MS phishing filter blacklists everything A wide range of uk.com websites were misclassified as malign by anti-phishing technology built into the latest versions of Microsoft's browser software on Wednesday. Microsoft's SmartScreen Filter, which is built into IE7 and IE8, labelled every uk.com top level domain site as a phishing site following what appears to be a …
"The most likely explanation is that a genuinely unsafe website under one of our suffixes was reported to Microsoft, but they incorrectly added all the domains under that suffix to their list of unsafe websites.
"If you are a domain registrant whose website is affected, you can click on the 'More information' link, then the 'Report that this site does not contain threats' link, and report that your website is safe to Microsoft." ®
Riiiiiiight. So given the first statement above, how is the second statement a better solution than simply reversing the change?
So ya
Thought ya
Might like to
Go to the site.
To feel that warm thrill of animation,
That flash filled delight.
I've got some bad news for you sunshine,
This site isn't well, it's a virus laden hell
And I refuse to allow you a pass to animeland
We need to find out where these sites really stand!
Are there any Brits in the browser bar tonight?
Block them in the firewall!
There's one about Spotlight, it doesn't look right to me,
Block it in the firewall!
That one's Druidish!
And that one slams Zune!
Who let all of this riff-raff into the room?
There's one hacking PowerPoint,
And another XBox!
If I had my way,
I'd have all of you blocked!
*grabs coat before he's thrown out*
for a user to have control over their operating system/browser, rather than allowing the developer, in this case Microsoft determine where you don't want to go today.
Having a good look at the services that run in Windows 7 and using all the settings recommended by MS. I reckon Windows 7 is spyware in the first instance and an operating system in the second.
Although I will probably end up using Windows 7 at some point (work will dictate this not choice), I will know how to lock it down and keep MS out.
Almost every UK hosted site I've visited in the last few months has delivered a snotty lecture at me "suggesting" I change my browser. I, following the standard netizen protocol established fifteen years or so ago, voted with my mouse and bought what I was looking for elsewhere.
Blacklisting these sites just seems to be anticipating the hysterical anti-IE rant they deliver and since the webmasters clearly don't want IE-delivered custom, would appear to be doing everyone concened a favour.
Webmasters! If your website has a problem rendering in a browser, perhaps it's time to consider trimming Teh Bling (aka the Tat) from the bloody pages.
Or you could just, you know, forego all that lovely money people are trying to spend at your wretched site.
This might explain then why our webhost's site went offline for a few hours earlier today :) they've used webhosting.uk.com for years without problem.
Also, I suspect many of the registrants under that domain aren't really name squaters, as well known companies like Game used to use a .uk.com domain to get round people who'd decided to snap up their .co.uk.
This is why I took the time when installing IE8 to go through the laborious startup wizard and shut off all their attempts to collect my browsing data.
Then again, I don't use IE8 for anything except stuff that absolutely requires it (ie, stuff written by stupid people that I don't have a choice in using).
"Antivirus tools have had a history of detecting bad things that weren't there. But, they're not by MS thus they're fine to do that. MS do it and it's a huge disaster."
Nobody likes the antivirus firms and nobody ever said they're "fine to do that." I know I just fed the troll so I'll be off now.
I've never understood people who use uk.com - and by the way it ISN'T a top level domain, .com is but this isn't, its just a second level domain masquerading as a top level domain, selling off its third level domains at ridiculous prices to noobs who don't know any better.
Last time I looked they were selling something.uk.com for £60 instead of the usual tenner or so for a .co.uk or .com. Tells you something right there...
I'm no big M$ fan but the reaction to this story looks very different to when Google classed the entire internet as malware.
http://www.theregister.co.uk/2009/01/31/google_malware_snafu/
I know that Goole didn’t recommend that we all contact them to list our domains as safe and sorted things within a few hours but it looks to be an error of the same type but with a much lower percentage of the web affected.
"Webmasters! If your website has a problem rendering in a browser, perhaps it's time to consider trimming Teh Bling (aka the Tat) from the bloody pages."
You're kinda right in the principle. In the real world however, there is no need for any bling nor tat for a website not to render in IE. It just needs to be standard compliant. There is less and less of a common denominator between the 2 clans of webpages: either your page renders well in all browsers but IE, or your page renders well in IE but nowhere else. Most big guys avoid the problem by having two separate sets of pages and serving one or the other depending on the useragent, but you'll admit that it's less than optimal. So yes, webmasters can grow a bit annoyed over the issue, and try to pull visitors away from the half-baked PITA that IE is. It might be annoying for you, but it's hardly _their_ fault. Actually, it's more _your_ fault, for using a browser that deliberately breaks the standards in an effort to maintain some kind of market share despite being utter crap, and annoys everyone else in the process.
Actually, I'm not that pissed at Microsoft on this one. Okay, so they aren't going to pay for the losses suffered by other companies, but it's also hard to point at any direct profits that Microsoft has pocketed in the deal. Or does that just prove Microsoft has succeeded in confusing the money trail?
However, it still shows the problem with too big to fail. While this might be a substantial hurt for some British companies, imagine the damage if it had been 'one domain over' and taken out ye olde dot-com domain itself? Damage in the millions of dollars? Or should it be billions? Pretty soon we'd be talking about real money, eh?
Having said that, I'm not sure what can be done in this case. I'm kind of in favor of the feel-good solution of destroying all spammers, but that will never happen, so the alternative approach is to increase the diversity of browsers. Currently there are about 5 choices, but that's a pretty rough estimate of the degree of freedom. If we add in the live versions, it's more like 7 choices? However, it's clear that IE is the ugly elephant in the room, however we slice the pie. The 'obvious' solution of dividing IE doesn't seem to make any sense here, because what's to divide? Where would the pieces be? Microsoft has really blurred the issue for that pretty crucial part of the Internet infrastructure...
Maybe that was the strategic decision? Too big to fail but too hard to find?
"Another reason...for a user to have control over their operating system/browser, rather than allowing the developer, in this case Microsoft determine where you don't want to go today."
You do know you can turn the filter off, right?
"It just needs to be standard compliant"
most of said tat/bling is from css3. css3 is not a standard (yet). Microsoft have this little thing called "backwards compatibility" which can be boiled down to "try not to change the behaviour of an application without a version change, if ever". Unless you are seriously wanting another round of designing practically 2 different websites depending on IE version, you should be _BEGGING_ MS not to implement css3 until the spec is completely stable
"Microsoft have this little thing called "backwards compatibility""
That's a joke, right? They do have the "backwards" part covered, twice or thrice, but they're still looking for the "compatibility" part. That's why chairs sometimes get airborne in Ballmer's office: he's searching *very* thouroughly.
"most of said tat/bling is from css3. css3 is not a standard (yet)."
Maybe you should re-read my comment. I'm not saying that this bling is good or standard or anything. I'm just saying that stripping the bling out won't make the page display correctly in IE. If it's written in standard *ML, it most likely won't display correctly in IE. For a website to work correctly with IE, it basically has to be written specifically for IE.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
