Ah, the perennial question. Or at least, a question which is frequently asked (often with accompanying outrage and indignation).


Maybe some of those SiteAdvisor Red flags are indeed false positives, but experience and common sense caution that many if not most of those red flags have been set for a reason. Trying to find out exactly why this or that site has been red-rated often involves a good deal of site-checking and analysis using third-party tools in order to gain an insight into the potential problem : sometimes the old adage about fools rushing in where angels fear to tread definitely applies. Changes to a SiteAdvisor rating will be triggered by TrustedSource, which receives threat information in real-time, and the reason for a rating change may be given : often a very terse explanation which has to be looked for in obscure McAfee documentation.


Still, once the problem has been at least partially identified a site can be loaded into a browser - with suitable protections enabled in the browser - for the source code to be examined and detailed webpage analysis to be carried out.


But why do so many websites change their security rating? For that you have to look at the bigger picture, and here's where McAfee's quarterly Threat Reports sometimes provide a very useful overview. The latest (for 3rd Quarter 2013) has this to say about the process.


Sites going red - Threat Report.PNG


Note that little throwaway comment about "registrations, hosting patterns, and other aspects".  An otherwise clean website registered with a high-risk hosting provider could be suspect; a site registered with certain registrars known to be spammer-friendly would be suspect. There's more to the rating assessment than what's in the site's file system and page code.


Suspicious URLs - Threat Report.PNG




Suspect domains - Threat Report.PNG



Phishing sites and spamming sites are less common, as the figures show. Once again, most of this activity comes from within the United States.


Phishing sites - Threat Report.PNG


Spam URLs - Threat Report.PNG



The entire report is well worth reading, especially the sections at the end on the most dominant botnets and worldwide spam, broken down by country. Read it at http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf


McAfee have produced a TrustedSource Reference Guide which lists all the various categories that are used to classify a website : this is a PDF document which can be downloaded from https://www.trustedsource.org/download/ts_wd_reference_guide.pdf