfee SiteAdvisor has (once again) decided to mark Snapfiles.com with a "yellow" flag, thereby warning users of minor risks associated with our site.
Let's take a look at the table below to see how McAfee SiteAdvisor ranks other download sites:

Site Red Flags Yellow FlagsNumber of files tested% of files with warningsNegative user reviewsSiteAdvisor Rating
Download.com 9 11 206 9.7% 247 green
PCWorld 14 6 504 3.97% 26 green
Softpedia 128 142 11891 2.27% 99 green
BetaNews 5 20 558 4.48% 8 green
Tucows.com 13 31 1345 3.27% 59 green
Snapfiles.com 1 4 209 1.91% 7 yellow
Results based on SiteAdvisor reports as of March 2010

I guess we should thank SiteAdvisor for proving the fact that we are indeed the safest choice among these sites!

According to the SiteAdvisor results, Snapfiles.com has the:
- lowest number of risk files
- lowest overall percentage of risk files
- lowest number of negative user reviews.

question   But wait..., why are we marked "yellow" then?

Hmm, makes no sense, does it? It appears that the more red/yellow files you offer, the "greener" your status? How can it be that sites with dozens or even hundreds of red/yellow files are marked "green" and a site with only 5 of these files is marked "yellow"?

How come that a site links to a file and gets a "yellow" rating while the publisher that is hosting the file is listed as "green"? How in the world do you justify that a site with nearly 10% of red and yellow files deserves a "green" rating?

It doesn't take a rocket scientist to see that the system is, at best, "seriously flawed".

What are those files that were flagged on our site?

siteadvisor report

mailpv_setup.exe (Mail PassView)

This is a popular password recovery tool from nirsoft.net. The program can be used to recover forgotten passwords that are stored in your email program.
Oddly enough, according to SiteAdvisor, the site of the developer that actually publishes and distributes this software is rated green green. We are linking to the same file and get a "yellow" rating?

passwordfox.zip (PasswordFox)

This is a another popular password recovery tool from nirsoft.net. The program can be used to recover forgotten passwords that are stored in the Firefox browser. Nothing wrong with the software or publisher.
According to SiteAdvisor, the site of the developer that publishes this software is rated green green. Again, we are linking to the same file and get a "yellow" rating???

cw_setup.exe (Chat Watch for Parents)

This is a commercial parental control software that allows parents to monitor chat conversations. McAfee publishes a contradicting report for the same software (the one that we are actually linking to) that analyzes the file as "green". See it here

miro_installer.exe (Miro)

Open-source, non-profit video player and podcast client. It installs the ASK toolbar unless you opt-out. (McAfee appears to have a vested interest in the Yahoo! toolbar.)
Nobody likes these toolbar offerings, that is why we clearly mark programs that offer to install a toolbar and are only accepting a limited range of toolbar sponsored products.

freeyoutubeuploader.exe (Free YouTube Uploader)

This software is no longer listed with us. It was at some point, but we removed it due to the fact that it installed a toolbar, even though the user selected not to. SiteAdvisor could not have known this though, since they claim that the software installs the "Ask" toolbar, which it does not, it installs a "Conduit" toolbar. (The developer has since fixed the installer and it no longer installs the toolbar without authorization, but we have chosen not to relist it.) SiteAdvisor last tested and scanned this file in April 2009, so they are clueless about any of these changes.

According to the SiteAdvisor reports, none of these files were actually scanned or verified in 2010, in fact most of the results are 6 months to a year old.

Toolbar Hypocrisy

McAfee SiteAdvisor appears to be sensitive to most toolbar installations. The Yahoo! toolbar seems to be the only exception, it also happens to be the toolbar that the McAfee SiteAdvisor software installs on your computer, in addition to changing your default search provider to Yahoo!.

Oddly enough, McAfee seems to have missed this fact when they scanned their own site, because the scan results for siteadvisor.com do not mention any toolbar installation at all!

siteadvisor
In fact, the only file that they have listed for their own site is an old version of SiteAdvisor from 2007 (v.2.4.0), which does not install any toolbar, but is also no longer offered from their site.

All recent versions of McAfee SiteAdvisor install a Yahoo! toolbar AND change your browser's search settings (as you can see here), but for some reason these files, bundled with the Yahoo! toolbar, are not included in their scan results.

The only file that McAfee SiteAdvisor has found on their very own siteadvisor.com website is almost 3 years old! McAfee distributes the actual files from sadownload.mcafee.com, but here too, you will only find the old 2.x toolbar-free versions in the scan results.

Does McAfee not possess the technology to properly scan their own sites? We doubt that. They seem to have no problems with finding toolbar bundles from other brands, such as Ask or Google for example, so why are they unable to find the toolbar bundles on their own servers?



Read our adware/toolbar policy.

SiteAdvisor reviewers

The quality of the site advisor reviews can be simply summarized with a few quick statistics.

Currently SiteAdvisor's Top Reviewer is "pharmalert", a rather busy guy who is posting on average 668 reviews a day (a total of 866,234). He is closely followed by "DoughW" with 354 daily reviews (total of 520,208), "Nodus" (476 a day/ 465,694 total) and many others with similar qualifications.

Really? These guys post hundreds of reviews each day, many of them identical texts, posted within minutes of each other. Looks to me like an obvious spam operation that is gaming the system to raise or lower the ratings for certain sites. The scary thing is that SiteAvisor appears to rely on these reviewer responses to change the rating of a site for the better or worse! How a company with credentials in the IT Security sector can even consider such rubbish data as a basis for site quality rankings is beyond me.

To check out the whole gang, visit the SiteAdvisor Reviewer Central

Need a second opinion? Take a look at what Google finds for "SiteAdvisor complaints"

Interesting insight: http://siteadvisorclassaction.com/

Visit SiteAdvisor at http://www.unreliable-outdated-worthless.com



UPDATE: On January 13th 2010, several days after posting this article, McAfee SiteAdvisor has adjusted our status back to "green".

Update: On February 24th, we received an email stating: "We are Pleased to inform you that your site snapfiles.com has got the green rating and is currently reflecting on our website."

UPDATE: On March 7th 2010, McAfee SiteAdvisor has adjusted our status back to "yellow".

UPDATE: On March 17th 2010 (again, several days after re-posting this article) our rating was changed back to "green". Curiously there are no "Download Tests" at all listed for snapfiles.com at the time. Not sure if this is a good sign or if the "enemy is regrouping" and will hit us back with a "red" in a few weeks, or maybe they truly recognized the flaws in their system? All I know is that we did not (and will not) remove the files that they considered to be "harmful". I guess as long as we won't tick off "pharmalert", we might be alright :-)

UPDATE: March 20th 2011 - Back to red. This time because McAfee found a security software, designed to test and verify the effectiveness of anti-keylogger products and issued us a red flag because of it... Although perfectly harmless (and clearly a false positive), since the author discontinued the product, we decided to remove the listing and requested an immediate correction from SiteAvisor.

UPDATE: April 19th 2011 - Despite our third request for correction, still no response or action from McAfee/SiteAdvisor.