Webroot is a popular anti-virus and “internet security” solution, which is used by millions of people. While offering a fairly comprehensive protection suite which includes an anti-virus (that is increasingly useless) as well as a firewall (which is also fairly useless).

One of the more invasive features is called “WebShield” which is meant to block access to harmful websites that distribute malware and phish for your personal data. On the surface that sounds like a great idea, however it also has negative side effects since the block list is maintained by Brightcloud, a subsidiary of Webroot, which categorizes websites based on their own arbitrary criteria, with no oversight. This classification itself is not the reason for this article, but its what they do with it.

Windscribe.com is classified in the “Proxy Avoid and Anonymizers” category, you can check it via this tool. The classification itself is fair, since that’s what Windscribe is (among other things), however if you have Webroot installed and you try to access windscribe.com this is what you see:

Reputation killer

This is not just a Windscribe issue, this also affects the website for the TOR project and virtually all other VPN providers. ExpressVPN, NordVPN, PureVPN, PIA, HotspotSheild are just some of the other victims who’s site is blocked with a message that states:

This is a high risk site. There is a high probability that you will be exposed to malicious links or payloads.

A similar message is also injected right into the Google search results:

No TOR for you

When I emailed Brightcloud confronting them with this issue, and this is the response I got.

Hello again - We have reviewed windscribe.com and determined that it does not need to be changed at this time based on BrightCloud’s url reputation criteria. It currently has a reputation score of 10 in the BrightCloud Service and available in Database version 4.915. You can read our Webroot Reputation Change FAQs for more information on the most common reasons why your suggestion may not have been implemented. Thanks again for your suggestion!

I emailed them again stating that there is a difference between marking a website as “proxy avoidance” and “suspicious attack ahead” while saying “there is a high probability that you will be exposed to malicious links or payloads”. This was their response:

Thank you for contacting Webroot BrightCloud Support. Unfortunately we cannot change the classification for windscribe.com. Most enterprise customers do not allow users’ access to proxy sites, so this category is blocked based on their firewall policy. We understand that the warning for proxy sites is misleading and we are currently working on changing our approach to proxy sites, so consumers can have unlimited access. We are hoping to achieve in changing Proxy Avoidance and Anonymizers’ reputation to a higher score in a few weeks. Meanwhile, Webroot users have the ability to bypass the Webroot block page by selecting “Unblock page and continue”. By doing this, they will be able to browse on proxy sites while still being protected by our software when visiting other sites.

This is from a company that “delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe”.

If you’re going to police the Internet, at least do a better job.