Friday, December 27, 2013

Webroot URL classification downgrades many "reputable" smaller sites to orange

I have noticed that the Webroot URL Classification displayed by Firefox on search engine results often rates many sites that appear reputable as “orange” (caution) with a “confidence” of “0” and a score of “40”.  Some of these sites it will warn as more likely than normal to have malware if you go to them, but not all. 

The sites are often smaller sites of individuals or smaller organizations or political action groups. 

My own “billboushka.com”, on a Unix server, which supplements “doaskdotell.com”, on a Windows server, gets an orange (the “doaskdotell” gets a green and a check).  I don’t know what Webroot finds wrong.  But I do have Wordpress, in an older version, with a login screen that I think might benefit from more security.  I also have MySQL, were I have played with my “opposing viewpoints” idea (IT blog, Sept. 11, 2012), which I don’t attend to very often.  Maybe that is seen as a weakness (for injection attaks?)   My “doaskdotell” is misclassified as “real estate” it sells political commentary and books (mostly through third parties). 
  
Webroot explains its Classification intelligence system here.  It describes it as a “Content Classification Service” under “Webroot Security Intelligence Solutions”. 
  
The orange dot will give a complete score to a mouse browse-over, but not a complete report.  McAfee will give a complete report on SiteAdvisor, as will MyWOT.  I have found that MyWOT tends to downgrade “child safety” scores on blogs or sites that have subscription advertising or that have many embedded videos.  They may be saying that sites that allow third parties to display content are inherently riskier, at least for minors.
  
Some sites get downgraded (especially by McAfee) for bigoted or hateful content, even if there is no technical risk of malware.  And some get downgraded by all services if they have a poor business reputation according to media intelligence.

Webroot rates "healthcare.gov" as orange with a score of 40 because of technical instability and security flaws.  It rates the DC Health Exchange as Yellow with a score of 50 because of potential security holes.   

Target still has a green rating from Webroot despite the recent massive breach.  But the site itself did not have a breach; the machines in the stores did.  

Update: (Later Friday)

Now "billboushka.com" has gone to green with a score of 92 (after I contacted Webroot on Twitter), and many other smaller sites that I follow have gone to green at the same time.  

No comments: