“Type, Don’t Click, URLs” sez Microsoft

Microsoft provides this “hard to believe someone wrote it seriously and they were not smoking crack” Knowledge Base article Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks..

In a nutshell, the smart folks in Redmind suggest that you type all in the browser address field rather than actually touching your mouse on those dangerous hyperlinks:

…a malicious user could create a link to a deceptive (spoofed) Web site that displays the address, or URL, to a legitimate Web site in the Status bar, Address bar, and Title bar. This article describes steps that you can take to help mitigate this issue and to help you to identify a deceptive (spoofed) Web site or URL.

The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER.

Can you imagine how popular the web would be if this was how Tim Berners-Lee designed it from the start? Heck, we’d still be using Gopher…

This brings me back to a post from a few days ago where I diagnosed a spoof email from Earthlink that appeared to be an attempt for a fraudulent misdirect of a hyperlink.

Apparently this caught the attention of at least two Earthlink customers who had some mars-like comments, both assuming that from my message that I worked for Eartklink (I begin to wonder if they really read it). One even thought it would help if he included in the comments on my blog his credit card number and expiration date.

I was incredulous. Shocked. Rolling off the floor laughing. Editing the comment for poor Paul’s sake.

Back to the Microsoft “base of knowledge”– it is rather bizarre to believe the majority of the world would even use such a 3 legged dog, wobbly shopping cart product. Unless 90% of the world is Paul.

This post came to my RSS reader via the way of Bryan Bell from a post originally on SlashDot. Down in the long train of comments:

To go back to an often used analogy, if Microsoft were a car company and their vehicles happened to exhibit a problem with the engines catching on fire (as happens, sometimes, with real car manufacturers) other makers would recall and fix the problem.

Not microsoft!

They’re innovative. They’d send a helpful sheet out to owners:

Things you can do to protect yourself from an engine fire:
The most effective step you can take to protect yourself from an engine fire caused by the known defect, is pushing your car manually. By pushing your car manually, you can avoid creating the temperatures required to initiate combustion. This will keep your car safe. Also, you can save fuel and contribute to a cleaner environment.

Now do not click any more links, Paul. Type them all in by hand.

If this kind of stuff has any value, please support me monthly on Patreon or a one time PayPal kibble toss
Profile Picture for Alan Levine aka CogDog
An early 90s builder of the web and blogging Alan Levine barks at CogDogBlog.com on web storytelling (#ds106 #4life), photography, bending WordPress, and serendipity in the infinite internet river. He thinks it's weird to write about himself in the third person.


  1. Pingback: testing the waters

Comments are closed.