SiteAdvisor review: SiteAdvisor

SiteAdvisor began as a standalone company, and was purchased in early 2006 by veteran security vendor McAfee. Bundled within McAfee Internet Security Suite 2007, SiteAdvisor is also available as a free download for Firefox and Internet Explorer, and as a paid service, SiteAdvisor Plus, for $20 ($40 for three users), but is available for Internet Explorer only. Using an algorithm that weighs a number of different criteria, from the number of spam e-mails generated after registering with the site, the number of downloads associated with the site, and, finally, the ratings of various links embedded within the site, SiteAdvisor makes a determination whether a site is safe to visit or not. As you search or visit a Web site, SiteAdvisor queries its database and returns its results as colored icons on a search page, a colored button on your browser, or blocked Web site access. In theory, this is an effective means to warn users regarding bogus sites; however, SiteAdvisor sometimes gave legitimate sites that have been defaced by cross-site scripting attacks clean bills of health; perhaps they were fine when SiteAdvisor first evaluated them, but these sites have since taken on hacker-introduced malware. On the other hand, SiteAdvisor consistently and accurately warned us appropriately for each of the test phishing sites we chose.

We downloaded and installed SiteAdvisor Plus from the McAfee site, but we had some minor trouble. For example, if you have Firefox running the free SiteAdvisor on the same machine that has Internet Explorer running the paid SiteAdvisor Plus, we found the free version gave inconsistent results. The fact that two editions of SiteAdvisor can't coexist on the same machine struck us as odd. We also found that if you use the native browser within AOL or other branded browsers supplied by subscription services, you will need to open a separate instance of Internet Explorer to see the SiteAdvisor ratings. Other than that, we found SiteAdvisor played well with other antiphishing tools tested, including Linkscanner Pro, the Netcraft toolbar, and the native antiphishing tools within Firefox 2 and Internet Explorer 7. SiteAdvisor does not work with Opera. Because SiteAdvisor blocks access to a suspicious site, it often competed with Internet Explorer 7's own antiphishing protection, which is notoriously slow; in order to compare results, we had to disable SiteAdvisor to let IE7 process a page.

SiteAdvisor Plus has one configuration option, to turn on Protected Mode or not. Protected Mode is a password-enabled feature that automatically blocks access to dangerous sites. McAfee says this feature is designed for multiuser Windows systems--for example, parents blocking dangerous sites for minors--but we'd rather see SiteAdvisor block only the dangerous components on a site rather than block full access to the sites themselves. Should you ever want to remove SiteAdvisor, we found the uninstall process to be quick and clean. After restarting each test browser, we found all traces of SiteAdvisor were removed.

Unlike the Netcraft toolbar, which detects only suspected phishing sites as you access them, SiteAdvisor and Linkscanner Pro both display their safety ratings over your current Google or Yahoo search result page. SiteAdvisor does not work with Microsoft Live.com results. SiteAdvisor Plus also alerts you to suspicious links within e-mail and IM chats, a feature that none of the other secure browsing tools provided. But the heuristics within SiteAdvisor appeared to be off during our tests, a fact confirmed by McAfee. Thus, sites previously rated as clean but that have since been defaced still came up clean.

One defaced Web site, a Massachusetts-based restaurant Web site, is infected with a malicious Trojan. By viewing the source code of the page, we can see the hacker-added iFrame script at the very bottom; in this case the code calls out to a site in Korea known to host malicious code. SiteAdvisor rated the restaurant's site as green, or clean. Another example is a sex site hosted in a foreign country; it hosts--either deliberately or not--a malicious WMF file. With SiteAdvisor (both the paid and free editions) we were able to access both sites, and we were also prompted whether or not we wanted to install the tainted WMF file. Neither the Netcraft toolbar nor the antiphishing protection within Firefox 2 or Internet Explorer 7 blocked our access to these two sites. Only Linkscanner Pro flagged us, allowing us access to the sites after it had stripped out the malicious content.

But Linkscanner Pro failed to identify most of the suspected phishing sites we visited; here's where the premium SiteAdvisor Plus truly shines. Using 10 sites recently reported to a reputable, independent phish-tracking site, we found that the premium SiteAdvisor Plus identified and blocked access to all 10 sites, tied with the free Netcraft toolbar. Next-best tools were Linkscanner Pro and Firefox 2, each identifying or blocking access to 7 suspected phishing sites; these were followed by Internet Explorer 7 with an abysmal 5. The free edition of McAfee SiteAdvisor gave us inconsistent results over the five days we tested it and was not ranked. In general, we found that IE 7 (at the bottom of our results pile) consistently failed to catch phishing sites less than 1 hour old, although IE 7 caught all phishing sites known for at least 1 hour or more. Most phishing sites are removed after their initial 72 hours.

McAfee doesn't include a tutorial for using SiteAdvisor Plus. What McAfee does provide is a contextual knowledge base, asking you a series of questions. There is also an FAQ on the SiteAdvisor site, although it could be much more thorough. Should the knowledge base or FAQ fail to answer your question, you're taken to another window where a remote scan will attempt to diagnose what is wrong. If none of these solutions work, you're given more options, including online chat, user forums, and e-mail.

SiteAdvisor Plus includes the ability to report suspicious links within IM and e-mail and can automatically block access to flagged sites. However, SiteAdvisor Plus lacks additional configuration options and doesn't work with Firefox or Opera, or with branded browsers from AOL and other services. In addition, the paid version on Internet Explorer appears to conflict with the free version installed on Firefox. Overall, we experienced greater flexibility and fewer hassles when using the free Netcraft toolbar, and we also liked the proactive nature of Linkscanner Pro better.