Hi

We run an ISP.

As part of the ISP we provide personal homepages for our customers where the URL is of the form of the form http://homepages.woosh.co.nz/username

Recently one of our customers account was hacked and his account was used to host a phishing website.

This site was recently picked up by both norton and google.

I will explain what google did and what norton did and question if norton knows what its doing.

(note that being a reponsible ISP we acted within 12 hours of recieving the notification fom google)

Google:

1) added to there safe browsing filters the exact URL of the phishing page in question

2) Kindly notified us they had done so.

3) Provided us an easy 1 click link to re-evaluate the site.

Norton:

1) blocked the whole domain (i.e. *.woosh.co.nz, so people going to our homepage or webmail get your warning)

2) did NOT notifiy us

3) provides us a convoluted re-evaluation process that involves registering accounts, registering domains, then an unlisting process.

comments:

Why the %$^& did norton decide to block the whole domain? You do realise that subdomains exist for a reason?

Why did norton not notfiy us? A whois will tell you an abuse contact - Id say its your moral duty to inform site owners that you have taken action against there site.

why the convoluted re-evaluation proceedure?

If Norton needs help re-evaluating its proceedures to help responsible ISP's remove harmful contect then i believe Norton should look at googles model and adapt. If Norton needs advice, contact me..