Microsoft Tool To Help Users Avoid Typo Domains

blueZ3 writes "ZDnet is running a story on a new tool from Microsoft that aims to inform users when they reach 'typo domains'. Apparently, there's concern in Redmond that IE users are being exploited by companies running ad farms on typo domains. The tool uses an automated search routine to look for domains with particular types of typographical errors--transpositions, incorrect TLDs, missing letters--and then adds the domains to a database. The eventual goal (though this isn't clear from the article) seems to be something akin to Verisign's URL redirecting, where typo domains are blocked."

Misspelled domain data

[RunFatBoy.net]

The article isn't entirely clear whether the app reports back to MS your web surfing locations. Granted, it could be useful to see what the user is commonly misspelling, but at the same time, I really have no interest in relinquishing this information.

Jim -- http://www.runfatboy.net/ -- A workout plan that doesn't feel like homework.

Re:Misspelled domain data

[MyLongNickName]

The article isn't entirely clear whether the app reports back to MS your web surfing locations.

Yeah. Thank God, we can rely on Google to not do anything like that. Can you imagine what potential for misuse there would be if a company like Google recorded your web surfing habits?

Re:Misspelled domain data

[Mistshadow2k4]

I must agree. If this tool reports back to Microsoft, I wouldn't recommend it to my customers. On the other hand, if it didn't and only protected you from winding up at bad sites (like the goggle.com mentioned below) it would be good. Problem is, can we trust Microsoft not to make it report home and to keep the blacklist up to date? I rather doubt it.

It seems to me that perhaps someone could make an open source equivalent. It wouldn't be that difficult, since you could use some of the same blocklists that protowall and peer guardian use -- you could probably ask them to tag such sites or even make a separate list for them (the bluetack lists for protowall are already divided into several categories). Too bad I don't know jack about programming.

Re:Misspelled domain data

[MushMouth]

I bet you are a-ok with firefox automagically redirecting you to google if a host isn't found. (which happens all the time for legitimate hosts if DNS is momentarily inaccessible)

Re:Misspelled domain data

Of course it reports back the information to Microsoft. What do you think happens when you type something in Internet Explorer's address bar and it doesn't recognize the input instead directing you (and your input) to Microsoft's server at search.MSN.com (whether you like it or not)?

This so-called benevolent service is like your telephone deciding for you you did not mean to dial that number and so directing you to the number it thought you meant to dial on its own. Would you like your telephone to do that for you?

It is sickening how Microsoft tries to control the ability of the enduser to get things done on their own computer. From false DOS error messages with early Windows betas, to integrating a web browser into its operating system to prevent competition from Netscape, to interfering with governments' decisions to use open standards formats, Microsoft has done more to harm the advancement of computing than any company I know of.

Re:Misspelled domain data

[nocomment]

I'd prefer the information get sent back to MS anonymously where they jsut have the ONE robot running. Could you imagine the damage to the internet if there was 4.5 billion robots scanning the Internet just looking for typos? I think MS may have actually hit[1] on a good idea. It won't make me switch to windows, but I still like the idea.

[1] pun intended.

Re:Misspelled domain data

[WiFiBro]

Hm, there was something about the market mechanism and 'monopolizing'...

Re:Misspelled domain data

[Prof.Phreak]

Oh, don't worry, alexa spyware already does that (and it comes installed!).

Re:Misspelled domain data

[MushMouth]

First of all Alexa is no longer included in IE, secondly Alexa IE sidebar only contacted Alexa when a user selected show related links from the tools menu, and only for that single url that was in the urlbar at the moment it was selected. Somehow people (AdAware for instance) believed that removing that functionality and replacing it with something that sends identical data to another, much large company, google, is better. Notice that google now distributes AdAware in the google pack which also include google's tracking toolbar. How anyone trusts any of these guys is amazing.

Re:Misspelled domain data

[TheLinuxSRC]

Redirecting me to the internet's most popular search engine when *no* DNS record is available is an order of magnitude different from redirecting me based on a "typo" -- how do they know it was a typo? That is before I have to worry about my browser reporting my surfing habits to MS.

In fact, as of yet, Google still (in my book - the whole China thing has nothing to do with me and it is not my place to impose my values on another country, regardless of how I feel) hasn't done anything evil. MS, IMHO, on the other hand, hasn't done a lot that *isn't* evil.

Re:Misspelled domain data

[TenLow]

While your sarcasm is not lost on me, I must say I trust google more than I trust microsoft with that data.

Re:Misspelled domain data

[Bing+Tsher+E]

if there had been no Microsoft, there would be no advancement in computing.

That's a ridiculous notion. But it is worth expanding on a little. One of the best things Microsoft did for 'computing' in the last decade was continually push the 'bloatware' envelope.
By producing turgid bloated apps and 'Desktop Environments' they forced rapid obsolescence of hardware in many large enterprises. Which drove a rapid hardware obsolesence cycle. End result? At least from where I am sitting, it meant lots of 'old' machines for Linux and BSD operating systems.

A good parallel to this is in WalMart. In my community, there is a building that now has a thriving flea market operating out of it. Lots and lots of vendor booths with a ton of options for all sorts of purchases. That building was constructed by WalMart, who after a time moved to a new, bigger building. People bemoan what WalMart does to 'Main Street' but in at least some instances their entry and motion within a local marketplace eventually drives down the cost of retail space to the point where small innovative marketplaces can grow.

I liken this to the same thing that Microsoft has done: driven the computing hardware market into becoming a broad and cheap commodity business. Which free (in all senses) OSes can and do expand into. I'm typing this on a machine running NetBSD that is a Dell PIII box that I paid less than $10 for at an auction. It was no longer suitable at the school it came from to run Windows Bloatedness.

To roughly paraphrase the dolphins in a Douglass Adams book: "So long, Bill Gates, and thanks for all the hardware."

That's really the main way that I see Microsoft as 'advancing computing.' They are trailing edge in almost all ways. Anything 'cool' they do, they buy in or copy from somewhere else.

Re:Misspelled domain data

[Columcille]

My home town's first old wal-mart was turned into a textile store, a pub, and a bowling alley. Their second building was torn down with something else built on the property. Wonder where the third will go.

Re:Misspelled domain data

[MyLongNickName]

Ah, yes, young and gulible. Maybe you trust the current owners. Will the current owners be able to resist shareholder pressure? Will they always be the owners? Will they decide to find new challenges once they have mastered the web? Will they live forever? Will that data magically disappear once new owners take over?

If I've learned anything about history, it is that power corrupts. Religous, secular, white, black, rich or poor, it does not matter. Give it time, and Google will abuse their power.

And the difference between microsoft and Google? Your data lives on Google's servers.

Re:Misspelled domain data

[einhverfr]

What will happen to my idea for a political satire site at ww.WGoOgle.com. Am I not allowed to do such satyrical references to the president of the US?

Re:Misspelled domain data

[cammoblammo]

Hmm. Have you ever tried a google search for "http"? Try it--it's safe. I still can't work out why the top answer is what it is though, especially when none of the other engines--even MSN--return the same result.

Consider that some browsers (well Firefox anyway) will do a Google "I Feel Lucky" search on misspelled URLs. What happens when the first recognisable term is "http"? That's right...

Re:Misspelled domain data

[ketralnis]

"You typed 'www.google.com'. Did you mean 'www.msn.com'?"

Re:Misspelled domain data

[Vlad_the_Inhaler]

Hmmm, I just tried www.goggle.com (no. I am NOT supplying that as a link).

It claimed to be a spyware detection site and tried to download some .exe file - automatically - onto my PC. I can see the advantage of blacklisting *that* sweetie.

Re:Misspelled domain data

[ScottyH]

You're right.

And doesn't this seem like a technology that could be entirely implemented on the client? Why even have a "database" unless you're watching people?

Re:Misspelled domain data

[ScottyH]

Just thought about it...and yeah, ignore that.

I haven't had a coffee yet.

Re:Misspelled domain data

[ArtStone]

Moderately good chance it DID successfully install an activeX control even without your consent.

A neighbor of mine made that typo year or two ago and her Windows98 computer quickly filled up with adware/spyware.

Making it more obnoxious is if you have the history feature turned on, when you type go.... it will "guess" you wanted goggle com rather than google.com once you have visited the wrong site... (until you flush the history)

Where is Elliot Spitzer when you need him?

Re:Misspelled domain data

[Vlad_the_Inhaler]

Does activeX run under Linux?

In other words: nope, absolutely no chance at all.

I just looked the domain up,
                Registrant:
              Knowledge Associates
              PMB # 308 94 Gardiners Avenue
              Levittown, NY 11756-3753
              US

              Domain Name: GOGGLE.COM

              Administrative Contact , Technical Contact :
              Knowledge Associates
              knowledgeassoc@yahoo.com
              PMB # 308 94 Gardiners Avenue
              Levittown, NY 11756-3753
              US
              Phone: (800) 795-0571
              Fax: 123 123 1234

              Record expires on 13-Feb-2012
              Record created on 14-Nov-2003
              Database last updated on 12-Jul-2004

It redirects to lsjmp.com, looking that up:
                Registrant:
              SRC Technologies
              ATTN: LSJMP.COM
              c/o Network Solutions
              P.O. Box 447
              Herndon, VA 20172-0447

              Domain Name: LSJMP.COM

              Administrative Contact : SRC Technologies, SRC Technologies
              cw4jh9re977@networksolutionsprivateregistration.co m
              ATTN: LSJMP.COM
              c/o Network Solutions
              P.O. Box 447
              Herndon, VA 20172-0447
              Phone: 570-708-8780

              Technical Contact :
              Network Solutions, LLC.
              customerservice@networksolutions.com
              13200 Woodland Park Drive
              Herndon, VA 20171-3025
              US
              Phone: 1-888-642-9675
              Fax: 571-434-4620

              Record expires on 12-Jun-2006
              Record created on 12-Jun-2003
              Database last updated on 04-Nov-2004

So tell me what they get up to is legal in the US.

That sure is a good headline

Anyone who does that job is most definitely a tool.

Yes

[temojen]

What if I really wanted to go to goggle.com? (don't, it tries to drive-by install something when you leave.)

Re:Yes

[TwilightXaos]

That doesn't mean my browser should atempt to prevent me from going to it.

Re:Yes

[temojen]

That's what I meant.

Re:Yes

[Random+Destruction]

uh. then don't install this software?

Re:Yes

[Frumious+Wombat]

That depends; you're sitting at home and are your own tech support, then you're right. Go wherever you want.

You're on some sort of managed network, such as a business or university system, which is networked intimately to many other systems and has administrators who will have to clean up the machine when you're done, then your browser should prevent you from going to a known malware site. Sorry, I used to have that job, and began thinking, "maybe if I make them all use Lynx and Pine for web and email, this nonsense will stop".

Like most Microsoft innovations, this one is pitched to the home user, to build mindshare, but is really aimed at corporate environments. Don't be surprised if you work at United that if you type http://www.untied.com/, you somehow end up back at United.com. Similarly, small dot-coms might redirect F*d Company's website to wemotivate.com.

first one up:

[Lxy]

"www.google.com"

Did you mean "search.msn.com"?

Re:first one up:

[dancpsu]

or at least www.googol.com

Re:first one up:

[ch-chuck]

have you every tried www.goggle.com ?
It's pretty bad. A popup got around firefox, automatically starts a file download gsetup.exe, etc.

Re:first one up:

[Khaed]

Didn't for me.

Re:first one up:

[kabz]

Wow, it did for me and I'm using Safari on a Mac !! It waited a few seconds then I got the familiar this file contains an application message. That is scary.

Re:first one up:

Here's my (Score: 0, duh) tidbit for the day:

Whenever I'm unsure of the spelling of a domain name, I hit my google toolbar bookmark and type the name of the company as a query. Most of the time the top link is the site I'm looking for, but I've been surprised quite a bit lately. Anyway, once I decide a site is worth going back to I just add it to my bookmarks; however, recently I've been lazy... so lazy in fact that I've accidentally typed google in my query at least half a dozen times. :(

Re:first one up:

[deathy_epl+ccs]

You'll pardon me if I don't test this. ;-)

Re:first one up:

[Akaihiryuu]

Tried it. Firefox does state that it's attempting to download a file and asks for a location to save. I'm sure it's malware, but it would take effort on the part of a Firefox user to install it. They'd have to save it to the dekstop and knowingly execute it.

Re:first one up:

[DeafByBeheading]

Even better, they should correct it to the "proper" spelling and send people to googol.com...

Re:first one up:

[g2devi]

Actually, it's more like:

Clippy pops up and says:
"You seem to be trying to access search.msn.com, but have mispelled it as google.com. Would you like to go to search.msn.com right away or visit one of the great set of beginner videos on MS' website that teach you about all the cool features of MSN?
[Go to search.msn.com] [View video training] [Change Clippy Icon to XP Dog Icon]
"

Re:first one up:

[stunt_penguin]

'www.openoffice.org' Did you mean 'http://office.microsoft.com'?

Re:first one up:

[Prof.Phreak]

And... they claim to remove such software. Wow.

Re:first one up:

It is not a popup:

meta http-equiv="refresh" content="10;URL=http://spybouncer.com/gsetup.exe"

Re:first one up:

[Inigo+Montoya]

I've watched my wife surfing in the past, and when *anything* popped-up she clicked ok; I freaked one time as she clicked 4 pop-ups out of the way before I could cross the room. I gave her a lecture about spyware, malware, etc. and she was all open-eyed and "OMG, really?" and now she calls me whenever something pops up on her screen.

The point is, many, many people are not computer savvy and regularly just accept the pop-up, click it to get rid of the "annoyance factor", and get on with whatever they were trying to do.

This kind of stuff catches a lot of people, and the creators know it.

Re:first one up:

[marcosdumay]

Tried that (with FF 1.5.01), and got a blocked popup, and Firefox asked me what to do with a file. Quite normal behaviour, take a look on your configurations, to see if you didn't have a default action for .exe files.

That said, the page is obviously phishing. The download is probably a piece of spyware, and lots of IE systems will probably run it without user intervention, and lots of users will probably click 'Yes' on the box "Are you sure you want to run this program?" without reading.

Re:first one up:

[imess]

that's probably why you need noscript
(with scripting on it prompts me for the gsetup.exe download)

Re:first one up:

[Bing+Tsher+E]

I tried it and indeed it popped up a save dialogue. I don't have Wine installed, though, so I am fairly safe. It isn't really a 'popup' in the sense most people think, of course, just a query from Mozilla asking how to handle that file time. Could be dangerous for people who run the wrong OS and have already selected the 'Always perform this action' to get the 'popup' to stop bugging them.

Goes with the baggage, I guess, of running an insecure OS where anything with an .exe extension runs as root on many, many, workstations.

Re:first one up:

[qzulla]

spyware, malware, etc. and she was all open-eyed and "OMG, really?" and now she calls me whenever something pops up on her screen.

I bet that keeps you hopping off your chair.

qz

Re:first one up:

[lucas+teh+geek]

hehe... they claimed to do a scan of my computer, scanned my registry and found 68 spyware entries... funny, i didnt think os x had a registry, I guess I need their software :P

Re:first one up:

[typical]

This is a good sign that people designing web browsers have screwed up the security aspect of their UI.

The typical user should not be one unintuitive click away from screwing up their computer.

Re:first one up:

[jweatherley]

I liked the way it scanned my Mac's registry - vary clevar.

Re:first one up:

[WWWWolf]

have you every tried www.goggle.com ?

Whoa. If this were thedailywtf.com, so many obvious phrases could spring in mind... like "the goggles, they do nothing..." =)

(Well, I tried it in Firefox in OSX and it tried to download the program, but I didn't get to see this glorious site at all in elinks in Linux... =)

And it's just typical crummy rogue anti-spyware site too - I'd guess people would be cautious to install a program that got installed the same way as the spyware itself, but regrettably sometimes logic fails.

Re:first one up:

[zcat_NZ]

I was pretty impressed how far it got in wine too! :-)

Re:first one up:

[nugneant]

I've watched my wife surfing in the past, and when *anything* popped-up she clicked ok; I freaked one time as she clicked 4 pop-ups out of the way before I could cross the room. I gave her a lecture about spyware, malware, etc. and she was all open-eyed and "OMG, really?" and now she calls me whenever something pops up on her screen.

Similar story with my girlfriend. One day she's browsing the web, and from across the room, I hear "OMG, PONIES!?!/1/11?1/11!?!?!?11?!"







(Actually, it wasn't really my girlfriend, I just read Slashdot in a high pitched voice... an old habit from the days of timothy and John Katz, I suppose :-\ ).

Re:first one up:

[Bloke+down+the+pub]

I second everything you said. Why there isn't an option on IE to disble any and all auto-installs is beyond me. The option "Enable install on demand" whose name might make you think does that just blocks foreign language fonts.

I also agree with the grandparent - many people click OK first and think second, if at all.

Sounds great, but may be damaging to some

[macklin01]

This sounds like a great idea, but I can see some legitimate causes being harmed. For instance, Untied.com is a typo of United, which is used to protest some labor practices at United Airlines.

I guess the question is, how is MS going to determine the legitimate misspellings from the illegitimate misspellings? Certainly United doesn't like the misspelling above, but it's not anti-consumer like misspelling a company name and winding up at a spam site, or worse yet, a phishing site. -- Paul

Re:Sounds great, but may be damaging to some

[Brobock]

Perhaps the user wanted to go to untied.com instead of united.com; It works both ways. Since "untied" is a dictionary word, this would most likely not cause any issues.

Re:Sounds great, but may be damaging to some

[Ardx]

I would the way they will deal with typos is very similar to the phishing filter in IE7. And if a site is a valid site rather than a typo and is mistakenly marked as a typo farm, you will be able to email them and have them verify your site is not a typo farm and they will remove it. A very similar thing happened to my business site. The phishing filter marked my contact page as a phishing site, I emailed them and very quickly it was no longer reing reported as a phishing site. Keep in mind, while it may be amusing to think of MS marking google.com as a typo farm, I would expect them to be very careful with the major sites because they are sure to not want the negative publicity to overshadow this nice attempt to protect users.

Re:Sounds great, but may be damaging to some

[yakhan451]

Easy. Add a frame to the top of the page that says "This may have been a typo, did you mean [whatever]?" with a link to dismiss the frame if that's not what you meant.

Like the frame images.google.com adds to the linked site.

Re:Sounds great, but may be damaging to some

[poolmeister]

It seems many are misunderstanding the concept here.
This wouldn't be a tool that checks your spelling like Google search.
It sounds as if this is simply a tool to block sites that have been blacklisted by MS that take advantage of & make revenue from people's URL typos, I would imagine the definitions would be automatically updated.

Anyway... why would this tool need to query MS with a URL when IE already does that by default (see the 'Just go to the most likely site' option in IE's advanced settings).

Re:Sounds great, but may be damaging to some

[IndigoParadox]

So is goggle.

Re:Sounds great, but may be damaging to some

[ELProphet]

I didn't read the paper yet, but if I were doing this I'd run a bayesian style filter over the site, and decide if it has harmfull JS/ActiveX or an unusally high number of advertising-style links. If the site "looks" like a spam/malware site, pop up a window saying it looks suspicious; let the user decide yes or no. Put the option in a white/black list, and you're set.

Re:Sounds great, but may be damaging to some

[coolcold]

Keep in mind, while it may be amusing to think of MS marking google.com as a typo farm, I would expect them to be very careful with the major sites because they are sure to not want the negative publicity to overshadow this nice attempt to protect users.

Sorry, that was a software glitch.

Swipe at Google?

[dannytaggart]

Is this a strategic swipe at Google's ad revenue for parked domains?

Re:Swipe at Google?

[modecx]

Is this a strategic swipe at Google's ad revenue for parked domains?

If it is, then goddamnit, it's about time. Frankly, I don't even have a problem with Microsoft doing it, if it makes Google get off its ass and fix the issue.

Re:Swipe at Google?

[pilkul]

Google has no intention of fixing it, they even offer a special service for domain squatters.

Re:Swipe at Google?

[modecx]

Oh, I know all about it. That's why I say that I'm fine if MS directly motivates google to change that practice, or they indirectly solve part of the problem by depreciating the economic value of having tons of parked domains to near nothing, thereby motivating google and other advertisers.

Not the same goal

[Stealth210]

Verisign redirected you by DNS, this seems like more of a client side tool. I wouldn't have any problem with it if it was an optional Windows setting or uninstall tool.

I'd be more concerned about phishing

[jfengel]

Ending up at a link farm isn't any fun, but at least it's not dangerous. But you're told to type URLs from email rather than copy-and-paste, and then you risk being screwed by your own typo. Even going to your own bank is risky if you type without consciously typo-checking the URL.

Re:I'd be more concerned about phishing

[dg41]

I dunno about it not being dangerous. I've hit those link farm pages before, and they've tried to install spyware or change homepage or do other malicious things (this was pre-Firefox days for me, at least).

Re:I'd be more concerned about phishing

[dascandy]

Say, going to the www.bankofthevvest.com site...

In a recent research, over 90% of people read that as www.bankofthewest.com and continued to use it...

Re:I'd be more concerned about phishing

[MarkByers]

Even going to your own bank is risky if you type without consciously typo-checking the URL.

You only have to make sure you type it correctly the first time, then after that you can use auto-complete.

Argh! Dupe!

[RobertB-DC]

I thought for sure that there would be enough Subscribers send email to the DaddyPants address that this one would be yanked.

Well, for reference, here are all the +4 and +5 comments from last week's installment of this story, so you karma whores can repost them and hope the moderators don't see through your ruse...

Microsoft 'URL Tracer' Hunts Typosquatters

Meanwhile, you can blame me for jinxing it.

Ghost Article: M'soft Tool To Help Users Avoid Typo Domains

Oh, how awful!

Apparently, there's concern in Redmond that IE users are being exploited by companies running ad farms on typo domains.

How dare those other companies! Nobody's allowed to exploit Microsoft's users except Microsoft!

Is there really need?

[cazbar]

I have relatives that are not computer literate. But when they visit a website by typing in its URL and they see a site that isn't what they were expecting, they know to check the spelling of the URL. As far as they are concerned, it's like dialing a wrong phone number.

It seems to me that Microsoft is wasting resources on something that isn't really necessary.

Re:Is there really need?

[TwilightXaos]

That isn't the problem. But what if some computer naive, but otherwise intelligent, person types in their bank address as

www.compasbank.com

An easy mistake. Then, instead of seeing a site that installs XYZ spyware, they see a site that looks exactly like the real site

www.compassbank.com

So they enter their password for online banking, because the site has the little lock in the browser window meaning it is a secure connection. Now, the owners of the fake site have the banking info, including account numbers, of the person.

I am not saying this is a good idea. But, I believe the case you describe is not what it's originators were thinking.

Re:Is there really need?

[athmanb]

But the issue is that alone by having typed in that domain, they have made money for its owner. Multiply that by 10,000 and you have already made a profit over the registration cost of the domain itself, and common typos of popular domains can easily make you a hundred times that many visits.

Re:Is there really need?

[techno-vampire]

But the issue is that alone by having typed in that domain, they have made money for its owner.

Yes, but that money didn't come from their pocket, did it? It came from the advertisers and was wasted because they ignore the ads and go away. Yes, some sleazeball made a fraction of a cent, but it came from another sleaseball, so who really cares?

Re:Is there really need?

[robogymnast]

The concern is that their misspelling could lead them to a phishing site that looks nearly identical to whatever site they were trying to visit. For example, say they are trying to go to www.bankofamerica.com and accidentally type www.bankoamerica.com, which could be a phishing site. Once they enter their account info they are screwed. This seems like a good idea to combat all the scammers registering typ domain names, although Microsoft is the last one who I trust to implement a fair system.

Re:Is there really need?

[Bing+Tsher+E]

Now, it seems that both you and I agree that advertisers on the web are sleazeballs. The problem that comes into being is that some of said sleazeballs wear a suit and necktie to work each day. So there will be a concerted effort to 'clean up' (so to speak) this problem. When you're running a well-established swindle racket, part of your job is to slap down competitors who operate less smoothly operating rackets who will wreck it for you.

In other words, Microsoft has a good market for this tool, besides the victims.

never heard of

[Janek+Kozicki]

oh, he said something about linux, I wonder what's that? Let me try and check this (types linux.com in browser). Hmm it's just some typo, maybe I haven't heard him clearly, oh well...

Oh, you mean like redirecting MikeRoweSoft.com?

[Crouty]

Stupid parents to have their son's name collide with phonetics of Microsoft.

Re:Oh, you mean like redirecting MikeRoweSoft.com?

[drinkypoo]

No one is going to typo Microsoft and end up with MikeRoweSoft. Someone particularly stupid might spell Microsoft that way, but that's a problem you just can't fix :P

Re:Oh, you mean like redirecting MikeRoweSoft.com?

[Tim+C]

Stupid son to name his company that way knowing full well how Microsoft would react - really, how any company in their position would react.

Besides which, classing mikerowesoft as a typo of microsoft is a stretch even by slashdot standards...

Re:Oh, you mean like redirecting MikeRoweSoft.com?

[Crouty]

Mike Rowe has all right to own and use a domain named mikerowe.com, more than Microsoft has at least. Heck, more than Microsoft has to use microsoft.com. Again, certain priviledges seem to be a matter of money, not only in some corrupt dictatorships but also in the western world.

Re:Oh, you mean like redirecting MikeRoweSoft.com?

[Tim+C]

No-one said that he isn't entitled to own and use the mikerowe.com domain; what is being argued is that a decade or so after Microsoft became a household name he does not have the right to use the domain mikerowesoft.com for a software consultancy business.

Try setting up a delivery and courier service at the domain fredex.com and see how far you get, even if you name is Fred Ex...

Re:Oh, you mean like redirecting MikeRoweSoft.com?

[Crouty]

Try setting up a delivery and courier service at the domain fredex.com and see how far you get, even if you name is Fred Ex...

Where did you get my... oh, never mind *whistle*.

I agree I would not get far. Still I refuse to accept the combination of greedy brand owners and stupid web users to be a sane basis for domain jurisdiction. First come first serve would be totally ok if I was to decide.

Re:Oh, you mean like redirecting MikeRoweSoft.com?

[zcat_NZ]

Similar but real example.

A shot at Google

It may not look like it, but this is a strategic move against Google.

Google makes a significant amount of money of bulk domainers. Domainers are people who buy domains in bulk, expecting to make revenue off inexperienced users tying words directly into the URL bar, variations/misspellings on popular domain names etc). An example is something like http://www.bloggerforums.com/.

By making users aware of what's going on, they'll be more likely to fix the problem themself (instead of clicking one of the sponsored links by Google), thus cutting a part of the revenue stream. (How big? Well, Google obviously isn't going to say, but it's estimated to be way into the hundred of millions.)

Re:A shot at Google

[fastgood]

instead of clicking one of the sponsored links by Google

Google's own toolbar shows a little green graph from 1-10 for a page's popularity.
A popular site typo would be 7+ notches lower (Windows Update is a "4" now?!)

Re:A shot at Google

[croddy]

That doesn't make it a strategic move against Google so much as a strategic move against cruft that nobody wants to see. If Google is indexing this crap, and their business somehow depends upon it (which is unlikely), then that's their problem.

Re:A shot at Google

[daeg]

Little is the key there. Google also serves over 3 million domain names under their AdSense program for parked domains. They serve parked domains, which serve the typo domains, and make legitimate domain holders buy AdSense words to redirect typo domains to their real website. Users click, Google gets paid. Mad cash.

While the toolbar is cool, that won't stop my grandmother from mistaking her bank's website. Icons don't cut it, unfortunately you have to be abrassive with this otherwise users will ignore the warning signs.

Re:A shot at Google

[deepestblue]

Am I only one that thinks this somehow contradicts Google's "Do no evil"?

Re:A shot at Google

[just_another_sean]

Am I only one that thinks this somehow contradicts Google's "Do no evil"?

What, you mean Microsoft is being evil by doing this? While that wouldn't suprise me in the least I'm not sure I follow you...

Re:A shot at Google

[magicchex]

Come on man... he's talking about what Google is doing.

Re:A shot at Google

[just_another_sean]

I guess tags really are necessary...

There is a much easier way....

[wowbagger]

There is a much easier way to block 99% of the typosquatters - they have a very small number of IP addresses they park their domains on.

Block those IP addresses, block the squatters.

Check it out for yourself - fire up your favorite DNS query tool, and plug in some typos.

pron.com

[klenwell]

will typing pron.com send me to porn.com? or vice-versa?

Tom

Re:pron.com

[tidokoro]

just bookmark it like I do

Re:pron.com

[yoprst]

It'll send you to pr0n.com.

Tough Calls

[wuffalicious]

Microsoft domain corrector has detected that you may have mis-typed your desination address.

You were trying to access, "whitehouse.gov".
Did you really mean, "whitehouse.com"?

Re:Tough Calls

[madaxe42]

When did whitehouse.com stop being pr0n?!

not just typos

[sloths]

I really hate domain squatters. It's not just typos, but just cool domains that could be used for a legitimate site are just ads. IE the.com, yeah.com, sloths.com... Actually one time I was snooping around the directories of sloths.com looking for contact info to see if I could buy the domain when I came across a sql.txt file that told me their passwords.

I've emailed Google several times about this awful program. I hate all forms of advertising, but it just makes me mad to see cool domains used for illegitimate purposes. People say it's just another business, but they are stupid.

I wish they have a funky paper clip that says:

I wish they have a funky paper clip that pops up and says:

Hi there, I noticed you are about to visit a TLD web-site.
The address www.apple.com/macosx appears to be a misspelling of the address of a legitimate site http://www.microsoft.com/Genuine/.
Sites that use spelling variations of legitimate sites and companies may be used in "phishing" schemes to trick users into revealing their access accounts, credit card data, and other personal information.

• To learn more about online "phishing" click here

• If you understand the security implications of visiting potentially dangerous sites, and still wish to continue to www.apple.com/macosx, click here

• If you wish to be redirected to the original site http://www.microsoft.com/Genuine/ either click here or simply wait 5 seconds.

Wonder if they'd open the protocol / database

[babaloo]

If Microsoft would open the protocol and/or the database there could be a way to implement this in other browsers too. Perhaps a web service. If they really think this is that big of a problem then a free service would convince me they're serious.

Re:Wonder if they'd open the protocol / database

[badboy_tw2002]

Oh come on, this gives IE a competitive advantage. No way they open it up for competing browsers. This is Microsoft! You must be thinking of their lesser known competitor Microsft and their mostly accidentally used product Internt Explrer.

Only a band-aid

[Fastolfe]

This problem exists because users seem to place an unhealthy emphasis on a DNS domain name as a web topic. Perhaps we should be looking at ways of de-emphasizing a DNS domain name's importance in identifying content and start looking for ways to let users find specific pieces of information in a reliable manner using some other tool (such as an X.500 or LDAP directory of official organization names, registered trade marks, service marks, etc.).

Until users stop thinking that they can just add a .com to their search term and get "official" content, this will remain a problem. Determining what domain names are squatters and what domains aren't is fairly easy today, but it will only be a matter of time (and a brief amount of time at that) before these typosquatters just dress their pages up to look a little more substantial and your horribly subjective test will start to fail.

Hose IE

[peterfa]

I cannot remember all the times when I made a mistake and went to one of those "search" index sites because I know they will hose up your IE. I panic and just shut off IE as hastily is I can. I know a spyware-hosting site when I see one. I still panic when it happens to me when on Linux using FF or Konquorer. I don't use IE, not just because I don't use Windows, but because it gets pwnd all the time.

Good MS

[Ramble]

Honestly, I think this is a good thing. MS is going to the root of the cause, which is when ol' Joe Sixpack types in google but misspells and downloads personal search bar from some random IP address.

This along with the phishing filter will hopefully solve alot of web crime and issues like that.

Re:Good MS

[FormOfActionBanana]

No. When Joe's 10 year old kid makes a typo.

Look at this shit:
http://research.microsoft.com/Typo-Patrol/screensh ots.htm

Silly rabbit!

[Weaselmancer]

That's what VMWare is for!

Say good bye to...

[ZSpade]

MikeRoweSoft.com

What's the difference between...

[MacDork]

a man and ET? ET phones home.. ;-) As I'm sure IE does :-( As for finding what misspelled domains are most common, you could do that with a little DNS cache snooping. I'm sure the typo squatters have been doing it for ages.

I must be missing something

[trawg]

Aside from phishing attempts, which is a legitimate concern (but imo should be addressed by the company that is getting spoofed), what is the big deal about typo squatting?

I enter in a lot of my URLs by hand. I frequently make typos because I was typing them too fast. I see a page that isn't what I was expecting or that is obviously a link farm, I just re-type the URL.

Or I use bookmarks. Or I use Google.

I see you're trying to type Firefox ...

[WillAffleckUW]

did you mean Internet Explorer?

Where's it going to send you?

[techno-vampire]

Let's say you want to go to www.omgponies.com and typo it as omg!ponies!.com. Where do you end up going, and do you really deserve to be there?

Win-Win/Win-Lose?

[OverflowingBitBucket]

Well, I'm for anything that will stick it to site-squatting parasites. I had to go with my second choice when naming my game suite because a link-farm scum was sitting on the domain I wanted.

Mind you though, there's a pretty big potential for abuse. What will the protection fees be against ending up on this list?

Seems like win-win from Microsoft's POV though. ;)

Yes.

[madaxe42]

Yes. Last night my girlfriend was looking at booking hotels in Italy - she's a barrister, so definitely not short of intelligence.

She repeatedly mistyped domains and then totally failed to recognize that she was on a spam ad-farm site - my mother does the same. So does my housemate... People seem to really not notice this kind of thing in the slightest. It's the old 'I don't understand computers therefore I'll play dumb' routine.

Re:Yes.

[Bing+Tsher+E]

It's the old 'I don't understand computers therefore I'll play dumb' routine.

Actually, it's the old 'I am not a hopeless nerd who interacts on a near social level with a crummy piece of hardware and thus I don't "understand" this arcane piece of equipment' routine.

Most people aren't capable of servicing the office photocopier, either. There's a blue collar guy with a toolbox to take care of that.

Where do you want to go today?

[nurb432]

We think you are trying to type in 'www.microsoft.com', please wait while we take you there.

"there's concern in Redmond..."

[FFFish]

"Apparently, there's concern in Redmond that IE users are being exploited by companies running ad farms on typo domains."

It occurs to me that the only people dumb enough to use MSIE these days are precisely those sorts of users who would be susceptible to the advertising on linkfarms.

I'm not sure whether to praise Microsoft for trying to protect the retards from themselves, or to curse them for defeating the net's version of Darwinian selection...

Re:"there's concern in Redmond..."

[typical]

Having the browser do spelling correction is not something I have a real problem with.

Verisign was a big problem because it was screwing with important mechanisms that people rely on. Having a web browser do this may be:

* a violation of your privacy

* providing valuable marketing data to Microsoft

* An attempt to squeeze Google out of the market by taking advantage of the fact that by default, Microsoft controls whatever gets entered in the URL bar.

* Not likely to be that helpful.

* Promote misspelling and typing. If you never get any negative feedback, you never learn the correct spelling -- from your standpoint, the alternate spelling *is* correct and took you to the right website. I suspect that widespread use of Word AutoCorrect is the single greatest driver of people being unable to avoid typing "teh".

However, this at least doesn't break other people's systems.

drive me crazy

[f1055man]

the solution is going to be worse than the problem. If I make a typo and go to the wrong site, big deal, it takes 5 seconds to correct it. Now I'm going to be nagged all all the time, well i would be nagged if used microsoft or explorer. Sounds like clippy is expanding his empire of annoyance.

lawsuit-bait

[TheSHAD0W]

I'm betting that, despite this being an "optional" tool and users' voluntarily installing it, Microsoft will be sued by several companies who protest that their domains are legitimate despite appearing to be misspellings of other, more popular domains. And they have a point, too.

Yippee

[frostoftheblack]

Any typo that starts with "m" will obviously point to www.microsoft.com. And also any typo that starts with "n" too because it looks like "m".

Re:Yippee

[cybertears]

don't forget domains that start with RN, because rn looks a lot like an m also.

Censoring the Net?

[RecycledElectrons]

If you type in www.Knopper.Net, you go to www.Windows.com right?

Nothing is going to change until we shoot the bastards.

Andy Out!

Re:Censoring the Net?

[RecycledElectrons]

Jorgie,

I wish you would read my reply before posting.

MS put a system in place where you could be redirected from a domain they found unsavoury (a "type-oh" domain) to one they aprroved of.

As someone who was sued repeatedly by the BSA (business software alliance) for "piracy" because I did not pay a BSA company for my operating system (which was Slackware Linux 3.4)

I do not trust MS. They WILL use this to censor GPLed software and to promote their own software. They WILL use this to censor sucks sites. They WILL use this to shut down free speech. They WILL use this to censor their copmetitors.

As to your insane point that it is not turned on by default, you know that every encroachment on our freedom starts as "voluntary" and turns into "voluntary, but a PITA to turn off" and finally moves to "voluntary, with a gun to your head." See "voluntary copmliance" with the IRS. My compliance has never been voluntary, and never will be. It's just that they (the IRS) out gun me ... for now.

Andy Out!

But wouldn't Bill Clinton...

[katchins]

...really want to go to whitehouse.com instead of whitehouse.gov? ;-)

Re:The ones I hate are ones that are based off MS

[WindBourne]

The internet is fine. It is the OS that sux. People go after it because it is an easy target.

It is good to know

[ericdano]

It's good to know Microsoft is working on products like this. Really. I mean, instead of getting Vista back on schedule, they want to release things like this. Or spend money on their People Software ads.

It's sad. I think this is a Titanic starting to sink.

MS tool?

[zippthorne]

Why would you use a program called MS Tool? anyway, isn't that name a bit.. redundant?

Obviously it is a fake

[cgenman]

Or else the application would be called gsetup_beta.exe

Could be a good thing

[Warskull]

I think a lot of people are looking at this the wrong way. It seems to be optional. I know many people run ad-blocking software with their browsers due to all the obnoxious banner ads and flash ads floating about the net these days. Many of these people use filter sets that are provided by someone else. This could work quite well if Microsoft allowed the users to have custom filter sets and was easily turned off. If implemented the wrong way, yes it could be ridiculously obnoxious. At the same time if implemented properly it could be a nice feature. Worst case other web development teams can steal the idea and implemented it well if Microsoft doesn't.

I see

[penguin-collective]

User: Control-L www.linux.org Enter
IE: This is a typo-squatting domain. You really meant to go to www.microsoft.com

Seriously: for software to try to determine whether two service names are confusingly similar is a really bad idea; this area is regulated by trademark law and the courts are responsible for enforcing it. What software can do is help trademark owners identify potentially confusingly similar domain names prior to going to court.

Intermediate jump

[Quizo69]

Actually the spybouncer page is called from:

hxxp://lsjmp.com/12/135.htm?r=135&u=519

which is in turn called from:

hxxp://www.goggle.com/

Put "spybouncer" and "lsjmp" in your ad filters to stop this (I added them to my Proxomitron filter set).

Re:Intermediate jump

[Quizo69]

Sorry to reply to my own post but also add "leadsponsors", the company that seems to own lsjmp.com. Perhaps if we shame these companies in public they'll stop this sort of behaviour. I know, pie in the sky idealism, but perhaps Slashdot can be used for some good:

Go forth my /. pretties, kill, kill!!!

http://www.leadsponsors.com/ :D

concern in Redmond

[rs232]

"there's concern in Redmond that IE users are being exploited by companies running ad farms on typo domains"

You mean like typing HTTP://HTTP:// and getting redirected to WWW.MICROSOFT.COM

Simple explanation

[Mateo_LeFou]

Didn't that company -- the one that comes up first in the results -- invent http? And/or didn't they purchase it? embrace it? extend it? etc.?

Re:Steve Ballmer Microsoft tool?

[Agret]

I thought he'd say something along the lines of "I'm going to fucking bury that URL, I have done it before, and I will do it again. I'm going to fucking kill typos"

Re:That's odd...

[Rod.Dorman]

I thought Verisign handled non-existent domains by redirecting them all to a "buy this name" ad page. Or is that just the non-typo names?

It was all non-existent .com and .net domains. Visit http://www.icann.org/topics/wildcard-history.html if you want the gory details.

Favorite typo domain

[bizitch]

http://www.untied.com/ - which is just a merciless basher site of United Airlines (i.e. http://www.united.com/

It's sad and hilarious - United Airlines completely sucks

Re:The ones I hate are ones that are based off MS

[TheSpoom]

Install Firefox and use WindizUpdate next time. No need to use IE for anything except browser compatibility checking now.