MSN Censors Your IM

Jamie ran across a story about censorship on MSN. Essentially, a number of suspicious strings result in silent failure of delivery. The strings are unsurprisingly things like .scr and .info. They've started maintaining a list if you're interested. Personally, I'd rather they fix the vulnerabilities that make those strings dangerous in the first place: it's not like IM is the only place a URL can get on your machine.

Re:The genius that is Microsoft...

[ChowRiit]

People always miss the point in these arguments, and say "get such and such instead" - it doesn't help, because my friends use MSN, and probably the same for most tech savvy MSN users. Sure, I'd rather use a better protocol, but I'm stuck using what my friends are on. This is the problem with "picking" an IM - the decision isn't made by you, but by the people you want to talk to who already have picked one.

Fix what?

[defile]

Personally, I'd rather they fix the vulnerabilities that make those strings dangerous in the first place: it's not like IM is the only place a URL can get on your machine.

Someone want to tell me how you fix a user who downloads and runs untrusted executable code?

I've seen plenty of Linux n00bs get tricked into running rm -rf /. Or lynx -source example.com | sh

MSN implementing filters on certain strings is just a small measure in a huge arms race any major IM system has to deal with.

PS. You can save yourself the trouble of replying if you're going to tell me Linux only allows the user to destroy all of his files and not the entire OS.

Re:Blocked firefox.exe

[KingSkippus]

If that happens to step on your personal wants, then thats too bad.

What if it steps on what I need to do my job? I'm glad I don't work for you. You seem to be one of those types that thinks that just because something can be done, it needs to be done. Pushing down the default page doesn't protect the corporate computing assets, though I'm sure that's how our desktop goobers pitched it to management. It's just one more way to control things they have no business controlling, and it impacts our productivity.

They also do thinks like push down custom Start Menu structures. Microsoft Word, for example, isn't under All Programs or even Microsoft Office like it is on every other computer. No, it's buried under "Office Applications" (not to be confused with "Business Applications," a separate directory), along with things like Adobe Acrobat and such. They've also moved Windows Explorer (the filesystem explorer, not Internet Explorer) under Accessories. If I change this to something I'm more used to, it gets reverted next time I log in. Obviously, they've also deleted and blocked Solitaire and Minesweeper from running; it wouldn't do for people to take a break from hammering their stones. The company logo is pushed out to be everyone's desktop background.

My favorite, though, is that they've decided that everyone needs a little application called Kontiki. It's a peer-to-peer video distrubtion software system that turns all of our PCs into filesharing peers for corporate videos. You can't disable it and you can't delete the videos that it pushes down. (If you try to deleting a video, the software automatically re-downloads it from--you guessed it--your coworkers computers.) I detest days when corporate videos go out. My bandwidth is sucked dry by something I neither want nor use and have no control over.

Let's see... Need more stories? How about this. They recently pushed out a piece of software called Connected Backup. What happened is that our fileservers where people's home directories were started filling up. Instead of going out and buying more hard drives or implementing quotas, they've rolled out this backup software to everyone's computer that automatically backs up your machine once a day whether you want it to or not. Now, they're telling everyone that official company policy is to NOT store important documents on the fileservers, but to store them on your local PCs. Brilliant! Of course, network traffic has shot up dramatically, and the backup servers had to have a TON of storage added to them (the data still has to go somewhere), and instead of only things that people save on the fileservers being backed up, all of their personal shit is, too.

Every day, my computer runs a Connected backup, a virus scan, a vulnerability scan, a document retention scan, a software installation scan, Notes database replication, and my Run key in the registry has around 50 entries in it that our desktop group has loaded in, and it takes around two minutes for all of the group policies and login scripts to run when I log in. Thanks to our desktop group, literally 30 minutes of my day is wasted waiting for all of that shit to run.

I could go on with the stupidity if you really want me to. You're right about one thing; they've definitely protected the corporate computing assets. People hate using their computers so much now that a lot of people I know have gone back to just leaving it on all the time for doing their timesheets, and conduct their normal business using such old school methods such as the telephone and pencil and paper. As for me, I actually do some of my work at home using my own computing resources, and the only reason I can tolerate using my work computer for anything is because I know how to get around most of the shit they try to push down on us.

The Solution!

[causality]

The solution?

Apply some idea of "common carrier" status to MSN. Like the telephone companies, as long as they do not attempt to edit or censor the content that passes through their networks, in any way, then they are not responsible and cannot be held liable for any damage caused by such content. But the moment they start taking measures like this to try to "sanitize" the content of the network, make them legally liable to pay damages for any successful attack/exploit that they are unable to prevent.

Overnight, this stupidity would go away. It would also set a great precedent for any other companies that wish to do this.