Slashdot Mirror

← Back to Stories (view on slashdot.org)

Small Businesses Worry About MS Anti-Phishing

Posted by kdawson on from the green-means-good dept.

prostoalex writes "Ever get that warm feeling of safety, when the anti-phishing toolbar on Microsoft Internet Explorer 7 turns green, telling you it's safe to shop on the site you're visiting? Well, you probably don't, but the millions of Internet users who will soon be running IE7 probably will be paying attention to the anti-phishing warnings. WSJ.com is reporting on how Microsoft is making it tough for small businesses to assure they're treated properly by the anti-phishing algorithm." From the article: "[S]ole proprietorships, general partnerships and individuals won't be eligible for the new, stricter security certificates that Microsoft requires to display the color. There are about 20.6 million sole proprietorships and general partnerships in the U.S... though it isn't clear how many are engaged in e-commerce... 'Are people going to trust the green more than white? Yes, they will,' says Avivah Litan, an analyst at Gartner Inc. and an expert on online payments and fraud. 'All the business is going to go to the greens, it's kind of obvious.'"

9 of 291 comments (clear)

  1. WTF? Phising and certs are different issues. by Whiney+Mac+Fanboy · · Score: 5, Insightful

    'Are people going to trust the green more than white? Yes, they will,' says Avivah Litan, an analyst at Gartner Inc. and an expert on online payments and fraud.

    WTF? Shouldn't that read:

    'Are people going to notice the green or than white? No, they wont,' says WMF, an analyst at slashdot Inc. and an expert on stupid punditry.

    On a slightly different note, I think the submitter has gotten the new expensive secure certs gold-rush/scam confused with the anti-phishing tech. Not surprising 'cause the article melds them together in a rather confusing manner.

    --
    There are shills on slashdot. Apparently, I'm one of them.
    1. Re:WTF? Phising and certs are different issues. by Anonymous Coward · · Score: 5, Informative

      I think any comment about IE7's anti-phishing system should note that it sends every website you visit to Microsoft. If you care even an iota about the privacy of your web browsing, you should choose "no" when IE7 asks you to enable its invasive anti-phishing system.

    2. Re:WTF? Phising and certs are different issues. by thinkliberty · · Score: 5, Insightful

      This can also work 2 ways.

      Users favorite deal sites can display an error message to IE7 users that tells them their browser is defective and that in order for them to keep prices low, they will need to upgrade their web browser to Firefox to purchase anything from the site. They can also have a continue anyways button and store a cookie to not display the message again. That way when there is no green bar the users will know it is because they are not using an approved browser.

      YAY for Microsoft, let them shoot themselves in the foot.

    3. Re:WTF? Phising and certs are different issues. by ShieldW0lf · · Score: 5, Insightful

      Now there is a tangable commercial interest in creating phishing sites.

      Huge corporations that quietly invest money in polluting the internet with phishing sites that create an environment where "white = tangably untrustworthy" will see returns on their investment because this exists.

      There was a business model in polluting the P2P networks so they become inefficient services. Then there were businesses that did it. Now there is a new business model. What comes next, you think?

      --
      -1 Uncomfortable Truth
    4. Re:WTF? Phising and certs are different issues. by killjoe · · Score: 5, Insightful

      Today I was trying to use a SSH java applet to connect to a server in IE7. IE7 refused to run the applet because it did not recognize the signature. I added the site to my trusted sites list but it still refused to load it. I went into advanced setting and told it to install unsigned activex controls but it still do it. After struggling for a little while longer I installed firefox (this was not my computer) and ran the applet I needed to run. Installing firefox and then installing java took less time then my struggles trying to get IE7 to load an open sourced applet.

      All this "protection" in IE7 is there to try and limit which software you run. MS has decided that before they can beat open source they need to winnow the list of companies that deal with it and this is a good first step to do that with. If this same applet was signed by novell I am sure it would run in IE.

      --
      evil is as evil does
  2. Re:going to have come up with a better way by coolgeek · · Score: 5, Insightful

    I think there will be an obstruction of trade class action suit filed against Microsoft for this.

    --

    cat /dev/null >sig
  3. Re:How does the Phishing thing work? by Kelson · · Score: 5, Informative

    Actually there's two issues -- site verification and anti-phishing -- which are getting mashed together because they act on a similar concept (how much can I trust this site?) and display through the color in the address bar.

    White is the default state, and says nothing about the site.
    Red is when the site matches a blacklist of known phishing sites. (If you have the antiphishing turned on, it will check with MS each time you load a new page.)
    Green is when the site uses one of these new SSL certificates which provides additional data and (supposedly) has a tougher approval process in which the certificate authority does an actual background check on the company instead of just making sure they have a working phone number. One hopes a blacklist hit will trump this.

    A secure site that uses a standard SSL cert and is not a known phisher will have a white location bar.

  4. Irony by The+Clockwork+Troll · · Score: 5, Insightful

    The irony of all this, is that the only companies allowed to be deemed "trustworthy" are the corporate entities whose employees are shielded from personal liability.

    --

    There are no karma whores, only moderation johns
  5. Re:Really? by mwvdlee · · Score: 5, Interesting
    The only people this can significantly hurt are business which were doomed to fail in anycase, and scammers.


    I have a small business, legally registered, which is a sole proprietorship. Even though my business is legal and even though I'm personally legally responsible for the business I cannot get this green bar.

    I can pay the money for it (even though this starts to smell like a scam itself; pay the money for the certificate or you'll be blacklisted) and would if I could, but simply because they haven't defined rules to verify my type of business (which would be easy; My business is registered, has a clean tax-record and I can provide any identification they'd need).

    So now MY business will not get on the whitelist because THEY fail to even set the rules by which I could get on the whitelist.

    I seriously think MS should hold out on displaying the bars until sufficient rules are in place that allow all legal businesses equal recognition as such.
    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?