topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 11:31 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Skwire's DC member site marked as suspicious  (Read 9055 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Skwire's DC member site marked as suspicious
« on: January 13, 2011, 03:16 PM »
I'm not sure what filtering software we use at work, but it's been here for a while, and I just saw something that I hadn't seen before:

THIS SITE HAS BEEN BARRED UNDER COMPANY POLICY ON USAGE OF THE INTERNET, OR TO PREVENT EXCESSIVE DEMAND CONFLICTING WITH CORE BUSINESS ACTIVITIES.

Internet Usage is Monitored.
Your IP address: <Redacted>
The URL is: skwire.dcmembers.com
The category of this URL is: Suspicious
If you feel the site is being inappropriately blocked, please submit helpdesk ticket by clicking on email link below.

I'm sure its because of false positives... just wanted to let you know.  Even though false positives are reported to the virus agencies, and you can ignore them, there are other ramifications that haven't been considered (at least by me).

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,612
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #1 on: January 13, 2011, 03:28 PM »
You must have been leaching that site way too much :P

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #2 on: January 13, 2011, 03:37 PM »
what the hell!?!?!

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #3 on: January 13, 2011, 03:40 PM »
That would be Bluecoat which I also use, K9 is popular name http://forums.blueco...p;t=7577&p=24651 I just googled msg.

Suspicious category:
Sites considered to have suspicious content and/or intent. This categorization is determined by analysis of web reputation factors. If a site is determined to be clearly malicious or benign, it will be placed in a different category.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #4 on: January 13, 2011, 03:52 PM »
When I tell K9 to block all categories including "Suspicious" I still have access so either they fixed FP or K9 have different protection schemes for their business products.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #5 on: January 13, 2011, 04:44 PM »
The site has software written with AutoHotKey, 'nuff said. IT MUST BE EV0L HAXxx0r OMG!11!!1! one one.

Lame overzealous heuristics :)
- carpe noctem

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #6 on: January 13, 2011, 04:53 PM »
FWIW, I used JottiQ to scan all archives and installers and recompiled anything that had false positives (only a few).  As f0dder said, "Lame overzealous heuristics."

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #7 on: January 13, 2011, 05:06 PM »
skwire, are any of them UPX-compressed? (The AHK default) - compression seems to make the false positives much more likely.
- carpe noctem

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #8 on: January 13, 2011, 05:52 PM »
No, they're not.  I haven't used UPX for years.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #9 on: January 13, 2011, 05:55 PM »
UrlVoid say all clean http://www.urlvoid.c...skwire.dcmembers.com so could be worse.

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #10 on: January 13, 2011, 06:00 PM »
Just as I suspected.  I've been wondering why I always get skwire-porn popups on my desktop.  What's a skwire-porn popup look like, you might wonder?  It's filthy, I couldn't show it here.

[edit] I'm kidding, of course.  Just in case any guests are reading this.  Skwire's awesome.
« Last Edit: January 13, 2011, 06:10 PM by superboyac »

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #11 on: January 13, 2011, 06:08 PM »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #12 on: January 13, 2011, 06:18 PM »
Could it have something to do with this? If something is still flagging that as malware, it might explain the problem you are now having with the blocking.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #13 on: January 13, 2011, 06:26 PM »
Could it have something to do with this? If something is still flagging that as malware, it might explain the problem you are now having with the blocking.

No, it's not that. The Video2MP3.zip scans clean.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #14 on: January 13, 2011, 07:56 PM »
Correction. Usually K9 react to changes in real time so when a new category is added that is in effect. Not so in this case or site is still blocked by K9/Bluecoat.

I have disputed though :) I suggest others do the same here http://www1.k9webpro...rt/check-site-rating After check there is option to complain, ask for review, add comments about why they are wrong. Software/Downloads is probably a better category than computers/internet but site can have more than 1.

« Last Edit: January 13, 2011, 08:00 PM by Bamse »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #15 on: January 13, 2011, 08:10 PM »
thanks for the link -- i reported a suggestion to fix the rating as well  :up:

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #16 on: January 13, 2011, 08:57 PM »
Thanks for the link!  As my IS department sort of looks the other way in regards to my highly customized desktop (note - make friends with the IS people first at any new job!), I wasn't going to e-mail them about the link, but wanted to do something... this helps loads!  :Thmbsup:

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #17 on: January 13, 2011, 10:04 PM »
Should be fixed now.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #18 on: January 13, 2011, 10:36 PM »
Thanks, everybody.   :)

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #19 on: January 14, 2011, 12:25 AM »
wraith,

I don’t know what your company considers "off-limits" but I know that engineering companies I have worked for didn't want employees on the Internet for anything that couldn't be related to their work. In that business everything is client-driven and client reps are often in the building nosing around. If they are being billed for an engineer's time (by the hour of course!) and see them on the web doing something definitely not related to their business there would be a big stink. That was the single biggest reason sites were banned, rather than any real perceived "danger".

....BARRED UNDER COMPANY POLICY ON USAGE OF THE INTERNET, OR TO PREVENT EXCESSIVE DEMAND CONFLICTING WITH CORE BUSINESS ACTIVITIES.

Sounds like they might be after breaches in company policy rather than malware.

Thanks!

Jim

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #20 on: January 14, 2011, 12:53 AM »
It is an almost generic BlueCoat message http://techlabs.blue...policy/coaching.html - obey warning and blah blah. "INTERNET USAGE IS ROUTINELY MONITORED AND LOGGED." is to scare further attempts and K9 actually does log everything, every connection not just blocked sites! Only Admin can see log so something to remember if whoever ask what computer is used for. Log feature cannot be disabled. This is part of "coaching", does not mean there are deeper local thoughts behind it, basis is still same filtering databases everyone else uses. If local powers are interested in spying/total control they will not only use K9 but stuff like Spector 360 http://www.spector360.com/ May be they do already. K9 not without tricks though http://techlabs.bluecoat.com/policy/ Speed Bump is typical IT evilness, heh.
« Last Edit: January 14, 2011, 01:02 AM by Bamse »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Skwire's DC member site marked as suspicious
« Reply #21 on: January 14, 2011, 10:11 AM »
Sounds like they might be after breaches in company policy rather than malware.

They don't really care, truthfully, other than a) policy on inappropriate sites (there was a big stink over pr0n sites a while back, from what I hear), and b) viruses (some virus brought the company to its knees a while back).  As I said, I'm pretty friendly with the admins, and they're more overworked by having a global company supporting a product with real-time 24/7 almost 365 day updates than actual internet usage.  The pay is performance based, so your performance comes out in your pay, rather than someone keeping track of your internet usage.

Should be fixed now.

I'll wait 'til I get back after the holiday to check, though I did receive a similar e-mail.
« Last Edit: January 14, 2011, 10:12 AM by wraith808 »