cancel
Showing results for 
Search instead for 
Did you mean: 

Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

Hello all,

I've been looking for a good security tool to help with search results, and I've been using WOT and Webutation, but I really wanted something with a backing of a company like McAfee, so I installed SiteAdvisor to give it a try.  After enabling SiteAdvisor all webpages that normally would be 100% secured while visiting them by HTTPS now tell me there are insecure resources included that can be read by a third party, and the padlock in the address bar is showing the yellow triangle.  It's happening on all secure sites I visit.  I disabled SiteAdvisor, and tried the page again, and it went back to 100% secure.  My question is why is SiteAdvisor causing them to be insecure?  I figure because McAfee is checking the sites, and then displaying the color coded rating, but I'm not sure if that is correct because when I was using WOT (which also shows their icon next to the results), the sites stayed 100% secure.  I hope this makes sense, and I'm just paranoid, but if someone could answer this question I will feel much better about the safety and security of the sites I visit while using SiteAdvisor.  I have attached a screen shot of SiteAdvisor enabled, and disabled on the same site.

Message was edited by: bobbyphoenix  Reason: Removed duplicate screen shot. on 4/28/13 7:48:07 PM CDT

Message was edited by: bobbyphoenix on 4/28/13 7:58:05 PM CDT
1 Solution

Accepted Solutions
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 7 of 9

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

Agreed. As I said, it's not necessarily something to worry about. The main problem, from my point of view, is that if you have a warning of insecure content which you learn to ignore, that potentially leaves you open to a more serious compromise. Every security warning should be investigated, just in case.

We talked about this last night and the SA team have been brought in. The main driver here is the embarrassment factor. I mean, SiteAdvisor shouldn't break website security - even in a minor way -and that's that. So it'll get fixed.

The whole issue of external content on secure websites is something that site developers fret about. They're not too happy about it.

"the problem is that you are relying on an external source for content within your SSL protected website, that's a security breach right there".

View solution in original post

8 Replies
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 2 of 9

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

I replicated this issue by the simple process of going to "https://www.google.co.uk" (there's an automatic redirection to the local site from google.com) and opening a Javascript console to examine the page elements and the error log.

The insecure content is a single Gif image, as you can see below. These images are frequently stored in several different places and not all of them may be transmitted using SSL. We see it on this site too, although not very often now (there was a push to consolidate everything on servers using a secure connection).

Chrome insecure SA content.JPG

This problem has been noted elsewhere (see below). It's easy to fix, as far as I know (but low priority, so it may not be looked at for a long time).

https://easydigitaldownloads.com/support/topic/more-problem-found-on-social-discount-plugin/

http://premium.wpmudev.org/forums/topic/insecure-content-error-in-the-facebook-like-iframe

http://www.webpronews.com/google-image-search-changes-have-not-been-kind-to-webmasters-2013-04   (Comments, April 17)

http://www.coffeecup.com/forums/website-design-and-development/import-of-facebook-button-onto-webpag...

Message was edited by: Hayton on 29/04/13 04:30:08 IST

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

Thank you for the quick reply.  So really it has nothing to do with any information I'm searching for or using, and I have nothing to worry about?  It's a server side issue of not using everything via SSL as far as general non-critical information goes, and not a security issue for me.  That's what I understand from your explanation.  I'm only confirming my understanding because I see it on every site I go to using HTTPS.  Even my email, so I don't want to just think that's what you are saying, and someone could get my info if I'm thinking wrong.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 4 of 9

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

Nothing much to worry about. It's a minor problem, and easy enough to fix, the only difficulty will be persuading the SA people not to give it an ultra-low-priority rating on the Fix List. It does (in theory at least) compromise the security of a webpage to have content feed in over an unencrypted connection, although it rather depends what that content is. Some cases are more worrying than others.

I was assuming the gif in question was the SiteAdvisor icon in the address bar, but perhaps not. I don't know for sure because it doesn't display (natch). I'll try later with SA disabled and see if I can get a snapshot of it in the console.

Edit : .... or rather, I won't because if SA is disabled the gif won't be downloaded. I've found the code responsible for calling for it and it's a long section of dense javascript. I'll raise this in the next conderence call.

Message was edited by: Hayton on 29/04/13 05:11:55 IST

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

Thank you again.  So the GIF is from SA, but nothing to worry about.  Your "(In theory at least)" kind of has me worried, but I don't go to shady sites (At least not by choice. That's why I want to use SA), so I don't think I will worry too much.  I do like SA, so I will keep using it.  I'm going to leave this as unanswered because you said you will bring it up in the next conf call, so once that's over please let me know what will be done (If anything), and then I can mark this thread as answered.

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

Just adding to the knowledge database I'm building for myself, and thougth others may be looking for an answer too.  I was looking into the Chrome consol along with doing some researching on how Google displays different padlocks for each level of security.  According to Google the padlock with the yellow triangle icon is just a general warning that there is insecure content mixed with secure content, but the insecure content is not a security risk.

Here is a link to Google's resources on website settings and security warnings:

http://support.google.com/chrome/bin/answer.py?hl=en&answer=95617&topic=14666&ctx=topic

Here is a visual to better understand what I'm saying:

padlock.JPG

Message was edited by: bobbyphoenix  Reason: Added Google support link. on 4/30/13 1:43:04 PM CDT
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 7 of 9

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

Agreed. As I said, it's not necessarily something to worry about. The main problem, from my point of view, is that if you have a warning of insecure content which you learn to ignore, that potentially leaves you open to a more serious compromise. Every security warning should be investigated, just in case.

We talked about this last night and the SA team have been brought in. The main driver here is the embarrassment factor. I mean, SiteAdvisor shouldn't break website security - even in a minor way -and that's that. So it'll get fixed.

The whole issue of external content on secure websites is something that site developers fret about. They're not too happy about it.

"the problem is that you are relying on an external source for content within your SSL protected website, that's a security breach right there".

View solution in original post

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

Thank you for your help.

Re: Enabling SiteAdvisor lowers security on webpages.(?)

Jump to solution

I just wanted to follow up with this issue.  I'm not sure when exactly it was fixed, but now all HTTPS sites are secure.  Thanks again for the quick help and resolution.

Message was edited by: bobbyphoenix on 5/9/13 9:55:33 AM CDT

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community