Copout

833786 - Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks: "You can paste the URL in the Address bar of a new instance of Internet Explorer. By doing so, you may be able to verify the information that Internet Explorer will use to access the destination Web site. In the scenarios that Microsoft has tested, you can copy the URL that appears in the Address bar and paste it in the address bar of a new session of Internet Explorer to verify the information Internet Explorer will actually use to access the destination Web site. This process is similar to the step that is discussed in 'Things that you can do to help protect yourself from spoofed Web sites' section earlier in this article."

Paste the URL?! This is Microsoft's idea of protecting its customers from a major flaw in Internet Explorer that has been known about since at least December?!

To the 95 percent of you that use Internet Explorer: First, stop. Other browsers are more secure (e.g., they can't have their home pages "hijacked" or automatically download "browser helpers" that are spyware), they offer more features (such as tabbed browsing, which sure beats having 10 tiny IE boxes on your Taskbar, and integrated pop-up blocking) and actually release updates when a major security flaw is found.

Second, stop. This time because putting an XML declaration at the top of a page causes Windows IE 6 to enter quirks mode rather than standards mode, which is a huge bug.

Third, stop. Because Microsoft invests more time in creating proprietary functions for Internet Explorer to the neglect of certain standards (see the second reason) that lock out people using other browsers or other platforms from certain sites (Mac IE, as I've said many times, is not Windows IE's equivalent). This is all a big corporate plot to monopolize the Internet so that Microsoft can dictate standards to its liking, which usually means making them incorporate proprietary Microsoft technology that people then must pay Microsoft for the privilege of employing.

Fourth, stop! Using IE right now could lead to identity theft! All a criminal has to do is put certain numbers and symbols between, say, "http://www.paypal.com" and "evil-credit-card-number-stealer.com" to take you to a page that is designed to look just like a Paypal page, down to nothing but "http://www.paypal.com" in the Address bar or Status bar. However, updating your credit card or bank information on this page is just like handing your wallet to a pickpocket.

If you don't believe me, check out this page: Secunia - Internet Explorer Address Bar Spoofing Test. While this page isn't going to steal your personal information, it will show you how these criminals exploit IE users. When I click the sample link in Mozilla Firebird, I'm taken to "http://www.microsoft.com%01%00@secunia.com/
internet_explorer_address_bar_spoofing_test/." But if you use IE, it will appear that you're at "http://www.microsoft.com," despite the big Secunia logo on the page.

How can Microsoft be so irresponsible? Type the URL indeed! The only other solutions they offer are typing in some obscure JavaScript that the average user wouldn't want to touch (and those who would are already using Mozilla) or making sure there's a padlock in your status bar indicating a secure site, something I doubt most people instinctively check. But even if they do, they'd have to know to double-click the padlock to check the digital certificate where the real URL is hidden. Now I seriously doubt people make a habit of this.

But there's a much simpler solution to all of this -- Microsoft could release a patch to fix it! Even taking into account Microsoft's new policy of releasing updates only once a month, they had the chance to fix this in the January update and didn't. What's stopping them? How much does Microsoft care about you as a consumer if they're willing to let you fall into this trap? If Microsoft is going to dominate the market (like they do), then they need to take responsibility for all the novice users pulled into their fold.

And for those of you who already use Netscape/Mozilla/Firebird or Safari, go ahead and feel good about yourselves.