Yahoo is using McAfee's SiteAdvisor to warn users of harmful Web sites appearing in its search results — but a security researcher warns the technology has a repuation for giving false positives.
The deal, an exclusive for Yahoo, uses McAfee SiteAdvisor technology to label a variety of potentially dangerous Web sites with red warning text and links to McAfee information about what risks the site poses.
The McAfee service flags risky Web sites in Yahoo searches with red warning text for users in the United States, Canada, the United Kingdom, France, Italy, Germany, Australia, New Zealand, and Spain.
Among the triggers for a red warning message are sites that host spyware, adware, or virus-infected downloads; sites that have links to other Web sites with dangerous material; and sites that have a track record of harvesting e-mail addresses later used to send spam, the companies said.
The move, along with related technology at Google and protections now built into browsers such as Internet Explorer and Firefox, spotlights a gradual expansion of the war against computer attacks.
Priyank Garg, director of Yahoo search product management, has high hopes for the Yahoo service, both for user protection and for hobbling attackers who try to exploit network insecurities.
"We expect users will have more confidence when searching on the Web," Garg said.
Curtailing Web attacks, but annoying Web administrators?The Yahoo service could make life significantly harder for those who would attack people's computers, but it also stands to cause some Web administrators a headache by possibly incorrectly labeling them dangerous.
"We see millions of clicks on some of these sites through our search engine today," Yahoo's Garg said. "It is going to have a material impact in distribution of this content."
And the red flag is only the beginning. Through the McAfee technology, Yahoo has already removed an unspecified number of pages from its search results — for example those that attempt to compromise a vulnerable Web browser with a "drive-by download" attack launched simply by visiting a Web site. "We took out the risky sites where we don't want users to hurt themselves," Garg said.
But beyond the deleted entries and warning labels, Yahoo decided against altering search results. "There is an element of informed use," Garg said, likening the move to providing a city map with dangerous neighborhoods labeled as such rather than omitted altogether.
The Yahoo service isn't likely to directly address phishing, in which users are steered toward entering usernames, passwords, or other sensitive information into fake Web sites. "Phishing is less of a concern for the search experience," Garg said. "The Web sites that come up with phishing aren't usually around long enough" to make it into search results, he said.
While the service could improve security for searchers, it will also lead to a new phase in the constant battle between attackers and computer security firms, Forrester's Lambert predicted.
"At the end of the day, people are going to beat the technology," Lambert said. "You can only get so far ahead with security."
However, Web administrators will likely be caught in the crossfire between Yahoo-McAfee and malware distributors, according to Sunbelt security researcher, Alex Eckelberry, who said on the company's blog that SiteAdvisor has a track record of delivering false positives because it operates on allegations of malicious activity rather than proven occurrences.
"The major issue I see is false positives, which SiteAdvisor has had problems with in the past, and will put both companies squarely in the sights of upset Web masters. The StopBadware initiative(arguably Google's only similar offering) battles with upset Web masters on a regular basis, and they have a false positive rate that is arguably non-existent because their warnings are only based on real malware being on a website, not allegations of spam."
However, Allan Bell, marketing director for McAfee's Asia Pacific operations told ZDNet.com.au that Eckelberry misunderstands how SiteAdvisor works. A unique e-mail address is generated for each Web site it monitors, in order for McAfee to track e-mails or spam being generated by that Web site — not just allegations of spam.
Web site owners who believe their sites have been incorrectly labeled malicious are able to have their site re-scanned, said Bell, but he was unable to say how long that process would take.
ZDNet.com.au's Liam Tung contributed to this report.
