Comments on: Live Messenger and the “link harvesting black box in the sky”

By: Anti-Win

Anti-Win — Wed, 13 Jul 2011 01:22:00 +0000

Anasını sattıklarım boşu boşuna live sitelerinin hitlerini arttırıyo bu misf it herifler, windows kullanmam olur biter sıkıntı vermeye başladı bu windows artık her yerde.

By: Anonymous

Anonymous — Fri, 08 Jul 2011 10:09:00 +0000

i just upgraded to wlm2011 after putting it off for the longest time, and god DAMN do i wish i hadn’t because of this. raging so hard

By: stanley

stanley — Sun, 05 Jun 2011 13:21:00 +0000

how can i verify my my account

By: Rob

Rob — Mon, 17 Jan 2011 23:51:08 +0000

I switched to Pidgin because of this BS

By: Alex

Alex — Thu, 25 Nov 2010 16:17:19 +0000

Turn it off without a shadow of a doubt.
On by default is fine, but having no option to disable something this intrusive? That’s crazy.

By: D.

D. — Wed, 17 Nov 2010 22:23:49 +0000

It’s very nice and dandy of Microsoft and everyone else to consider the average user someone who doesn’t have basic awareness when it comes to Internet security, but putting up such an ultimately un-get-rid-of-able (I am aware that this is by no means a valid phrase or composition of words, but at the moment it is the most efficient one) that not only turns what is supposed to be (in my case) sharing of fun pictures, but also tends to ruin half the links, so that I never actually get to /see/ what it is that I have been linked to, because after the filter is done doing things most horrid to my poor link, all I get sent to is some sort of parody of the page I should be viewing, which doesn’t display much of anything really. Turn the blasted thing off, of risk a massive decrease in user count, say I.

By: Anonymous

Anonymous — Sun, 24 Oct 2010 06:19:00 +0000

TURN IT OFF
TURN IT OFF
TURN IT OFF
TURN IT OFF
TURN IT OFF
without a doubt.

it should be an option. as useful as it may be to people unfamiliar with phishing sites and virus’ etc etc, people who do know what they are doing, are just being restricted. it should be up to us, what links we do and do not click on.

By: aldo

aldo — Sat, 17 Jul 2010 19:25:49 +0000

I completely agree… You should be able to turn it off, but of course, you cannot. I understand that there are people who just aren’t that savvy when it comes to seeing whether or not something is a complete and utter scam.

What would be an easy fix that would require them to update only the website itself, and not the software, is to have the option to completely “Not show this warning message” (if it were chosen, the site would redirect you there without prompting the message) or at the very least “Do not show this warning message for this domain again.”

I like it because no matter what browser you are using, you will get SmartScreen information, it the site you are about to go to is malicious or whatever, as SmartScreen works well, actually. I don’t get why there is no off option anyways, as you can turn off SmartScreen in Internet Explorer.

By: JC

JC — Thu, 15 Jul 2010 01:54:51 +0000

I’d have it on, but modify it so that it checks for

A.) Phishing sites
B.) URL-Shortened sites

Nothing I hate more on Messenger than people using URL Shorteners, link dumping, and not telling me what it is. If the SmartScreen was able to tell me what’s beyond the link, sees past the shortened URL to where it’s really going, then yeah, I wouldn’t mind having it. But I’d rather have it configurable so that it doesn’t screen trusted URLs of sites I visit on a regular basis.

By: Richard

Richard — Mon, 12 Jul 2010 16:18:49 +0000

I believe Charter Cable web e-mail has been doing something like this for a couple of years. When you click on a link from an e-mail you are viewing in their webmail service, you briefly see a message that says something like “You are leaving Charter.net” before you see the new site. Also, in my e-mails, if you hover over the external link, it has some Charter gobbledegook prepended to the expected URL. Charter doesn’t let you turn off the “feature”. Every once in awhile, their monkeying made the link nonfunctional. That was one of the big reasons I ceased using Charter e-mail, even though they are my ISP. I’m not going to put up with a third-party intruding into the content of the e-mail I receive, if I can help it.

I don’t mind spam filtering, so long as e-mail is simply redirected into a Spam folder that I can review & delete at will.

By: TuneUp

TuneUp — Thu, 01 Jul 2010 15:33:10 +0000

This is an important tool to protect against malware, which can easily be sent through Windows Messenger. But I agree that people should be able to control whether or not they want these warning messages on—they’re helpful but not for people who discover that their messages can’t be sent because of this tool. Do you know if this filter is available on the new Windows Messenger iphone app?

By: Patrick Laughner

Patrick Laughner — Mon, 28 Jun 2010 16:47:53 +0000

This is shatty. I hate when websites do it. What if they applied this to desktop shortcuts that lead to the internet.

By: NoWhereMan

NoWhereMan — Fri, 25 Jun 2010 10:08:53 +0000

they do the rewrite on http://profile.live.com as well

By: Rafael Rivera

Rafael Rivera — Sun, 20 Jun 2010 20:59:35 +0000

Ralph: The link shown in the client (at the receiving end) will definitely read http://www.google.com. It isn’t until you click it that the redirection magic happens. At first, I thought I was infected with malware!

By: Ralph

Ralph — Sat, 19 Jun 2010 03:26:03 +0000

does the originial url show as rdir.us? say if i post a link to http://www.google.com – then does the recipient not see http://www.google.com. that would be a problem. how do iget the new messenger – when can i download it from?

By: Mopeto

Mopeto — Sat, 19 Jun 2010 01:41:31 +0000

Should be like always, not easy option to turn it off, so dummy people don`t get infected but a hard manual way to turn it off for advanced users.

By: Chad Chisholm

Chad Chisholm — Fri, 18 Jun 2010 15:38:04 +0000

This is LESS secure than prior behavior. Users judge the legitimacy of a link before clicking it by reading the hostname and possibly the filename and extension. Transforming/encoding the url makes this really hard to do. In this case a user is more likely to click all links and then click “OK” on whatever warning pages come up (without reading them.)

By: Colin

Colin — Fri, 18 Jun 2010 13:43:35 +0000

RE: http://link.smartscreen.live.com vs. http://rdir.us

While not a confidence inspirer, this is likely purely technical. With a limit to URL length, the first URL is more likely to see your original URL (if suitably long) be truncated and not function correctly.

By: Marc

Marc — Fri, 18 Jun 2010 13:19:47 +0000

Turn it off, absolutely.

By: GoodThings2Life

GoodThings2Life — Fri, 18 Jun 2010 12:59:11 +0000

I agree the rdir.us domain is stupid and suspect looking, but then we’re technically inclined users that have half a clue or better. Most users don’t. In fact, I have over 100 users that would click any given link just because it said “checks out these awesome vaca pics!!!!1″ I don’t mind the extra bit of caution.

By: Daniel

Daniel — Fri, 18 Jun 2010 11:28:16 +0000

Wow, awesome feature. One more reason for not using Wave 4 :-/

By: Leo Davidson

Leo Davidson — Fri, 18 Jun 2010 09:09:40 +0000

Fine to have it on by default.

The domain name is dumb, as you say.

It really, really, really should be possible to turn it off.

For less technical people I’m sure it will help. For people like us it provides zero value and just wastes our time and gets in our way (like most other security features in Messenger) or, at best, does nothing at all.

By: Menthix

Menthix — Fri, 18 Jun 2010 08:34:19 +0000

There should definitely be an option to turn it off. I wouldn’t use it knowing some of my (innocent) messages will already not send through Messenger because they contain a blacklisted term. There are just too many false positives.

What is the point anyway? Any modern browser already has some kind of malware filter which will warn you if the url you’re requesting is known to be a bad site. You don’t have to redirect people to make that work. It seems Microsoft’s real motive for doing this is gathering more data on which links are sent through Messenger, probably so the can analyze the most sent links for malware before anyone even reports them as malware. If that is the case and they are not making it optional, why are they not just catching links on the Messenger server? AFAIK every conversation goes through Messenger’s servers, logging all links directly from there should be possible. Then they can analyze links/domains which show suspicious activity and ass the results to their SmartScreen service. And the can advice people to use IE and SmartScreen to be optimally protected, which we’ll happily ignore.

By: Indrek

Indrek — Fri, 18 Jun 2010 07:00:43 +0000

Is this only in Messenger, or in Mail as well?

By: wbkang

wbkang — Fri, 18 Jun 2010 04:10:44 +0000

Ok, my first comment got blown up, this is my second try.

http://www.reddit.com/r/programming/comments/bpy7h/think_youre_immune_to_phishing_attacks_see_if_you/

The original website is not up anymore but I think the comments there serve as a pretty good anecdotal evidence that even tech-savvy people are susceptible to these kind of phishing attacks. I know, I know, you are always supposed to check against the domain name and everything but I think that kind of dialogue is still an excellent way to discourage at least some phishing attacks.

It’s a different story whether the users “get used to” these dialogs.