Last week a big mess broke out at Auctiva, an EBay sellers' tools site.
From what I can tell it went down like this. Auctiva servers get infected. Google and Firefox malware protection reports Auctiva as an attack site. Users freak out. Auctiva tells users it cleaned up the problem. Users report back that Firefox and Google don't agree and still report Auctiva as an attack site. Auctiva tells users to disable Firefox malware protection!!!. Some users bypass Firefox warnings by disabling malware protection or visiting Auctiva with unprotected browsers. Auctiva shuts down site saying the problem isn't yet fully contained.
Maybe I don't have this completely right (please let me know if you know more) but if this accounting is accurate, Auctiva deserves to go out of business.
There is no excuse for a Web site telling its users to bypass or disable core security functions of the browser. None. Ever.
I don't care how confident you are about your own set-up, telling users to disable safety features that apply not just to your site but to all Web sites is completely unacceptable.
I know that if I was putting my money or my private information into a site that advised bypassing browser security measures, I'd cancel that account immediately and never go back. Not only that, I'd tell all my friends, colleagues, and just about anyone that would listen to never do business with them.
There is just no place for that kind of irresponsibility when it comes to user safety and security.
