back to article MS phishing filter blacklists everything

A wide range of websites were misclassified as malign by anti-phishing technology built into the latest versions of Microsoft's browser software on Wednesday. Microsoft's SmartScreen Filter, which is built into IE7 and IE8, labelled every top level domain site as a phishing site following what appears to be a …


This topic is closed for new posts.
  1. Warren G

    No problem in my browser

    They copy Firefox and it still isn't as good....

  2. Anonymous Coward

    No loss...

    ..I didn't even know there was a domain, then again with all the cash making ones constantly coming out, no suprise.

  3. Chika
    Gates Horns

    Oh yeah...

    So if I'm affected, I have to point out Microsoft's own gaffe. Sorry, but that just doesn't cut it.

  4. Anonymous Coward
    Anonymous Coward

    "every top level domain" isn't a top level domain. just sayin'

  5. Dan 10


    "The most likely explanation is that a genuinely unsafe website under one of our suffixes was reported to Microsoft, but they incorrectly added all the domains under that suffix to their list of unsafe websites.

    "If you are a domain registrant whose website is affected, you can click on the 'More information' link, then the 'Report that this site does not contain threats' link, and report that your website is safe to Microsoft." ®

    Riiiiiiight. So given the first statement above, how is the second statement a better solution than simply reversing the change?

  6. Martyn 4

    another reason

    as to why i wont use IE if i can get away with it

  7. Ralph B
    Thumb Down

    Maybe they are dodgy

    ""? What's that about then? If they are a UK company then they should be using "". If international or US-based then ".com." I can only imagine typo/cybersquatters would want to use "".

  8. Mike Hebel

    Apologies to Pink Floyd...

    So ya

    Thought ya

    Might like to

    Go to the site.

    To feel that warm thrill of animation,

    That flash filled delight.

    I've got some bad news for you sunshine,

    This site isn't well, it's a virus laden hell

    And I refuse to allow you a pass to animeland

    We need to find out where these sites really stand!

    Are there any Brits in the browser bar tonight?

    Block them in the firewall!

    There's one about Spotlight, it doesn't look right to me,

    Block it in the firewall!

    That one's Druidish!

    And that one slams Zune!

    Who let all of this riff-raff into the room?

    There's one hacking PowerPoint,

    And another XBox!

    If I had my way,

    I'd have all of you blocked!

    *grabs coat before he's thrown out*

  9. Lockwood

    Cry some more

    It's not like Microsoft are the first and only company to have a large false positive.

    Antivirus tools have had a history of detecting bad things that weren't there. But, they're not by MS thus they're fine to do that. MS do it and it's a huge disaster.

  10. adnim Silver badge

    Another reason

    for a user to have control over their operating system/browser, rather than allowing the developer, in this case Microsoft determine where you don't want to go today.

    Having a good look at the services that run in Windows 7 and using all the settings recommended by MS. I reckon Windows 7 is spyware in the first instance and an operating system in the second.

    Although I will probably end up using Windows 7 at some point (work will dictate this not choice), I will know how to lock it down and keep MS out.

  11. Frumious Bandersnatch Silver badge

    regression testing?

    I'm sure they do use regression testing on lot of their code at MS. I'd hope so, anyway. Doesn't look like this particular component gets that sort of attention before being pushed out the door.

  12. Anonymous Coward

    That figures

    Had this happen to a customer today and thought WTF???

  13. Anonymous Coward
    Anonymous Coward


    See ? That's what happens when the Scots take the moral high ground.

  14. Bilgepipe
    Gates Horns

    Microsoft's consumer protection technology

    Microsoft's consumer protection technology - an oxymoron if ever I saw one....

  15. Anonymous Coward


    This isn't a false positive, it's just the only way MS will ever make their browser secure. The only problem is that they left the rest of the internet unblocked, but it's a start!

  16. Stevie Silver badge


    Almost every UK hosted site I've visited in the last few months has delivered a snotty lecture at me "suggesting" I change my browser. I, following the standard netizen protocol established fifteen years or so ago, voted with my mouse and bought what I was looking for elsewhere.

    Blacklisting these sites just seems to be anticipating the hysterical anti-IE rant they deliver and since the webmasters clearly don't want IE-delivered custom, would appear to be doing everyone concened a favour.

    Webmasters! If your website has a problem rendering in a browser, perhaps it's time to consider trimming Teh Bling (aka the Tat) from the bloody pages.

    Or you could just, you know, forego all that lovely money people are trying to spend at your wretched site.

  17. Paul Murphy 1

    A thought

    Would I be wrong in suggesting that Microsoft is approaching site filtering is a different way...

    Cut everybody off and see who complains, after all a real phisher won't contact Microsoft to complain would they?


  18. Anonymous Coward


    When they start reporting as a potentially dangerous site, I'll start taking them seriously.

  19. Paul 87


    This might explain then why our webhost's site went offline for a few hours earlier today :) they've used for years without problem.

    Also, I suspect many of the registrants under that domain aren't really name squaters, as well known companies like Game used to use a domain to get round people who'd decided to snap up their

  20. g e


    Microsoft Works

  21. Greg J Preece


    This is why I took the time when installing IE8 to go through the laborious startup wizard and shut off all their attempts to collect my browsing data.

    Then again, I don't use IE8 for anything except stuff that absolutely requires it (ie, stuff written by stupid people that I don't have a choice in using).

  22. lukewarmdog


    So if Microsoft blocks a site because it is dodgy, all you have to do is phone up and say it's not.

    Then they unblock it.

    I'm sure I'm missing something.

  23. Anonymous Coward

    Stupid stupid stupid

    I can't believe MS would deploy live changes with no testing. Shameful.

  24. Anonymous Coward
    Anonymous Coward

    @Ralph B & others... far as I can see (sub)domains get registered by management types that don't really understand the internet, and find their preferred .com taken.

  25. Anonymous Coward

    Re: Cry some more

    "Antivirus tools have had a history of detecting bad things that weren't there. But, they're not by MS thus they're fine to do that. MS do it and it's a huge disaster."

    Nobody likes the antivirus firms and nobody ever said they're "fine to do that." I know I just fed the troll so I'll be off now.

  26. Lankydude

    @ Mike Hebel

    Bravo, sir! You obviously have wa-a-a-a-a-a-y more time on your hands than me.

    Just jealous!

  27. Ihre Papiere Bitte!!

    @ Mike Hebel

    Damn your eyes, sir!! DAMN YOU!

  28. Fred Flintstone Gold badge

    This proves your previous headline..

    "Incompetence a bigger IT security threat than malign insiders"

    Astonishing how remarkable accurate/prescient EL Reg is :-)

  29. chr0m4t1c

    Hang on...

    If it''s a duff rule change applied overnight then presumably it's against a central server, so why didn't they just regress the change?

    Surely they didn't make a fundamental change without having a way of backing it out?

    Oh...just a minute...this is Microsoft, isn't it?

  30. Anonymous Coward


    When they block off a portion of the internet, damn right it's an issue.

    And when AV vendors make the same mistake, they get canned for it too. No difference, sunshine.

  31. BoldMan - I've never understood it...

    I've never understood people who use - and by the way it ISN'T a top level domain, .com is but this isn't, its just a second level domain masquerading as a top level domain, selling off its third level domains at ridiculous prices to noobs who don't know any better.

    Last time I looked they were selling for £60 instead of the usual tenner or so for a or .com. Tells you something right there...

  32. Andrew Harwood

    How about our friends at the Chocolate Factory?

    I'm no big M$ fan but the reaction to this story looks very different to when Google classed the entire internet as malware.

    I know that Goole didn’t recommend that we all contact them to list our domains as safe and sorted things within a few hours but it looks to be an error of the same type but with a much lower percentage of the web affected.

  33. ElReg!comments!Pierre Silver badge

    @ Stevie on Firefox zealot

    "Webmasters! If your website has a problem rendering in a browser, perhaps it's time to consider trimming Teh Bling (aka the Tat) from the bloody pages."

    You're kinda right in the principle. In the real world however, there is no need for any bling nor tat for a website not to render in IE. It just needs to be standard compliant. There is less and less of a common denominator between the 2 clans of webpages: either your page renders well in all browsers but IE, or your page renders well in IE but nowhere else. Most big guys avoid the problem by having two separate sets of pages and serving one or the other depending on the useragent, but you'll admit that it's less than optimal. So yes, webmasters can grow a bit annoyed over the issue, and try to pull visitors away from the half-baked PITA that IE is. It might be annoying for you, but it's hardly _their_ fault. Actually, it's more _your_ fault, for using a browser that deliberately breaks the standards in an effort to maintain some kind of market share despite being utter crap, and annoys everyone else in the process.

  34. Shannon Jacobs
    Big Brother

    Too big to fail--again

    Actually, I'm not that pissed at Microsoft on this one. Okay, so they aren't going to pay for the losses suffered by other companies, but it's also hard to point at any direct profits that Microsoft has pocketed in the deal. Or does that just prove Microsoft has succeeded in confusing the money trail?

    However, it still shows the problem with too big to fail. While this might be a substantial hurt for some British companies, imagine the damage if it had been 'one domain over' and taken out ye olde dot-com domain itself? Damage in the millions of dollars? Or should it be billions? Pretty soon we'd be talking about real money, eh?

    Having said that, I'm not sure what can be done in this case. I'm kind of in favor of the feel-good solution of destroying all spammers, but that will never happen, so the alternative approach is to increase the diversity of browsers. Currently there are about 5 choices, but that's a pretty rough estimate of the degree of freedom. If we add in the live versions, it's more like 7 choices? However, it's clear that IE is the ugly elephant in the room, however we slice the pie. The 'obvious' solution of dividing IE doesn't seem to make any sense here, because what's to divide? Where would the pieces be? Microsoft has really blurred the issue for that pretty crucial part of the Internet infrastructure...

    Maybe that was the strategic decision? Too big to fail but too hard to find?

  35. Moss Icely Spaceport
    Thumb Up

    @ Mike Hebel

    Ten out of Ten (as I can't post "10/10")

  36. frymaster

    @admin / ElReg!comments!Pierre

    "Another reason...for a user to have control over their operating system/browser, rather than allowing the developer, in this case Microsoft determine where you don't want to go today."

    You do know you can turn the filter off, right?

    "It just needs to be standard compliant"

    most of said tat/bling is from css3. css3 is not a standard (yet). Microsoft have this little thing called "backwards compatibility" which can be boiled down to "try not to change the behaviour of an application without a version change, if ever". Unless you are seriously wanting another round of designing practically 2 different websites depending on IE version, you should be _BEGGING_ MS not to implement css3 until the spec is completely stable

  37. ElReg!comments!Pierre Silver badge
    Jobs Horns

    @ frymaster

    "Microsoft have this little thing called "backwards compatibility""

    That's a joke, right? They do have the "backwards" part covered, twice or thrice, but they're still looking for the "compatibility" part. That's why chairs sometimes get airborne in Ballmer's office: he's searching *very* thouroughly.

    "most of said tat/bling is from css3. css3 is not a standard (yet)."

    Maybe you should re-read my comment. I'm not saying that this bling is good or standard or anything. I'm just saying that stripping the bling out won't make the page display correctly in IE. If it's written in standard *ML, it most likely won't display correctly in IE. For a website to work correctly with IE, it basically has to be written specifically for IE.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019