I got a testy e-mail from Shane Keats of McAfee asking us to remove SiteAdvisor from the study, based on his claim that SiteAdvisor isn’t an anti-phishing toolbar. I wrote a detailed response, in private e-mail, and was prepared to leave it at that.
However, Mr. Keats cried “foul” to InfoWorld and on the IE blog, saying that including SiteAdvisor is “silly and wrong. We don’t claim, anywhere, to offer phishing protection. In fact, we’re pretty explicit that we don’t.”
I’ll admit to sometimes being silly, and I’ve certainly been wrong before, but I think in this case it’s fair to include SiteAdvisor. Here’s why:
- The SiteAdvisor.com home page contains this text: “McAfee SiteAdvisor also complements and enhances your existing security software by detecting threats which traditional security products often miss, including spyware attacks, online scams, and sites that spam you”. I think a reasonable person would likely interpret the reference to “online scams” as including phish.
- Question 2 of the SiteAdvisor FAQ page says “SiteAdvisor is a consumer software company dedicated to protecting Internet users from all kinds of Web-based security threats and annoyances including spyware, adware, unwanted software, spam, phishing, pop-ups, online fraud, and identity theft.” This definitely seems to represent SiteAdvisor as an anti-phishing tool.
- Mr. Keats included a partial quote from this support article: “SiteAdvisor’s software does not currently provide automated or real-time phishing detection”. However, the full text of this article explicitly says that user reports of phish sites are reported by SiteAdvisor. In our report, we didn’t distinguish between tools that use automated reporting and those, like SiteAdvisor, that can incorporate user-generated reports.
- On August 3rd, I spoke via phone with both Craig Kenwec of McAfee and Scott Van Sickle of Global Fluency, a PR agency that handles client-security PR for McAfee. Both of them told me that SiteAdvisor incorporates anti-phishing functionality.