It was noticed a while back that their SiteAdvisor site lists project2025 with a red warning due to having Triton listed for download.
http://www.siteadvisor.com/sites/project2025.com
I thought I'd politely ask why.
| Rhino |
| 11th Jan 2009, 13:45 |
The 'warning' on this site (project2025.com) relates to Triton. Triton is a tool designed for use by webmasters and security analysts to probe a website looking for vulnerable scripts. You may enter a list of sites and paths and it will rotate through those looking for the keywords you have specified.
The only connections it makes are the ones you explicitly ask it to. There are no adware/spyware/backdoors/trojans - a fact that can easily be verified by running a network sniffer to verify the connections it makes.
Quite why McAfee have classed this as "generic trojan" is somewhat baffling. It's no different in operation to other security audit tools such as nmap or nessus - which appear to have been given a clear rating. |
|
| McAfee SiteAdvisor Support |
| 11th Jan 2009, 13:47 |
Dear valued user,
Thank you for your submission. Your involvement in our product is highly valued and helps us to better serve you.
If your message is regarding a customer service issue, or an issue with McAfee software that is not SiteAdvisor, please contact the McAfee support team. We want you to get the assistance you need as quickly and easily as possible.
To obtain McAfee support, please visit http://service.mcafee.com.
If you are using a McAfee consumer (home and home office) software product, you can call our Consumer Customer Service department at 1.866.622.3911 for assistance. If you are using a McAfee corporate product and you have a grant number, you can call our Corporate Customer Care department at 1.800.338.8754.
Sincerely,
The McAfee SiteAdvisor Team |
Only an automated response, but at least it was quick ... and hey, I'm a valued user so it's not all bad ;)
|
| McAfee SiteAdvisor Support (Andrew) |
| 13th Jan 2009, 17:30 |
Hello,
Thank you for contacting us and your interest in SiteAdvisor.
SiteAdvisor engineers will look into your issue, and will issue a change if it is deemed appropriate.
Thank you for your patience during this process.
Sincerely,
Andrew
Customer Support
McAfee SiteAdvisor |
Again, only two days wait - so not so bad. At least Andrew's looking at it now. Let's see how he goes
|
| Rhino |
| 29th Jan 2009, 19:28 |
Hi Andrew,
Could you please give me an update on how you're progressing with this matter?
Many thanks. |
Hadn't heard back after a couple of weeks .... so just a polite prod
|
| Rhino |
8th Feb 2009, 11:19
17th Feb 2009, 00:51
19th Feb 2009, 15:05 |
Hi Andrew,
Could you please give me an update on how you're progressing with this matter?
Many thanks. |
Andrew ... Andrew ... Where have you been? .... was it something I said? :(
|
| McAfee SiteAdvisor Support (Andrew) |
| 24th March 2009, 16:50 |
Hello,
Many other antivirus programs agree with McAfee's flagging of this file as potentially dangerous. Please see:
http://www.virustotal.com/analisis/562063bbf3894bc2bea295b23f1a8574
Sincerely,
Andrew
Customer Support
McAfee SiteAdvisor |
Andrew's back!!!! ... oh I'd been so worried :)
|
| Rhino |
| 24th March 2009, 19:18 |
Andrew ... thanks for the reply. I hope you've been ok, it seems like a while since we last talked.
Thanks for the site - I notice that this is the same site that lists JTR as a trojan
http://www.virustotal.com/analisis/b29359d47189686f4ec3cf0e591197e8
Virus.Win32.Trojan!IK
Trojan.Agent.IRC
TrojWare.Win32.HackTool.John.NAA
Virus.Win32.Trojan
Trojan.Win32.Malware.1
etc.
whereas you yourself list it as an application with a green tick (PWCrack-JohnTheRippr)
http://www.siteadvisor.com/sites/openwall.com
I'm glad that this shows that you don't just blindly copy scan results from other programs, but it does pose the question of how much testing you actually did yourselves to mark Triton (and the site) red?
Can you please let me know whether you did just copy the results, or failing that which parts of the program caused you to label it as a trojan as none of the usual suspects are there?
System information gathering.
Unwanted (unsolicited) calls 'back home' without the users express permission.
System modification
Adware/Spyware/Malware
As none of these are in Triton, what was found in your own independent tests?
BTW, if you can give me some rough timescale as to when you think you'll be able to answer it'll save me sending a few follow-up emails to check you haven't fallen off the planet again.
Thanks again. |
As expected .... this message disappeared into the void for a good couple of weeks - so another little prod.
|
| Rhino |
| 7th April 2009, 10:55 |
Hi Andrew,
Have you had any chance to look into whether you actually do any testing for yourselves? I've listed several examples below for you to help progress your investigation.
Obviously as a concerned net-citizen I'd like to make AV products as accurate as possible. I would think that from a development point of view that's the same sort of thing you'd want from McAfee products?
Your aim is for your products to report accurately I take it?
Many thanks.
{forwarded message from above} |
Going on the normal timescales, I'll probably have the next update around May/June time .... but I'll keep you posted :)
|
