» Live Messenger and the “link harvesting black box in the sky” Within Windows

Jun 2010

26 Comments

Live Messenger and the “link harvesting black box in the sky”

One of the more hush-hush changes to Windows Live Messenger Wave 4 is the tie in of Internet Explorer’s SmartScreen Filter technology. Basically, links you receive will be transformed in such a way that upon clicking them you’ll be pushed through a redirector controlled by Microsoft before reaching your end result… if Microsoft deems it safe. To be a little more specific, you’re sent to the ominous appearing http://rdir.us with some undocumented parameters tacked onto the end. A full URL may appear as such:

http://rdir.us/?l=http%3a%2f%2fyoutube.com&h=unknown_base64ed_value&p=number&u=sixteen_hex_digits

If it’s safe to proceed, this redirect shuffle takes only a second or two to complete. If things look a little bit fishy, Microsoft will throw up an interstitial page similar to Google and Facebook (below). I’m not sure what this page looks like when things are real bad, but I’m sure it involves varying shades of red and the acronym GTFO.

Windows Live SmartScreen warning page, Figure: Windows Live making sure I don’t give my password to the Chinese.

While I can appreciate Windows Live’s efforts to reduce malware proliferation and increase overall safety of its users online, the following issues come to mind:

My links are cataloged by some black box in the cloud, ready for hacker attack or spillage. (Think AT&T iPad fiasco.)
Rather than use http://link.smartscreen.live.com as a basis for my link, http://rdir.us was used. Which looks safer to you?
The warning page treats me like a dummy.
The privacy policy didn’t appear until I landed on the interstitial page. What are the odds of people ever seeing this page? How about the odds of finding anything related to SmartScreen in that policy? (It was last updated May 2008.)
I can’t turn the damn thing off.

What do you think? Would you leave this on or turn it off (if you had the chance)?

http://justindaigle.com Justin Daigle

Turn it off, no doubt.
I click links at my own discretion.
And I have NEVER been linked to a phishing site.
Just shock sites, which I doubt this offers protection from.
wbkang

Ok, my first comment got blown up, this is my second try.

http://www.reddit.com/r/programming/comments/bpy7h/think_youre_immune_to_phishing_attacks_see_if_you/

The original website is not up anymore but I think the comments there serve as a pretty good anecdotal evidence that even tech-savvy people are susceptible to these kind of phishing attacks. I know, I know, you are always supposed to check against the domain name and everything but I think that kind of dialogue is still an excellent way to discourage at least some phishing attacks.

It’s a different story whether the users “get used to” these dialogs.
Indrek

Is this only in Messenger, or in Mail as well?
http://menthix.net/ Menthix

There should definitely be an option to turn it off. I wouldn’t use it knowing some of my (innocent) messages will already not send through Messenger because they contain a blacklisted term. There are just too many false positives.

What is the point anyway? Any modern browser already has some kind of malware filter which will warn you if the url you’re requesting is known to be a bad site. You don’t have to redirect people to make that work. It seems Microsoft’s real motive for doing this is gathering more data on which links are sent through Messenger, probably so the can analyze the most sent links for malware before anyone even reports them as malware. If that is the case and they are not making it optional, why are they not just catching links on the Messenger server? AFAIK every conversation goes through Messenger’s servers, logging all links directly from there should be possible. Then they can analyze links/domains which show suspicious activity and ass the results to their SmartScreen service. And the can advice people to use IE and SmartScreen to be optimally protected, which we’ll happily ignore.
http://www.pretentiousname.com Leo Davidson

Fine to have it on by default.

The domain name is dumb, as you say.

It really, really, really should be possible to turn it off.

For less technical people I’m sure it will help. For people like us it provides zero value and just wastes our time and gets in our way (like most other security features in Messenger) or, at best, does nothing at all.
http://www.windowswiki.info Daniel

Wow, awesome feature. One more reason for not using Wave 4 :-/
GoodThings2Life

I agree the rdir.us domain is stupid and suspect looking, but then we’re technically inclined users that have half a clue or better. Most users don’t. In fact, I have over 100 users that would click any given link just because it said “checks out these awesome vaca pics!!!!1″ I don’t mind the extra bit of caution.
http://nomagichere.blogspot.com Marc

Turn it off, absolutely.
http://colinizer.com Colin

RE: http://link.smartscreen.live.com vs. http://rdir.us

While not a confidence inspirer, this is likely purely technical. With a limit to URL length, the first URL is more likely to see your original URL (if suitably long) be truncated and not function correctly.
http://slidell4life.blogspot.com Chad Chisholm

This is LESS secure than prior behavior. Users judge the legitimacy of a link before clicking it by reading the hostname and possibly the filename and extension. Transforming/encoding the url makes this really hard to do. In this case a user is more likely to click all links and then click “OK” on whatever warning pages come up (without reading them.)
Mopeto

Should be like always, not easy option to turn it off, so dummy people don`t get infected but a hard manual way to turn it off for advanced users.
Ralph

does the originial url show as rdir.us? say if i post a link to http://www.google.com – then does the recipient not see http://www.google.com. that would be a problem. how do iget the new messenger – when can i download it from?
http://www.withinwindows.com Rafael Rivera

Ralph: The link shown in the client (at the receiving end) will definitely read http://www.google.com. It isn’t until you click it that the redirection magic happens. At first, I thought I was infected with malware!
NoWhereMan

they do the rewrite on http://profile.live.com as well
http://geeksmack.net Patrick Laughner

This is shatty. I hate when websites do it. What if they applied this to desktop shortcuts that lead to the internet.
TuneUp

This is an important tool to protect against malware, which can easily be sent through Windows Messenger. But I agree that people should be able to control whether or not they want these warning messages on—they’re helpful but not for people who discover that their messages can’t be sent because of this tool. Do you know if this filter is available on the new Windows Messenger iphone app?
Richard

I believe Charter Cable web e-mail has been doing something like this for a couple of years. When you click on a link from an e-mail you are viewing in their webmail service, you briefly see a message that says something like “You are leaving Charter.net” before you see the new site. Also, in my e-mails, if you hover over the external link, it has some Charter gobbledegook prepended to the expected URL. Charter doesn’t let you turn off the “feature”. Every once in awhile, their monkeying made the link nonfunctional. That was one of the big reasons I ceased using Charter e-mail, even though they are my ISP. I’m not going to put up with a third-party intruding into the content of the e-mail I receive, if I can help it.

I don’t mind spam filtering, so long as e-mail is simply redirected into a Spam folder that I can review & delete at will.
http://pressxordie.wordpress.com JC

I’d have it on, but modify it so that it checks for

A.) Phishing sites
B.) URL-Shortened sites

Nothing I hate more on Messenger than people using URL Shorteners, link dumping, and not telling me what it is. If the SmartScreen was able to tell me what’s beyond the link, sees past the shortened URL to where it’s really going, then yeah, I wouldn’t mind having it. But I’d rather have it configurable so that it doesn’t screen trusted URLs of sites I visit on a regular basis.
http://mschat.net/ aldo

I completely agree… You should be able to turn it off, but of course, you cannot. I understand that there are people who just aren’t that savvy when it comes to seeing whether or not something is a complete and utter scam.

What would be an easy fix that would require them to update only the website itself, and not the software, is to have the option to completely “Not show this warning message” (if it were chosen, the site would redirect you there without prompting the message) or at the very least “Do not show this warning message for this domain again.”

I like it because no matter what browser you are using, you will get SmartScreen information, it the site you are about to go to is malicious or whatever, as SmartScreen works well, actually. I don’t get why there is no off option anyways, as you can turn off SmartScreen in Internet Explorer.
Anonymous

TURN IT OFF
TURN IT OFF
TURN IT OFF
TURN IT OFF
TURN IT OFF
without a doubt.

it should be an option. as useful as it may be to people unfamiliar with phishing sites and virus’ etc etc, people who do know what they are doing, are just being restricted. it should be up to us, what links we do and do not click on.
D.

It’s very nice and dandy of Microsoft and everyone else to consider the average user someone who doesn’t have basic awareness when it comes to Internet security, but putting up such an ultimately un-get-rid-of-able (I am aware that this is by no means a valid phrase or composition of words, but at the moment it is the most efficient one) that not only turns what is supposed to be (in my case) sharing of fun pictures, but also tends to ruin half the links, so that I never actually get to /see/ what it is that I have been linked to, because after the filter is done doing things most horrid to my poor link, all I get sent to is some sort of parody of the page I should be viewing, which doesn’t display much of anything really. Turn the blasted thing off, of risk a massive decrease in user count, say I.
Alex

Turn it off without a shadow of a doubt.
On by default is fine, but having no option to disable something this intrusive? That’s crazy.
Rob

I switched to Pidgin because of this BS
stanley

how can i verify my my account
Anonymous

i just upgraded to wlm2011 after putting it off for the longest time, and god DAMN do i wish i hadn’t because of this. raging so hard
Anti-Win

Anasını sattıklarım boşu boşuna live sitelerinin hitlerini arttırıyo bu misf it herifler, windows kullanmam olur biter sıkıntı vermeye başladı bu windows artık her yerde.