Forefront TMG Beta 3: URL Filtering – Building a Reputation Service is not a simple task

As you may know, Microsoft is using for their URL Filtering from Forefront TMG Beta 3 a reputation service, Microsoft Reputation Service (MRS). They say their URL filtering is special, and list a few arguments for that.

What I want to mention bellow is an interesting situation, the situation when one says it’s so, and at the same time the same one says it’s not so.
Say we take a web site, and take a look at it. Can Microsoft Reputation Service (MRS) make a difference to what we will notice ?
Please keep in mind that Forefront TMG is still in Beta stages, so let’s take a look at what’s bellow now, and revisit it when it will be RTM.


For example, the web site, say I go to



So what’s so “interesting” at this domain ?
It’s interesting because it’s “split” in parts(sub-directories). For example, a part dedicated to security advisories, a part dedicated to a vulnerability database, and so on:



As we can see from above, they do not use sub domains for that, rather they use “paths”, sub-directories.
While the above pictured paths may be in “harmony” with the general URL category Technical Information, one path may be not:



Indeed, it’s still technical information there, a great resource for certain security professionals, but this “path” of this domain is as technical as is:



How is that ?
Take a look yourself, one URL from and one URL from what it says it’s there):




So, as ca be seen, same domain + different paths, two different domains, different domains and a similar path(sub-directory), different web pages on different domains on a similar path, same information on those web pages, information that (wrongly) used can put your network at risk(it can do what they say it does, or not –;) ), one URL goes into the Technical Information and the other into the Hacking/Computer Crime. Who’s wrong and who’s right ?


Putting the entire web site into the Hacking/Computer Crime category may be wrong. 
Having the /poc path of the web site into the Technical Information category may be also wrong while keeping the /exploits path) into the Hacking/Computer Crime category.

Can the cloud make a difference ?

Will have to wait and see.

Comments are closed