Microsoft Advises to Type in URLs Rather than Click

spacehug writes "In a recent Microsoft Knowledge Base article, they provide 'Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks.' These steps include always using SSL/TLS, typing 'JScript commands' in the address bar, and typing in URLs instead of clicking links! I have a suggestion that's not in the Knowledge Base: don't use IE!"

i knew it

[jester42]

i always knew that those hyperlinks were a bad security problem. Web designer should really avoid those propietary 'href'-tags for security reasons.

Hah!

[DarkHelmet]

I have a suggestion that's not in the Knowledge Base: don't use IE!

Yeah, and I have a solution to prevent malicious programs like IE from running that's not in the Knowledge Base...

Install Linux.

I hear you can buy a copy of it for around $600 somewhere [sco.com].

Why go half way?

[Snosty]

I say go one step further for ultimate security and telnet to port 80.

Better solution

[CaptainAlbert]

Why risk using the Web at all? Just e-mail the webmaster and ask him to fax the webpages to you [userfriendly.org]!

Re:fpfpfp

[radicalskeptic]

Damn, if only you could have clicked the "reply" link instead of having to type the URL in in manually for security reasons, you could have gotten first post. Curse you, IE!

In other news: secure banking

[VEGx]

In other news M$ advices all online banking users to walk in to their nearest bank office to secure their online banking...

riight

[WhodoVoodoo]

"okay, instead of patching our crap that you paid for, just don't use these featrues. That's right, they're bugs, not features! But we won't patch them for numerous unspecified reasons."

"By the way, you knew it wouldnt be anywhere near secure when you bought it. Remember lovebug? eh? Oh, we're better than linux/bsd/unix/sunos/macos for numerous unspecified reasons."

--an open letter from MS (well, at least they could have the courtesy to tell us directly they're ridiculous)

*sigh* we're all screwed.

uhh?

[aarku]

Is it just me or does the title of the article read:

Eight-hundred-thirty-three-thousand-seven-hundred- eighty-six Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks

Re:Better solution

[Mork29]

E-mail? You must be crazy... Just stick to messaging the fokes on your local BBS. I just got done downloading this kicking game called Lemonade Stand!

CLIE?

[mattjb0010]

Microsoft Advises to Type in URLs Rather than Click

So now MS is promoting a return to command line interfaces?

Re:Better solution

[Mr_Silver]

Why risk using the Web at all? Just e-mail the webmaster and ask him to fax the webpages to you [userfriendly.org]!

I followed Microsoft's advice and typed in your address but all I got was the MSN search engine telling me that the domain "fax the webpages" doesn't exist.

Ahh sweet sweet irony

[quantaman]

http://support.microsoft.com/default.aspx?scid=kb; %5Bln%5D;833786

Need I say more?

Re:i knew it

[beda]

You are right, gurus use 'a'-tag instead, with 'href' as an attribute.

Re:Internet Explorer should offer...

[dohcan]

Is that the long way of saying "just use Mozilla" ?

Are you out there Mike Rowe?

[wan-fu]

And to think, that enough people got MikeRoweSoft.com confused with microsoft.com to warrant a security bulletin.

What's next?

[This is outrageous!]

"Protect yourself from clicking links by disconnecting the mouse!"

"Protect yourself from email worms by walking to the post office!"

"Protect yourself from p2p worms by buying your music on 8-track tape!"

"Protect yourself from joe-jobs by not using your hotmail address!"

"Protect yourself from internet credit card theft by using dollar bills exclusively!"

"Protect yourself from e-banking snoopers by keeping your savings under the mattress!"

"Protect yourself from spam by disconnecting the internet!"

"For Christ's sake, protect yourself from illegal operations by turning off your computer NOW!

(Oops, this one's not new.)

Use mozilla

[mobby_6kl]

Can I have my karma now?

Re:Hah!

[The Fink]

Oooh! I get it now!

This is all a big ploy, by Microsoft, to prevent "their" customers clicking on links which might take them to competitors' products. Sneaky! It might even be patentable!

What'll they think of next?

Re:Easier way...

[This is outrageous!]

I swear MS are putting something in the water

...corrupting our bodily fluids. I first realized that, Mandrake, during the act of love. Small and flabby. It has to be micro soft!

New patent coming...

[philippeqc]

Why do I have a chill running down my spine about a new patent concerning "Zero click navigating"

-ph

Re:Why go half way?

[shird]

Shouldn't that be port 443 (https) for maximum security? Of course, doing 2048 bit crypto in your head isn't the easiest of things.

Re:Hah!

[NoMercy]

And by the sounds of it, a week later buy a new keyboard because youve worn-out your [g] key.

Re:Hah!

[Sexy Bern]

At least you can explain to your boss why you're now having to use www.booble.com [booble.com] so much!

Re:They can't be serious...

[danamania]

To go back to an often used analogy, if Microsoft were a car company and their vehicles happened to exhibit a problem with the engines catching on fire (as happens, sometimes, with real car manufacturers) other makers would recall and fix the problem.

Not microsoft!

They're innovative. They'd send a helpful sheet out to owners:

-----------------
Things you can do to protect yourself from an engine fire:

The most effective step you can take to protect yourself from an engine fire caused by the known defect, is pushing your car manually. By pushing your car manually, you can avoid creating the temperatures required to initiate combustion. This will keep your car safe. Also, you can save fuel and contribute to a cleaner environment.
----------------- :P

One leap for man (in reverse)!

[CubicZirconia]

So what's next then? ....Write your emails in outlook, then print them and mail them in an envelope, all the benefits of outlook with the added security of Physical Delivery (tm)*(new improved feature, Microsoft patent pending).

Re:Hah!

[Pxtl]

No - the best browser for the MS platform is Arachne [arachne.cz]... oh, you meant Windows.

I haven't clicked links for YEARS!

[TrollBridge]

Goatse trolls on Slashdot taught me not to click hyperlinks LONG before they became a security issue!

No bugfix?

[Zog The Undeniable]

So they're not going to fix the spoofed URL bug [theregister.co.uk] then? Well, I guess a KB page is cheaper than paying developers to figure it out!

This just in...

[CFBMoo1]

and typing in URLs instead of clicking links!

Microsoft Coperation today advised users to upgrade their current Internet Explorer web browsers to Carrier Pigeon 1.0. This newly released software package transferes HTML documents safely and securly over the friendly skies.

NOTE: Microsoft is not responsible for packet loss during hunting season, unless it's wabbit season but definatly not duck season!

I know I should probebly read the advisory, but I use mozilla. So how would it help?

normal people

[real_smiff]

yep. i think it's because MS stuff is the most basic and hasn't changed for about 5 years (since they started using the internet). Like I tried to get people to use Opera.. and that thing pops up at the start (asking whether you want to start with your last session, home page, blank window etc.) and they don't even read it, they just think it's some sort of error.

Where we go "cool, nice features" they... don't.

The other thing is, they always, with unwavering precision and frightening speed, manage to find the pages that it doesn't render properly.

gah, normal people.

the other thing is, that MS have succeeding frighteningly well in making their applications and icons synonymous with the tasks they perform in the minds of so many people. it's been said before, but that blue 'e' sort of IS the internet to so many people, like that 'w' IS the word processor. gah again. sorry for the lack of capital letters in this post.

This browser is insecure and will allow criminals to steal your money.

lol

Firmly press the close button

[Anonymous Coward]

Also, if you have any reason to suspect the authenticity of a site, leave it by closing the browser window immediately.

ahhheee.... CLICK CLICK CLICK CLICK They are going to get me... ALT-F4 ALT-F4 .... ahhheee CTRL-ALT-DEL..... *pant* ..... holding in the power switch now.........*blink*..... man that was too close, I almost got slashdotted....

Re:They can't be serious...

[LittleGuy]

How on EARTH did someone write this KB article without cracking up. Are they for real or what?

We'll find out next fall on an all-new FOX Reality Miniseries: "The Simple Life: Redmond".

(What? Didn't you notice that the KB is suppose to Microsoft Internet Explorer 6.0 SP1, when used with Anal Wiener Buggers?)

Re:They can't be serious...

[kryliss]

And don't forget pushing the car will also give you some well needed exercise..

Re:They can't be serious...

[ozbird]

Also, you can save fuel and contribute to a cleaner environment.

Pushing your car can also cause unburnt fuel to poison the catalytic converter, and pollute the atmosphere with hydrocarbons. In certain situations, the unburnt fuel in the exhaust pipe may explode, possibly taking out the muffler, catalytic converter etc. with it. If this occurs, you should report the problem to your fuel supplier and/or exhaust manufacturer.

Re:I haven't clicked links for YEARS!

[wheany]

More like internet darwinism. If you have ended up on the goatse page more than once by blindly clicking on links in slashdot and have not learned to check the links before clicking on them, shame on you.

And Slashdot's link-parsing algorithm isn't flawless either.

Upgrade Path

[Duckman5]

If you're roommate is that unwilling to change browsers when other people suggest, perhaps he's be willing to upgrade when "Microsoft" [wired.net.nz] tells him to.
I've sent that page to a few people now, and the responses are pretty amusing. It redirects IE users to a spoofed MS Update page for Internet Explorer that offers Mozilla for download as the "update" for IE.

Hyperlink Patent workaround?

[microcars]

could this be a lame attempt to get around British Telecom's PATENT [wired.com] on hyperlinks?

I can see Microsoft telling British Telecom:
"We're not paying you any license fees, we'll just have our users MANUALLY TYPE THE URLS"

How does it spoof the address bar?

[RowdyReptile]

If you're roommate is that unwilling to change browsers when other people suggest, perhaps he's be willing to upgrade when "Microsoft [wired.net.nz]" tells him to.

Just one question... how does it change the location in the address bar from (http://zcat.wired.net.nz/upgrade/) to (http://msie.microsoft.com)? Yes, I'm using IE.

Sorry it took me so long to reply to this...

[Anonymous Coward]

My hands cramped up about halfway through typing http://support.microsoft.com/default.aspx?scid=kb; %5Bln%5D;833786 . :)

Problem solved

[Quixadhal]

We've discovered a security problem where computers that receive tcp/ip packets are vulernable to various attacks.

To protect yourself from these attacks, plese type each tcp/ip packet by hand into your editor, print them out and mail them to their destination. When the reply arrives, please type them in by hand to ensure no malicious trojans sneak their way into your tcp/ip stack.

What cracked me up....

[schon]

"The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them."

OK, great - but how do I tell the malicious hyperlinks from the benign ones?

Type this URL three times

[alfredo]

http://images.google.com/imgres?imgurl=internet.ls -la.net/pictures/images/Computer/Microsoft-XP-suck s.jpg&imgrefurl=http://internet.ls-la.net/pictures /Microsoft-XP-sucks.html&hl=en&h=480&w=640&start=6 &prev=/images%3Fq%3Dmicrosoft%2Bsucks%26svnum%3D10 %26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26sa% 3DN