Chad Perrin: SOB

19 October 2009

I’m a Websense False Positive

Filed under: Geek,Metalog,Profession,Security — apotheon @ 01:42

Earlier today, I received word from a reader that the Websense filtering service is blocking SOB as a “Malicious Web Site”. There is, of course, nothing malicious about the code on this site. Some might consider some of my opinions “malicious”, or at least malevolent, in some ways — I guess. There’s no malware hosted here, though, or anything along those lines. In essence, there just simply isn’t anything to fear here as a security issue that isn’t a problem with millions of other WordPress sites across the Internet (stuff like “spaghetti code” and “PHP” — yuck).

I visited the Websense Contact Us Form (linked here so others can find it — it was an adventure tracking down this form), and sent a message to the Powers that Be at the Websense offices. I explained that I had heard about sob.apotheon.org being blocked as a “Malicious Web Site”, that there’s no malicious code here, et cetera. I asked for any more information about the situation they can provide. I also asked, of course, for the site to be removed from the Websense blacklist for “Malicious Web Sites”. I guess we’ll see how they respond now, if at all.

Of course, if Websense doesn’t handle this in a professional, courteous manner, and help me resolve the problem one way or another, I can probably make some predictions about the future, like The Amazing Kreskin. Given stonewalling, rudeness, the run-around, or any willful misrepresentation, my prediction would be that Websense will receive some extra publicity.

You see, I’m the primary security writer at TechRepublic these days, and false positives in many types of “security” software is a big pet peeve of mine. False positives in communications software, leading to the loss of potentially important communiques from legitimate friends and business partners, can cause more harm than just sifting through the bad to find the good by eye. I’m particularly peeved by false positives when some attempt to communicate of my own, through some communication medium like the Web, is the victim of false positives.

Now . . . with a blacklisting service, I expect there to be occasional errors. In this case, the real acid test will be how they deal with the report of a false positive. If the problem is corrected quickly and professionally, all is well with the world. If not, Websense will deserve any poor publicity it receives as a result.

Obviously, a security writer for TechRepublic is not going to be as big a deal as a technology writer for the New York Times, in the minds of hidebound corporate middle management, but I’m pretty sure that a well-known and respected online resource for IT professionals like TechRepublic won’t fail to touch a few would-be customers of Websense.

I just want to help my readers avoid making a bad decision in their choice of security software and services, after all.

addendum:

I’ve received a response from Websense. The company will, apparently, remove SOB from its filter list at some point in the next day. The problem has been solved.

All original content Copyright Chad Perrin: Distributed under the terms of the Open Works License