Thursday, August 31, 2006

SiteAdvisor Wrongly Lists Tomcoyote.org As Bad Website

Some one let me know that McAfee's SiteAdvisor had listed antispyware web site Tomcoyote.org as a red site. That means people should avoid it, except that SiteAdvisor is wrong. From what I can see from the SiteAdvisor results, the robot that looks at websites followed some links in a Hijackthis log that someone posted. People regularly post these logs to have the experts at Tom Coyote get rid of spyware on their computer. Hijackthis will show good and bad things on people's computers. This helps the experts get rid of the spyware, since they can see what is wrong. Too bad the SiteAdvisor robot couldn't tell the difference.

This does bring up a point about the way SiteAdvisor looks at web sites. The bad links that were found were posted on the Tom Coyote message board. Anyone can post there and put any link they want. If it is a bad link, the moderators will remove it, but sometimes they slip through. I think that the McAfee robot should have noticed that the links to the downloads weren't actually hosted on Tom Coyote. They were on other sites on the Internet. There are many forums and message boards on the Internet where this could hapen. Someone posts a bad link and before it gets deleted, the robot sees it and lists the site as bad. Looking at the SiteAdvisor report, there were only two bad downloads and both were links. When spammers post on message boards, they usually post several times. So it looks like this could happen to any site on the Internet that allows people to post.

Earlier this month, we posted about how SiteAdvisor has given a green rating to porn sites. The purpose of SiteAdvisor is to give warnings about spyware and other badware on a web site. It's not to judge the site on the content. I find it ironic that sites that many people would gladly mark as red because of porn are greenlighted, but a clean family site like Tom Coyote gets a red rating because of some links to something not even on the site.

Edit to update: Looks like Bluetack, another good security site got wronly listed as well.

Another update: Quite a few sites got listed as well. Ad Aware's support forum, Cexx, Spamhuntress, a good php site called Puremango.

There has been a post on Tomcoyote.org and Bluetack saying the site has been reviewed and will be returned to green in the next few weeks. Let's hope it will be sooner than that.

4 comments:

Tom said...

Hi everyone, this is Tom from SiteAdvisor engineering. We just released a big new set of data with much better detection of adware/virus downloads. However, we also marked a lot of great security sites red accidentally. What happened is that as we expanded our crawling capacity to check more and more pages on sites, we ended up crawling forums. Naturally, a lot of forums have links to bad sites or bad downloads.

Unfortunately, we didn’t catch this before the data went live…the good news is that these results were only public for about 24 hours before we fixed them. Thanks to everyone who logged on to siteadvisor.com and left reviewer feedback—this was an important way for us to realize that something was wrong.

We’ve done a couple of things to make sure this doesn’t happen again:

1) we’ve taught our crawlers what forums look like and we ignore anything we find in them

2) we’ve added all of the security sites that we had these false-positives on to our QA regression tests to make sure they don’t accidentally go red again

3) we’re teaching our scoring systems that security sites are allowed to link to bad sites or to bad downloads without making the security site itself a bad site

Anyway, thanks for using SiteAdvisor and sorry for the trouble,

Tom

Nick said...

Thanks for posting Tom. It's good to see that Siteadvisor took user feedback and acted on this quickly.

Anonymous said...

hi - thanks for calling me a "good php site" :-)
-u24/puremango.co.uk

Feral Pundit said...

Site Advisor will not do anything to fix their screwups unless they have to. My new domain was flagged yellow as possibly advertising in junk emails, and spammyness of emails received. We never advertise in any emails and we DO NOT collect any reader emails nor is there anyplace for a reader to enter their email...so what the heck is siteadvisor saying? They will not respond to any of my emails or comments. Feralpundit.com

Sitemeter