ScanAlert Is A Scam. Here's How To Really Secure Your Site
McAfee recently acquired a company that offers to secure your website by scanning it for vulnerabilities everyday. They claim to do a set number of tests on your website to check for failures.
They give you a logo to put on your site that reads HackerSafe. Apparently putting that logo on your website will increase conversions by 14%. The whole setup costs $100 a month. Since they use the word "scan" (as against audit) I am guessing the security tests run automatically. Also, on computers where McAfee antivirus is installed, the Google and Yahoo search result for your website will bare the McAfee Secure logo, which I am assuming is supposed to give you some preference in the search results.
Here's the truth: - websites that have that HackerSafe logo are not really safe from hackers. DO NOT live with the satisfaction that you are safe. While it is true that conversions improve, it varies from website to website. It will mostly not be as high as 14%. In fact 14% is a humongous figure for a single logo. If you're very lucky you will see a 1% increase in conversions. I have personally seen a case study on the conversions of a shopping cart before and after the logo was placed and the increase was very marginal - about 0.5% - not worth spending $100 a month on.
If you do want the extra conversions you are better off hiring a web designer to create a "Safe From Hacking" or "Hacker Safe" logo and splash them on your website everywhere. You can create one yourself in MS Paint/GIMP if you want to.
Number Of Possible Vulnerabilities Are Enormous
The number of possible vulnerabilities that a website can have are enormous. Firstly, I'd say there are two types of vulnerabilities.
1. Web Server Vulnerability
2. Web Application Vulnerability
Web server vulnerabilities are in the components of the operating system. These vulnerabilities are fixed by applying the appropriate patch provided you took a decent hosting company like midPhase or Namecheap. That doesn't rule out the possibility of vulnerabilities at all. The source code for virtually every linux software is out in the open it is just a matter of time before someone finds a vulnerability (and not share with others) and use it to bring down others' servers. Most good web hosts update the server software regularly and apply the latest security upgrades.
Web application vulnerability is occurs in the actual code that runs inside your web server. This is the PHP/ASP/JSP files that run in your server. If your site is run by a content management system, make sure you upgrade the software every time a new version is released as a result of security vulnerabilities. Unfortunately, older versions of a content management system can be detected by its behavior and the very user interface (and code) it presents to the visitors.This type of vulnerabilities form the majority of security threats. Most websites responds differently after a security vulnerability has been exploited. If you are running a custom content management system with a specially made template then the resulting code will be different.
To secure a website you have to think like a hacker. You should observe your web application as a hacker and should intuitively figure out what kind of attack should be performed to make the system break down. That's an art and science in itself. We still don't have technology that "thinks" so this is not possible to be performed by a automated program that scans your website everyday.
You have to hire some experienced web programmer (or someone from the dark site of the force) to detect vulnerabilities in your website. I remember seeing these services being available at Guru.com.
In any case, it takes a real life human being to figure out the vulnerabilities to the scale that ScanAlert is promising to give you for $100 a month.
The website is purposely ambiguous and unclear and doesn't divulge any technical information on how exactly they do it. Think of the website as a well dressed sales man out to sell snake oil. Those people have to be shot for scamming so many people.
Stay Away From McAfee ScanAlert. There are numerous other threads on ScanAlert being a scam and how bad they treat customers.
Rip-off Report: Scanalert.com, Scanalert, Hacker Safe Total Rep-off, Beware of Hacker Safe and ScanAlert, they are rude and unfriendly, $100.00 a month rip-off, all they wanted was their money Napa California
ScanAlert.com Hacker Safe a complete rip-off - Topix
Hacker Safe by Scan Alert- Is it worth it?
http://www.atomicmpc.com.au/forums.asp...
http://blog.washingtonpost.com/securityfix/20...
http://forums.volusion.com/showthread.php...
http://www.webmasterworld.com/forum10/2189.ht...
http://getkar.com/more-2398932.html
http://www.webmasterworld.com/forum22/3511.ht...
With Regards,
Raja Sekharan
They give you a logo to put on your site that reads HackerSafe. Apparently putting that logo on your website will increase conversions by 14%. The whole setup costs $100 a month. Since they use the word "scan" (as against audit) I am guessing the security tests run automatically. Also, on computers where McAfee antivirus is installed, the Google and Yahoo search result for your website will bare the McAfee Secure logo, which I am assuming is supposed to give you some preference in the search results.
Here's the truth: - websites that have that HackerSafe logo are not really safe from hackers. DO NOT live with the satisfaction that you are safe. While it is true that conversions improve, it varies from website to website. It will mostly not be as high as 14%. In fact 14% is a humongous figure for a single logo. If you're very lucky you will see a 1% increase in conversions. I have personally seen a case study on the conversions of a shopping cart before and after the logo was placed and the increase was very marginal - about 0.5% - not worth spending $100 a month on.
If you do want the extra conversions you are better off hiring a web designer to create a "Safe From Hacking" or "Hacker Safe" logo and splash them on your website everywhere. You can create one yourself in MS Paint/GIMP if you want to.
Number Of Possible Vulnerabilities Are Enormous
The number of possible vulnerabilities that a website can have are enormous. Firstly, I'd say there are two types of vulnerabilities.
1. Web Server Vulnerability
2. Web Application Vulnerability
Web server vulnerabilities are in the components of the operating system. These vulnerabilities are fixed by applying the appropriate patch provided you took a decent hosting company like midPhase or Namecheap. That doesn't rule out the possibility of vulnerabilities at all. The source code for virtually every linux software is out in the open it is just a matter of time before someone finds a vulnerability (and not share with others) and use it to bring down others' servers. Most good web hosts update the server software regularly and apply the latest security upgrades.
Web application vulnerability is occurs in the actual code that runs inside your web server. This is the PHP/ASP/JSP files that run in your server. If your site is run by a content management system, make sure you upgrade the software every time a new version is released as a result of security vulnerabilities. Unfortunately, older versions of a content management system can be detected by its behavior and the very user interface (and code) it presents to the visitors.This type of vulnerabilities form the majority of security threats. Most websites responds differently after a security vulnerability has been exploited. If you are running a custom content management system with a specially made template then the resulting code will be different.
To secure a website you have to think like a hacker. You should observe your web application as a hacker and should intuitively figure out what kind of attack should be performed to make the system break down. That's an art and science in itself. We still don't have technology that "thinks" so this is not possible to be performed by a automated program that scans your website everyday.
You have to hire some experienced web programmer (or someone from the dark site of the force) to detect vulnerabilities in your website. I remember seeing these services being available at Guru.com.
In any case, it takes a real life human being to figure out the vulnerabilities to the scale that ScanAlert is promising to give you for $100 a month.
The website is purposely ambiguous and unclear and doesn't divulge any technical information on how exactly they do it. Think of the website as a well dressed sales man out to sell snake oil. Those people have to be shot for scamming so many people.
Stay Away From McAfee ScanAlert. There are numerous other threads on ScanAlert being a scam and how bad they treat customers.
Rip-off Report: Scanalert.com, Scanalert, Hacker Safe Total Rep-off, Beware of Hacker Safe and ScanAlert, they are rude and unfriendly, $100.00 a month rip-off, all they wanted was their money Napa California
ScanAlert.com Hacker Safe a complete rip-off - Topix
Hacker Safe by Scan Alert- Is it worth it?
http://www.atomicmpc.com.au/forums.asp...
http://blog.washingtonpost.com/securityfix/20...
http://forums.volusion.com/showthread.php...
http://www.webmasterworld.com/forum10/2189.ht...
http://getkar.com/more-2398932.html
http://www.webmasterworld.com/forum22/3511.ht...
With Regards,
Raja Sekharan
-
Matthew W. Rhodes -
Thanks
Signature>> Get Free E-Mail Notifications When We Release New Done-For-You Reports with Master PLR! <<Get ALL My Most Popular WSOs - All Included FREE For You Inside Work1099!{{ DiscussionBoard.errors[154183].message }} -