Swimming with the Razorfishes

Friday, January 23, 2004

From Microsoft's support site:

When you point to a hyperlink in Microsoft Internet Explorer, Microsoft Outlook Express, or Microsoft Outlook, the address of the Web site typically appears in the Status bar at the bottom of the window. After you click a link that opens in Internet Explorer, the address of the Web site typically appears in the Internet Explorer Address bar, and the title of the Web page typically appears in the Title bar of the window.

However, a malicious user could create a link to a deceptive (spoofed) Web site that displays the address, or URL, to a legitimate Web site in the Status bar, Address bar, and Title bar. This article describes steps that you can take to help mitigate this issue and to help you to identify a deceptive (spoofed) Web site or URL.

[...]

This article discusses steps you can take to help protect yourself from spoofed Web sites. To summarize, these steps are:

  • Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information.
  • Do not click any hyperlinks that you do not trust. Type them in the Address bar yourself.

I try to be measured in my criticism of Microsoft, because they are such a large and easy target, because they bear the brunt of every lazy third-party developer's bad choices, and because they do produce some good products.

But, my God, manually type the URLs into the address bar? I realize that the only truly secure computer system is one unplugged and locked in a safe, but this is absurd.

Other than sheer ignorance of the issues involved, I have no idea why people use Internet Explorer. Imagine an automobile company that produced a car that occasionally burst into flames during refueling at the pump. Rather than issue an immediate recall to fix the problem, the automobile company suggests using a syphon to transfer gasoline from an automobile with a full tank to the other. Class action suits would spring up like mushrooms, outraged customers would march on the headquarters, and everyone would stop buying things from the company.

Yet Microsoft, with its dominant position in the industry, feels comfortable advising its customers not to click links in web pages.

Not to click links in web pages.

The whole point of web pages is clickable links!

Please, people, consider exploring (no pun intended) other browsers:[Thanks to Julius Welby for getting me all riled up]

0 Comments:

Post a Comment

<< Home