Chad Perrin: SOB

19 October 2009

I’m a Websense False Positive

Filed under: Geek,Metalog,Profession,Security — apotheon @ 01:42

Earlier today, I received word from a reader that the Websense filtering service is blocking SOB as a “Malicious Web Site”. There is, of course, nothing malicious about the code on this site. Some might consider some of my opinions “malicious”, or at least malevolent, in some ways — I guess. There’s no malware hosted here, though, or anything along those lines. In essence, there just simply isn’t anything to fear here as a security issue that isn’t a problem with millions of other WordPress sites across the Internet (stuff like “spaghetti code” and “PHP” — yuck).

I visited the Websense Contact Us Form (linked here so others can find it — it was an adventure tracking down this form), and sent a message to the Powers that Be at the Websense offices. I explained that I had heard about sob.apotheon.org being blocked as a “Malicious Web Site”, that there’s no malicious code here, et cetera. I asked for any more information about the situation they can provide. I also asked, of course, for the site to be removed from the Websense blacklist for “Malicious Web Sites”. I guess we’ll see how they respond now, if at all.

Of course, if Websense doesn’t handle this in a professional, courteous manner, and help me resolve the problem one way or another, I can probably make some predictions about the future, like The Amazing Kreskin. Given stonewalling, rudeness, the run-around, or any willful misrepresentation, my prediction would be that Websense will receive some extra publicity.

You see, I’m the primary security writer at TechRepublic these days, and false positives in many types of “security” software is a big pet peeve of mine. False positives in communications software, leading to the loss of potentially important communiques from legitimate friends and business partners, can cause more harm than just sifting through the bad to find the good by eye. I’m particularly peeved by false positives when some attempt to communicate of my own, through some communication medium like the Web, is the victim of false positives.

Now . . . with a blacklisting service, I expect there to be occasional errors. In this case, the real acid test will be how they deal with the report of a false positive. If the problem is corrected quickly and professionally, all is well with the world. If not, Websense will deserve any poor publicity it receives as a result.

Obviously, a security writer for TechRepublic is not going to be as big a deal as a technology writer for the New York Times, in the minds of hidebound corporate middle management, but I’m pretty sure that a well-known and respected online resource for IT professionals like TechRepublic won’t fail to touch a few would-be customers of Websense.

I just want to help my readers avoid making a bad decision in their choice of security software and services, after all.

addendum:

I’ve received a response from Websense. The company will, apparently, remove SOB from its filter list at some point in the next day. The problem has been solved.

7 Comments

  1. That’s sort of ironic — let us know how it works out. Part of me hopes they get all nasty on you so you can blast them on ITSEC and get all the geek hordes turned against them.

    Comment by Chip Camden — 19 October 2009 @ 01:49

  2. Heh. Yeah, it could be fun.

    On the other hand, I’d also like people to be able to visit SOB.

    On the gripping hand, SOB could get a flood of traffic when I link to it as the site offended by Websense’s false positive, so it really would be almost pure win for me if they were nasty about it.

    Comment by apotheon — 19 October 2009 @ 01:54

  3. Quick, go blacklist their domain in your spam filter so you can say you never received a response.

    Comment by Chip Camden — 19 October 2009 @ 01:56

  4. Speaking of irony . . .

    . . . but no, I’m afraid that level of hypocrisy is beyond even me.

    Comment by apotheon — 19 October 2009 @ 02:06

  5. My experience with similar sites/services (I inherited a static IP when I got my account that had been previously misused/abused, and I once left relaying wide open on sendmail by mistake…) is that they are surprisingly good about these kinds of things. In a nutshell, it seems like their reasoning is that spammers/phishers/etc. have so many bogus sites, that actually tracking which is banned and filling in the form is unreasonable. Therefore, anyone who fills in the form is legit, by default. At least that’s my guess on their reasoning, since un-banning seems to never require talking to a person. But that’s for spam lists, maybe Websense is different?

    And yes, TechRepublic is a big deal. I will say, that a lot of companies work very, very hard to get their products in front of me, to get me to discuss their events, etc. That’s one reason why I do those “weekly roundups”, to basically act as a “wastegate” for that kind of stuff. I don’t want to lose contacts or ignore the companies in case I ever want to do an article about them, but at the same time, I got tired of writing full length articles highlighting a company or event. So I tread a middle ground and give a little blurb in the roundup, and this keeps us on each other’s radars, so to speak. I look at some of the things I’ve had cooking (a few interviews with some super huge names) lately, and the access that a lot of companies have given me (not just small ones, either), and it is clear that the TechRepublic name doesn’t open doors, it invites folks to come bang on my door.

    If you don’t get reasonable results, I would suggest that you contact their PR person, and be like, “hey, I’m going to do an article about this, and I need to know why a ‘typical user’ experience is this poor.” I don’t like to hit the tech support guys with the TR hammer, because then I don’t get to see what the typical user would get put through.

    J.Ja

    Comment by Justin James — 19 October 2009 @ 02:06

  6. Yeah, I agree with Justin that TR has a lot more clout than it used to. Must be because we three started writing for it regularly, huh?

    Comment by Chip Camden — 19 October 2009 @ 02:14

  7. Justin:

    My experience with similar sites/services . . . is that they are surprisingly good about these kinds of things.

    Mine is slightly less positive, it seems. I had some issues getting a blacklisting service to unblacklist all emails from addresses using one of my domains a few years back. Alas, I didn’t keep track of the name of the service, or I would have written a pretty scathing article about that experience somewhere along the line. I think it’s a “luck of the draw” thing. I guess I’ll see how Websense fits into that spectrum of luck.

    In a nutshell, it seems like their reasoning is that spammers/phishers/etc. have so many bogus sites, that actually tracking which is banned and filling in the form is unreasonable. Therefore, anyone who fills in the form is legit, by default. At least that’s my guess on their reasoning, since un-banning seems to never require talking to a person.

    That seems to be the case with some services — and it’s a terrible policy, because abuse of the system by submitting sites just to screw with them essentially turns the blacklisting service itself into malware. It’s the security filtering equivalent of having an open mail relay.

    And yes, TechRepublic is a big deal. I will say, that a lot of companies work very, very hard to get their products in front of me, to get me to discuss their events, etc.

    I know it’s a pretty big deal — to companies that are willing to accept that content on the Internet is more than a passing fad or a cost sink. There are a lot of companies whose managers simply don’t buy that anything on the Internet can be of any value if it doesn’t have a corresponding print media version, though.

    If you don’t get reasonable results, I would suggest that you contact their PR person, and be like, “hey, I’m going to do an article about this, and I need to know why a ‘typical user’ experience is this poor.”

    I haven’t found a PR contact vector yet, but I certainly do intend to try to get in touch with someone there about it, if possible, before publishing anything. In the meantime, I certainly haven’t mentioned TR in my contact with them. As much as I’d like to see this resolved quickly, I don’t want to miss out on seeing how it’s handled without a direct “threat” of dire publicity.

    Of course, since I talk about my TR writing here from time to time, and you and Sterling both comment here at times, it’s not exactly a secret that I write for TR. As such, there will always be the question of whether they did a little research and found out I might have more Internet clout than some random teenage LiveJournaler or MySpacer.

    Sterling:

    Hah. Yeah, that must be it!

    I know I’ve helped draw some traffic to TR (such as when the Second Life guys cited one of my articles as an explanation for why they went open source with the client application), but of course they probably wouldn’t pay us if we weren’t drawing traffic.

    Comment by apotheon — 19 October 2009 @ 02:20

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

All original content Copyright Chad Perrin: Distributed under the terms of the Open Works License