Steveshank.com Home      Newsletters Home
The Myth of the Trusted Site
 
The horrible, dangerous myth that Microsoft is trying to create is the myth of the "Safe  Site".  In June, they updated an October article entitled:
Increase Your Browsing and E-Mail Safety
4 Steps to Help Ward Off Hackers and Attackers

Published: October 3, 2003 | Updated: June 11, 2004

You will find this on the Microsoft site at: http:⁄⁄www.microsoft.com⁄security⁄incident⁄settings.mspx
 
Here are their four steps:
1. Set your browser security settings to HIGH
2. Add sites you think are safe to your trusted sites, so they bypass your security.
3. Read all your email in plain text
4. Use a pop-up Blocker.
 
They quickly say: Important Microsoft strongly recommends that the first Web site you add to your trusted sites be Windows Update (http:⁄⁄windowsupdate.microsoft.com) so that you can continue to install important software updates directly from the Windows Update Web site.
 
In other words, they run their site in such an unsafe way you cannot use their recommended security settings to apply their recommended security patches. So disable your security settings for them, and of course, other "Safe Sites".
 
But, if they were a safe site, they would not require that you disable your security settings to use their site. Any site that needs Active X is NOT a Safe site. They do not understand security.
 
There are two kinds of unsafe sites:
1. Crooks or complete incompetents who post malicious code on their site.
2. Decent people who have had their websites hacked. These could be auction sites, Kelley Blue Book, MinervaHealth or legitimate web search engines all of which have recently been hacked.
 
How can the end user determine whether the site of a trusted vendor was hacked by a cracker? They can't. It is impossible. For Microsoft to say you should make judgments that you simply cannot make, and disable security based on that judgment, is either criminal negligence or insanity, or both.
 
Do not believe the Microsoft Myth of a "Safe Website", which requires you to turn off your security settings for them.  If they were safe, they would not need to bypass your security settings. Do not follow their flaky advice about setting your security settings to HIGH, and then disabling them for all the websites that do dangerous things. That is just nuts.
 
Leave your security settings at Medium, do not disable those settings. Use a software firewall, WinPatrol and good antivirus. Check for spyware, use a browser other than Internet Explorer or add a popup blocker to Internet Explorer and follow the other safe computing practices I recommend.
 
Above all else: Do not fall for the newest Microsoft Myth of the “Safe Site”. Certainly don't imagine that any site which requires Active X and other dangerous practices should be considered safe because they come from a nice company.
Previous  |  Next ]     [ Up  |  First  |  Last ]     (Article 235 of 269)
 
Copyright (c) by Steven Shank 2006
Steveshank.com Home
Newsletters Home

I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk