As you may know, Microsoft is using for their URL Filtering from Forefront TMG Beta 3 a reputation service, Microsoft Reputation Service (MRS). They say their URL filtering is special, and list a few arguments for that.
What I want to mention bellow is an interesting situation, the situation when one says it’s so, and at the same time the same one says it’s not so.
Say we take a web site, and take a look at it. Can Microsoft Reputation Service (MRS) make a difference to what we will notice ?
Please keep in mind that Forefront TMG is still in Beta stages, so let’s take a look at what’s bellow now, and revisit it when it will be RTM.
For example, the en.securitylab.ru web site, say I go to http://en.securitylab.ru/:
So what’s so “interesting” at this domain ?
It’s interesting because it’s “split” in parts(sub-directories). For example, a part dedicated to security advisories, a part dedicated to a vulnerability database, and so on:
As we can see from above, they do not use sub domains for that, rather they use “paths”, sub-directories.
While the above pictured paths may be in “harmony” with the general URL category Technical Information, one path may be not:
Indeed, it’s still technical information there, a great resource for certain security professionals, but this “path” of this domain is as technical as milw0rm.com is:
How is that ?
Take a look yourself, one URL from en.securitylab.ru and one URL from milw0rm.com(ignore what it says it’s there):
So, as ca be seen, same domain + different paths, two different domains, different domains and a similar path(sub-directory), different web pages on different domains on a similar path, same information on those web pages, information that (wrongly) used can put your network at risk(it can do what they say it does, or not –;) ), one URL goes into the Technical Information and the other into the Hacking/Computer Crime. Who’s wrong and who’s right ?
Putting the entire en.securitylab.ru web site into the Hacking/Computer Crime category may be wrong.
Having the /poc path of the en.securitylab.ru web site into the Technical Information category may be also wrong while keeping milw0rm.com(and the /exploits path) into the Hacking/Computer Crime category.
Can the cloud make a difference ?
Will have to wait and see.