One Limitation of URL Classification

June 18th, 2010

It is true that by creating a large database of malicious URL addresses, URL classification can allow a network administrator the power to completely block a malicious or suspicious URL.  There is, of course, one small limitation of this method:

What happens when a user on your network is the first to stumble upon a malicious or infect site?

Well, since there is no record of the site within the category of malware or malicious sites, the URL is allowed.  Your network has just become a guinea pig.  Now that you have suffered this attack, the bad URL is correctly classified under malware and every subsequent visit is blocked.

Thanks to your network’s sacrifice, all future visitors are forewarned and saved.  Unfortunately, that will not help you one single iota.

I am not suggesting that URL classification is flawed in the least, I just wanted to post information regarding the one particular limitation.