Slashdot Mirror

← Back to Stories (view on slashdot.org)

Small Businesses Worry About MS Anti-Phishing

Posted by kdawson on from the green-means-good dept.

prostoalex writes "Ever get that warm feeling of safety, when the anti-phishing toolbar on Microsoft Internet Explorer 7 turns green, telling you it's safe to shop on the site you're visiting? Well, you probably don't, but the millions of Internet users who will soon be running IE7 probably will be paying attention to the anti-phishing warnings. WSJ.com is reporting on how Microsoft is making it tough for small businesses to assure they're treated properly by the anti-phishing algorithm." From the article: "[S]ole proprietorships, general partnerships and individuals won't be eligible for the new, stricter security certificates that Microsoft requires to display the color. There are about 20.6 million sole proprietorships and general partnerships in the U.S... though it isn't clear how many are engaged in e-commerce... 'Are people going to trust the green more than white? Yes, they will,' says Avivah Litan, an analyst at Gartner Inc. and an expert on online payments and fraud. 'All the business is going to go to the greens, it's kind of obvious.'"

17 of 291 comments (clear)

  1. WTF? Phising and certs are different issues. by Whiney+Mac+Fanboy · · Score: 5, Insightful

    'Are people going to trust the green more than white? Yes, they will,' says Avivah Litan, an analyst at Gartner Inc. and an expert on online payments and fraud.

    WTF? Shouldn't that read:

    'Are people going to notice the green or than white? No, they wont,' says WMF, an analyst at slashdot Inc. and an expert on stupid punditry.

    On a slightly different note, I think the submitter has gotten the new expensive secure certs gold-rush/scam confused with the anti-phishing tech. Not surprising 'cause the article melds them together in a rather confusing manner.

    --
    There are shills on slashdot. Apparently, I'm one of them.
    1. Re:WTF? Phising and certs are different issues. by thinkliberty · · Score: 5, Insightful

      This can also work 2 ways.

      Users favorite deal sites can display an error message to IE7 users that tells them their browser is defective and that in order for them to keep prices low, they will need to upgrade their web browser to Firefox to purchase anything from the site. They can also have a continue anyways button and store a cookie to not display the message again. That way when there is no green bar the users will know it is because they are not using an approved browser.

      YAY for Microsoft, let them shoot themselves in the foot.

    2. Re:WTF? Phising and certs are different issues. by ShieldW0lf · · Score: 5, Insightful

      Now there is a tangable commercial interest in creating phishing sites.

      Huge corporations that quietly invest money in polluting the internet with phishing sites that create an environment where "white = tangably untrustworthy" will see returns on their investment because this exists.

      There was a business model in polluting the P2P networks so they become inefficient services. Then there were businesses that did it. Now there is a new business model. What comes next, you think?

      --
      -1 Uncomfortable Truth
    3. Re:WTF? Phising and certs are different issues. by tacocat · · Score: 3, Insightful

      I think you complete misssed the point.

      It's a great business model.

      If you want to buy stuff from the InterWeb thingy you want to buy from the GREEN because everyone else is EVIL.

      If you want to get more business sent your way, you have to purchase the certificates to go GREEN or else you lose money.

      So if the businesses buy in to this green craze then it starts to feed into a cyclic frenzy of cornering the purchasing power of the consumers. And everyone pays Microsoft. And that makes it a great business model.

      But we all know that Microsoft is pretty much regarded as a joke by more and more people every day. Just not enough quite yet.

    4. Re:WTF? Phising and certs are different issues. by killjoe · · Score: 5, Insightful

      Today I was trying to use a SSH java applet to connect to a server in IE7. IE7 refused to run the applet because it did not recognize the signature. I added the site to my trusted sites list but it still refused to load it. I went into advanced setting and told it to install unsigned activex controls but it still do it. After struggling for a little while longer I installed firefox (this was not my computer) and ran the applet I needed to run. Installing firefox and then installing java took less time then my struggles trying to get IE7 to load an open sourced applet.

      All this "protection" in IE7 is there to try and limit which software you run. MS has decided that before they can beat open source they need to winnow the list of companies that deal with it and this is a good first step to do that with. If this same applet was signed by novell I am sure it would run in IE.

      --
      evil is as evil does
  2. Smart enough to notice that green toolbar by namityadav · · Score: 4, Insightful

    I hope a user smart enough to notice and use the phishing feature of IE, would be smart enough to use Firefox instead

  3. Re:going to have come up with a better way by coolgeek · · Score: 5, Insightful

    I think there will be an obstruction of trade class action suit filed against Microsoft for this.

    --

    cat /dev/null >sig
  4. Countdown by DrYak · · Score: 4, Insightful

    Countdown to the phisher finding a way to subvert the system and obtain legitimate certs to green-light their scam sites :
    4... 3... 2... 1...

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  5. Re:extortion by yagu · · Score: 4, Insightful

    This isn't even a problem of "paying up".... the small one-person companies don't even qualify to get certified for the green status... no amount of money will anoint them. This is where is starts to be unfair.

  6. Sole Proprietorship by mandelbr0t · · Score: 3, Insightful

    The Forum excluded sole proprietorships, general partnerships and individuals because its members couldn't agree on criteria for validating them effectively, something some members said can be difficult.

    From TFA, this is the reasoning behind the stocking saleswoman's problems. Now, I tend to disagree that it's difficult to find criteria for validating a Proprietorship, since I've formed one myself. While getting the trade certificate and license to collect tax are easy, obtaining a valid small business bank account is not. I'm thinking that those 3 taken as a whole should be enough information to determine whether the Proprietorship in question exists and is doing legitimate business, at least here in Canada.

    I don't think Microsoft screwed up here, incredibly enough. They've released a new product based on standards (of all things!). It doesn't erroneously display this woman's site in yellow or red, and it will correctly display it in green when the forum which determined the new certificate standard makes it available to Proprietorships. The article accuses Microsoft of tilting the online commerce playing field heavily toward big business again, but this isn't really Microsoft's fault. I agree that the new certificate standard should have included everyone from the get-go, but you can't fault Microsoft for building this useful feature on the latest standard.

    mandelbr0t

    --
    "Please describe the scientific nature of the 'whammy'" - Agent Scully
    1. Re:Sole Proprietorship by John+Hasler · · Score: 3, Insightful

      > While getting the trade certificate...

      Not required in the US.

      > ...and license to collect tax...

      Not every US state has sales tax (and in those that do many goods and services are exempt).

      > ...obtaining a valid small business bank account is not.

      There is nothing especially special about a "small business bank account" here.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  7. Gartner are idiots, so relax by roca · · Score: 4, Insightful

    Users will quickly learn to ignore the status bar color just like they've learned to ignore all other security warnings (thanks to expired certificates and other false negatives we throw in their face every day).

  8. Re:Yeah, they will. by geekoid · · Score: 3, Insightful

    Green means good is pretty standard. Don't go berating the users for making that jump.

    Don't confuse ignorance with stupidity. There is a world of difference.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  9. Re:damned if they do, damned if they don't by mrchaotica · · Score: 3, Insightful
    What's the answer?

    Don't bother implementing any kind of "anti-phishing" crap and let the buyer be responsible for his own damn self for a change!

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  10. Re:Yeah, they will. by John+Hasler · · Score: 4, Insightful

    > The solution for small business will be to market through a strong co-op or
    > an established corporate partner like Amazon or eBay. The benefits are obvious

    Yes. Control. Amazon and Ebay can suck off most of the profits and prevent the small businesses from growing into competitors.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  11. Re:Spend the extra time and setup your biz correct by Silicon_Knight · · Score: 3, Insightful

    RTFA.

    You don't get a "green" cert. You get an EV-SSL, or, Extended Verification SSL. It's not like MS invented something horrible to extort money out of people. FYI, Firefox and Opera implements anti-phishing toolbars as well.

    http://www.digicert.com/ev-ssl-certification.htm

    And, guess what? cost of the EV-SSL, along with payments to banks, credit card processors, etc... are just a part of the cost of doing business.

    -=- Terence

  12. Irony by The+Clockwork+Troll · · Score: 5, Insightful

    The irony of all this, is that the only companies allowed to be deemed "trustworthy" are the corporate entities whose employees are shielded from personal liability.

    --

    There are no karma whores, only moderation johns