Bad URLs Categorizations Error on Web

Hi Sophos

Customers of XG Firewalls are reporting a bad url clasification, for example, this sites are detected as Porn/Sexuality/Nudity in other Sophos products but the clasification in XG firewall is bad.

http://www.xvideos.com

http://www.felizporno.com/mas-vistos

https://www.bonitaporno.com/pornostar-famosas/

https://www.pornoperra.com/videos-porno/castellano/

http://www.pornhub.com

Support say me that "Send a URL Request" but the troubble is that these URLs are Porn.

Please check.

Regards

  • I send several URL requests but they are still not committed. No porn sites. Big Smile

    Even after months they are still not categoriesed. (None)  Tongue Tied 

     

    Also i think they should enhance the url submission center. If you think the same, please vote for my "feature request": 

    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/32557672-url-feedback-enhancement

  • In reply to TheBalmasque:

    I voted the feature request. I would recommend to Sophos to add web category override. This option is available on UTM9.

    Regards

  • When I go to the Diagnostic tab in my XG and type in those URLs in the URL Category lookup they all seem to come back as "Sexually Explicit" which is what I would expect.  If you test from there are you also getting the bad categorization?

  • WEB filtering is a broken thing in XG.

    Ultra known web sites are wrongfully categorized.  This one among many others :

    If you can't categorize Intel properly, you have no business to do whatsoever in WEB filtering.  Before we decommissioned all Sophos products here, we would have similar results with ultra-known IBM (and many others) as well.  Another example: our Corporate bank Account categorized as "Job Search".  Users would knock at my door many times a day.  In the end I removed WEB filtering.  Also, users were able to access forbidden web sites indirectly.  By doing a Google search, and clicking on the resulting page.  It was not reliably repeatable however.  Symantec old WEB gateway, "Spywall", would do that too.  This why I checked Sophos' WEB appliance.  Symantec new WEB gateway, "Blue Coat", do not do that.

     

    PJR

  • Hi,

    according to my XG, 1, 2 and 5 are correctly categorised, but 3 and 4 are not categorised eg not found in the database.

    Ian

  • In reply to Big_Buck:

    Forgot to mention ... XG WEB filtering is a moving target.  One day a WEB site could be ok.  The day after, it is not. Then the following day, it is ok ...

    PJR

  • In reply to Big_Buck:

    Hi,

    to give you an idea I have in my daily reports over 20,000 uncategorised websites and that is with 2 (on 4 devices) active users and about 20 devices. Which in my mind means the automatic feedback which I ticked during installation is ignored.

    Considering how much effort went into convincing Sophos XG development (v15) team to provide multiple updates to anti-virus etc every day instead of once a week for a product they were pushing as being state of the art firewall left a bad feeling in everyone mind.

    I would like this product to work as I do see a future for it, but the UTM still runs rings around it for firewall security.

    Ian

  • In reply to rfcat_vk:

    Sophos always dare us, to send URL requests for further investigation. But the sad thing is that even when i send them months ago, they are still not categorized. Hmm

     

    20,000 uncategeorized websites per day sounds horrible. Sad

  • In reply to TheBalmasque:

    Hi,

    here an extract from yesterday executive report just to give you an idea of what I am talking about.

    Ian

  • In reply to rfcat_vk:

    Hi,

    this is very strange. i dont know why Sophos don't use their own categorization from other products?

    They seem way more accurate than the cyberoam classifications.

    UTM uses the mcafee database which is fine. It's really OK when Sophos is trying to push their own database. But why they don't use the database from the entpoint protection, instead of cyberoam? Surprise

  • In reply to TheBalmasque:

    Hi,

    Sophos are trying to move away from Mcafee because they have to pay for it. I have been a player in the UTM environment for many years, so have a bit of an understanding where they are going.

    Ian

  • In reply to rfcat_vk:

    Move away from McAfee is one thing.  But they were clearly not ready to do so.

    Now add to this XG and Intercept X.  Sophos ended swallowing a pill far too large for what they could actually handle.  They are sinking in a development boat.

    It will take years to stabilize.

    Meanwhile customers are paying for development more than support ...

    Paul Jr

  • In reply to Big_Buck:

    The person who started this thread is "Feliz Porno".

    If you open his profile, his Blog, his Twitter, his RSS feeds, and his Website are porn sites.
     
    He has posted only once.  He has not replied to anything in the thread that he started.
     
    All the sites that he posted are correctly categorized as Sexually Explicit in the XG.
     
    Although I have no specific proof, I believe the initial posted is a troller who is advertising or increasing linkages (SEO) to certain porn sites.
     
    I recently had the old "bad categorization" thread locked - which had a bunch of other similar posts by users who only did singular posts with links to porn sites.
     
    I recommend ignoring all posts containing links to porn sites, unless the person is a multiple poster who is clearly real.
     
    ----
     
    For the other people who are in this thread complaining about the categorization, I generally agree.  I have found the recategorization to be responsive (stuff I submitted has been changed when I check back a few days later) but the interface and feedback could be better.
     
    As I'm mentioned before in the past - some categorization of advertising can be problematic as it is difficult to determine the category of a 1x1 pixel.

    Although XG does not have the category override in exactly the same way as UTM, in practical terms you can do the same thing.  On the XG you can create a custom category and put your URLs in there.  Or you can create a URL Group and put them in there.  From that you can deal with them within your policy however you want.  Note that both of these are additive - it does not remove the original category.  Therefore after recategorizing you need to put in a new rule to match before whatever rule it used to match with the incorrect category.  An additional step, but it only needs to be done once.
     
    The sample that was shown - downloadcenter.intel.com is correctly categorized as a "Download Freeware and Shareware" site.  At least, there is a good argument for categorizing it as such.
     
     
     
  • In reply to Michael Dunn:

    M. Dunn

    Ok let's try to see it this way ...

    Downloading patches and updates is correctly categorized as "Freeware and Shareware" ?  This implies the firewall will block them, and these updates will not get installed on any desktops.  I hardly see how security gets improved in a mechanism like that ...  Because of this, either we have to disable that policy and allow-all "freeware and download".  Or at least IT managers faces the responsibility to disable and enable every time Intel post an update.  I do not have that much time to waste.

    Besides all other security products we are using - Symantec and Web Sense for example - do not pull IT manager in that extra unproductive management task waste.

    For now, Sophos struggle categorizing.

    Paul Jr