McAfee Site Advisor Red-Flagging Ebscohost

McAfee Site Advisor is red-flagging ebsco.com and ebscohost.com. Something to do with detecting malware. Does anybody know what that is about? Ebsco’s response so far is that they are “working to resolve it.” No explanation forthcoming and no denial. I’m concerned and wondering what they are putting onto our computers, however it ends up being classified.

8 comments on “McAfee Site Advisor Red-Flagging Ebscohost

  1. We recently ran into McAfee blocking urls with .lib.co.us (which many Colorado libraries had as the end to their URL’s). The libraries had to work with McAfee to fix it. I am ssuming that is what EBSCO is working on.

  2. We had the same problem. According to McAfee it wasn’t that there was malware on Ebsco servers, but rather that ebsco.com contained links to other sites that had malware. This is obviously a poor standard, because containing links to other sites is the whole point of the Web. You can perform any number of Google searches and get links to malware sites in your results. Will Google be blocked? And if the problem lies not on Ebsco’s servers, but on linked sites, why doesn’t McAfee simply block those linked sites?
    Anyone purchasing and using these McAfee products needs to understand that they are outsourcing censorship decisions to a company whose business model has nothing to do with academic research or student service. Typically these types of turnkey “solutions” are paid for and implemented by IT departments with little input, insight, or oversight, from the users, professors, and librarians who will be dealing with the consequences of the censorship. The tool becomes a black box which depends on the assumption that McAfee Inc., is making its censorship decisions based solely on the needs of your individual institution.

  3. I hear what you are saying, but I am not convinced. In this case, the warning message did state that ebsco.com was linking to a site that contained malware, but identified that site as ebscohost.com.

  4. At any rate, this morning it seems to be cleared up. McAfee Site Advisor is green flagging Ebsco.

    I appreciate having a system that detects malware and notifies me when a site is carrying it. Since malware is not illegal, I do not assume that websites of legitimate businesses (like Ebsco) are free from it. Therefore I have no problem in principle with McAfee red-flagging an academic resource for that reason. However, I would like the system to be more transparent. At this point, I do not know exactly why McAfee ref-flagged Ebsco or what happened to clear it up. It is possible that McAfee’s system wrongly identified Ebsco as a risk, but it is also possible that McAfee itself is not as clean as we like, in terms of its criteria-setting and relationships to other companies.

  5. What I was told was that ebscohost.com itself was clean but was blocked because it contained links to other domains which were known to have malware. In that case, why not just block those other domains? It is very difficult to get from an Ebsco results list to a non-Ebsco site, except by the bookmarks feature. I would guess one or more of the 200+ social-networking sites on that list could have been the trigger.
    You are of course correct that any site is vulnerable — there is no reason to assume that http://www.loc.gov could never be a malware source. Depending on your IT department, you may be able to get a quick and satisfactory response any time there is a false-positive block as there seems to have been in this case. Other libraries may have more difficulty getting their network admins to investigate and resolve the issue promptly; meanwhile, patrons are unable to access an important resource.

  6. I should clarify that this has nothing to do with filtering. I am using a Firefox plugin called Site Advisor that warns me when a site has been found to have malware or links to sites with malware. (It’s logical to notify me if they site has links to a site with malware, because simply clicking on the link would result in being infected.)

    Regarding trusting loc.gov, personally, I would trust loc.gov or other non-commercial sites, because I do think it is highly unlikely that they would use malware as a revenue stream the way many commercial sites do. I also think it’s fairly unlikely that a vendor to libraries would use malware as a revenue stream either, but a revenue stream is a revenue stream, and for-profit businesses tend to have an “if it’s legal, do it” attitude to these kinds of things generally.

  7. Ah, that’s an important distinction.
    I am dealing with an enterprise-wide deployment of McAfee site advisor as one component of our security management system. In other words, the software is installed to every machine at our institution and enforced centrally. Therefore, when the software is triggered to block a website, all students, professors, librarians, and community patrons using our network are blocked from that site.
    The lack of commercial profit motive would not cause me to assume a government website is any more safe than Ebsco, UMI/Proquest, LexisNexis, and other subscription-based information providers.Malware comes in many forms. Sometimes it is the result of a purposeful revenue-generating strategy by a website working from one of the many malware toolkits. But those cases tend to be sites already at the fringe of legality or social responsibility – gambling, gaming, warez, porn, copyright-infringing P2P services, and so on. Such sites have little concern for brand consciousness or customer relations, as their business tends to be centered on tens of thousands of small individual transactions at various levels of quality and anonymity. At other times the malware isn’t on the host server, but rather is coming through third-party context ads served up from elsewhere. A large, established corporation such as Ebsco, on the other hand, gets business chiefly because of its standardized QOS and brand name recognition among Library professionals. If EBSCO were known to infect its subscribers’ networks with malware (opening up potential FERPA or HIPAA liability), their profits would plummet as institutions everywhere broke or chose not to renew their subscription contracts.
    Sometimes malware distribution is an infection of an otherwise legitimate webserver. This can result from many different accidental or negligent computing/security practices by individuals employed by those sites (or the parent company managing the server). This kind of infection is only as predictable as human nature. My experience hasn’t indicated that public sector employees are any more mindful of safer computing practices than corporate staffs. In fact, a recent report from TrendMicro states that educational institutions represent the majority of malware infections, with government institutions coming in second place. The best mantra is always “If you must, trust; but also verify”.

Comments are closed.