Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Microsoft Tool To Help Users Avoid Typo Domains 179

blueZ3 writes "ZDnet is running a story on a new tool from Microsoft that aims to inform users when they reach 'typo domains'. Apparently, there's concern in Redmond that IE users are being exploited by companies running ad farms on typo domains. The tool uses an automated search routine to look for domains with particular types of typographical errors--transpositions, incorrect TLDs, missing letters--and then adds the domains to a database. The eventual goal (though this isn't clear from the article) seems to be something akin to Verisign's URL redirecting, where typo domains are blocked."
This discussion has been archived. No new comments can be posted.

Microsoft Tool To Help Users Avoid Typo Domains

Comments Filter:
  • by RunFatBoy.net ( 960072 ) * on Friday April 14, 2006 @05:28PM (#15132802)
    The article isn't entirely clear whether the app reports back to MS your web surfing locations. Granted, it could be useful to see what the user is commonly misspelling, but at the same time, I really have no interest in relinquishing this information.

    Jim -- http://www.runfatboy.net/ [runfatboy.net] -- A workout plan that doesn't feel like homework.
    • by MyLongNickName ( 822545 ) on Friday April 14, 2006 @06:00PM (#15132982) Journal
      The article isn't entirely clear whether the app reports back to MS your web surfing locations.

      Yeah. Thank God, we can rely on Google to not do anything like that. Can you imagine what potential for misuse there would be if a company like Google recorded your web surfing habits?
      • What will happen to my idea for a political satire site at ww.WGoOgle.com. Am I not allowed to do such satyrical references to the president of the US?
        • Hmmm, I just tried www.goggle.com (no. I am NOT supplying that as a link).

          It claimed to be a spyware detection site and tried to download some .exe file - automatically - onto my PC. I can see the advantage of blacklisting *that* sweetie.
          • Moderately good chance it DID successfully install an activeX control even without your consent.

            A neighbor of mine made that typo year or two ago and her Windows98 computer quickly filled up with adware/spyware.

            Making it more obnoxious is if you have the history feature turned on, when you type go.... it will "guess" you wanted goggle com rather than google.com once you have visited the wrong site... (until you flush the history)

            Where is Elliot Spitzer when you need him?
            • Does activeX run under Linux?

              In other words: nope, absolutely no chance at all.

              I just looked the domain up,
              Knowledge Associates
              PMB # 308 94 Gardiners Avenue
              Levittown, NY 11756-3753

              Domain Name:
      • Hmm. Have you ever tried a google search for "http"? Try it--it's safe. I still can't work out why the top answer is what it is though, especially when none of the other engines--even MSN--return the same result.

        Consider that some browsers (well Firefox anyway) will do a Google "I Feel Lucky" search on misspelled URLs. What happens when the first recognisable term is "http"? That's right...
    • I must agree. If this tool reports back to Microsoft, I wouldn't recommend it to my customers. On the other hand, if it didn't and only protected you from winding up at bad sites (like the goggle.com mentioned below) it would be good. Problem is, can we trust Microsoft not to make it report home and to keep the blacklist up to date? I rather doubt it.

      It seems to me that perhaps someone could make an open source equivalent. It wouldn't be that difficult, since you could use some of the same blocklists that

    • I bet you are a-ok with firefox automagically redirecting you to google if a host isn't found. (which happens all the time for legitimate hosts if DNS is momentarily inaccessible)

      • Redirecting me to the internet's most popular search engine when *no* DNS record is available is an order of magnitude different from redirecting me based on a "typo" -- how do they know it was a typo? That is before I have to worry about my browser reporting my surfing habits to MS.

        In fact, as of yet, Google still (in my book - the whole China thing has nothing to do with me and it is not my place to impose my values on another country, regardless of how I feel) hasn't done anything evil. MS, IMHO, on th
    • by Anonymous Coward on Friday April 14, 2006 @06:24PM (#15133096)
      I wish they have a funky paper clip that pops up and says:

      Hi there, I noticed you are about to visit a TLD web-site.
      The address www.apple.com/macosx appears to be a misspelling of the address of a legitimate site http://www.microsoft.com/Genuine/.
      Sites that use spelling variations of legitimate sites and companies may be used in "phishing" schemes to trick users into revealing their access accounts, credit card data, and other personal information.
      • To learn more about online "phishing" click here

      • If you understand the security implications of visiting potentially dangerous sites, and still wish to continue to www.apple.com/macosx, click here

      • If you wish to be redirected to the original site http://www.microsoft.com/Genuine/ either click here or simply wait 5 seconds.

    • I'd prefer the information get sent back to MS anonymously where they jsut have the ONE robot running. Could you imagine the damage to the internet if there was 4.5 billion robots scanning the Internet just looking for typos? I think MS may have actually hit[1] on a good idea. It won't make me switch to windows, but I still like the idea.

      [1] pun intended.
    • Oh, don't worry, alexa spyware already does that (and it comes installed!).
      • First of all Alexa is no longer included in IE, secondly Alexa IE sidebar only contacted Alexa when a user selected show related links from the tools menu, and only for that single url that was in the urlbar at the moment it was selected. Somehow people (AdAware for instance) believed that removing that functionality and replacing it with something that sends identical data to another, much large company, google, is better. Notice that google now distributes AdAware in the google pack which also include g
  • by Anonymous Coward on Friday April 14, 2006 @05:29PM (#15132807)
    Anyone who does that job is most definitely a tool.
  • by Lxy ( 80823 ) on Friday April 14, 2006 @05:32PM (#15132827) Journal

    Did you mean "search.msn.com"?

    • or at least www.googol.com
    • Re:first one up: (Score:4, Informative)

      by ch-chuck ( 9622 ) on Friday April 14, 2006 @05:54PM (#15132952) Homepage
      have you every tried www.goggle.com ?
      It's pretty bad. A popup got around firefox, automatically starts a file download gsetup.exe, etc.

      • Didn't for me.
        • Re:first one up: (Score:3, Interesting)

          by kabz ( 770151 )
          Wow, it did for me and I'm using Safari on a Mac !! It waited a few seconds then I got the familiar this file contains an application message. That is scary.
          • Tried it. Firefox does state that it's attempting to download a file and asks for a location to save. I'm sure it's malware, but it would take effort on the part of a Firefox user to install it. They'd have to save it to the dekstop and knowingly execute it.
            • Re:first one up: (Score:2, Informative)

              I've watched my wife surfing in the past, and when *anything* popped-up she clicked ok; I freaked one time as she clicked 4 pop-ups out of the way before I could cross the room. I gave her a lecture about spyware, malware, etc. and she was all open-eyed and "OMG, really?" and now she calls me whenever something pops up on her screen.

              The point is, many, many people are not computer savvy and regularly just accept the pop-up, click it to get rid of the "annoyance factor", and get on with whatever they were
              • This is a good sign that people designing web browsers have screwed up the security aspect of their UI.

                The typical user should not be one unintuitive click away from screwing up their computer.
          • I liked the way it scanned my Mac's registry - vary clevar.
      • And... they claim to remove such software. Wow.
        • hehe... they claimed to do a scan of my computer, scanned my registry and found 68 spyware entries... funny, i didnt think os x had a registry, I guess I need their software :P
      • Tried that (with FF 1.5.01), and got a blocked popup, and Firefox asked me what to do with a file. Quite normal behaviour, take a look on your configurations, to see if you didn't have a default action for .exe files.

        That said, the page is obviously phishing. The download is probably a piece of spyware, and lots of IE systems will probably run it without user intervention, and lots of users will probably click 'Yes' on the box "Are you sure you want to run this program?" without reading.

      • Or else the application would be called gsetup_beta.exe

    • Re:first one up: (Score:1, Informative)

      by Anonymous Coward
      Here's my (Score: 0, duh) tidbit for the day:

      Whenever I'm unsure of the spelling of a domain name, I hit my google toolbar bookmark and type the name of the company as a query. Most of the time the top link is the site I'm looking for, but I've been surprised quite a bit lately. Anyway, once I decide a site is worth going back to I just add it to my bookmarks; however, recently I've been lazy... so lazy in fact that I've accidentally typed google in my query at least half a dozen times. :(
    • Even better, they should correct it to the "proper" spelling and send people to googol.com [googol.com]...
    • Actually, it's more like:

      Clippy pops up and says:
      "You seem to be trying to access search.msn.com, but have mispelled it as google.com. Would you like to go to search.msn.com right away or visit one of the great set of beginner videos on MS' website that teach you about all the cool features of MSN?
      [Go to search.msn.com] [View video training] [Change Clippy Icon to XP Dog Icon]
    • 'www.openoffice.org' Did you mean 'http://office.microsoft.com'?
  • by macklin01 ( 760841 ) on Friday April 14, 2006 @05:33PM (#15132833) Homepage

    This sounds like a great idea, but I can see some legitimate causes being harmed. For instance, Untied.com [untied.com] is a typo of United, which is used to protest some labor practices at United Airlines [united.com].

    I guess the question is, how is MS going to determine the legitimate misspellings from the illegitimate misspellings? Certainly United doesn't like the misspelling above, but it's not anti-consumer like misspelling a company name and winding up at a spam site, or worse yet, a phishing site. -- Paul

    • how is MS going to determine the legitimate misspellings from the illegitimate misspellings?
      If I was a data miner like M$, I would maintain a whitelist and have every browser connect to my servers on a regular basis to update that whitelist. I would not be a bit surprised if it worked like this. Of course, a personalized subscription to this service would be even better.
    • Perhaps the user wanted to go to untied.com instead of united.com; It works both ways. Since "untied" is a dictionary word, this would most likely not cause any issues.
    • I would the way they will deal with typos is very similar to the phishing filter in IE7. And if a site is a valid site rather than a typo and is mistakenly marked as a typo farm, you will be able to email them and have them verify your site is not a typo farm and they will remove it. A very similar thing happened to my business site. The phishing filter marked my contact page as a phishing site, I emailed them and very quickly it was no longer reing reported as a phishing site. Keep in mind, while it may b
    • Easy. Add a frame to the top of the page that says "This may have been a typo, did you mean [whatever]?" with a link to dismiss the frame if that's not what you meant.

      Like the frame images.google.com adds to the linked site.
  • Swipe at Google? (Score:5, Insightful)

    by dannytaggart ( 835766 ) on Friday April 14, 2006 @05:34PM (#15132838) Homepage
    Is this a strategic swipe at Google's ad revenue for parked domains?
  • Verisign redirected you by DNS, this seems like more of a client side tool. I wouldn't have any problem with it if it was an optional Windows setting or uninstall tool.
  • by jfengel ( 409917 ) on Friday April 14, 2006 @05:36PM (#15132857) Homepage Journal
    Ending up at a link farm isn't any fun, but at least it's not dangerous. But you're told to type URLs from email rather than copy-and-paste, and then you risk being screwed by your own typo. Even going to your own bank is risky if you type without consciously typo-checking the URL.
  • Argh! Dupe! (Score:4, Informative)

    by RobertB-DC ( 622190 ) * on Friday April 14, 2006 @05:37PM (#15132858) Homepage Journal
    I thought for sure that there would be enough Subscribers send email to the DaddyPants address that this one would be yanked.

    Well, for reference, here are all the +4 and +5 comments from last week's installment of this story, so you karma whores can repost them and hope the moderators don't see through your ruse...

    Microsoft 'URL Tracer' Hunts Typosquatters [slashdot.org]

    Meanwhile, you can blame me for jinxing it.

    Ghost Article: M'soft Tool To Help Users Avoid Typo Domains [slashdot.org]
  • by Anonymous Coward
    Apparently, there's concern in Redmond that IE users are being exploited by companies running ad farms on typo domains.

    How dare those other companies! Nobody's allowed to exploit Microsoft's users except Microsoft!
  • I have relatives that are not computer literate. But when they visit a website by typing in its URL and they see a site that isn't what they were expecting, they know to check the spelling of the URL. As far as they are concerned, it's like dialing a wrong phone number.

    It seems to me that Microsoft is wasting resources on something that isn't really necessary.
    • That isn't the problem. But what if some computer naive, but otherwise intelligent, person types in their bank address as


      An easy mistake. Then, instead of seeing a site that installs XYZ spyware, they see a site that looks exactly like the real site


      So they enter their password for online banking, because the site has the little lock in the browser window meaning it is a secure connection. Now, the owners of the fake site have the banking info, including accou

    • But the issue is that alone by having typed in that domain, they have made money for its owner. Multiply that by 10,000 and you have already made a profit over the registration cost of the domain itself, and common typos of popular domains can easily make you a hundred times that many visits.
      • But the issue is that alone by having typed in that domain, they have made money for its owner.

        Yes, but that money didn't come from their pocket, did it? It came from the advertisers and was wasted because they ignore the ads and go away. Yes, some sleazeball made a fraction of a cent, but it came from another sleaseball, so who really cares?

    • Yes. Last night my girlfriend was looking at booking hotels in Italy - she's a barrister, so definitely not short of intelligence.

      She repeatedly mistyped domains and then totally failed to recognize that she was on a spam ad-farm site - my mother does the same. So does my housemate... People seem to really not notice this kind of thing in the slightest. It's the old 'I don't understand computers therefore I'll play dumb' routine.
  • oh, he said something about linux, I wonder what's that? Let me try and check this (types linux.com in browser). Hmm it's just some typo, maybe I haven't heard him clearly, oh well...
  • by Crouty ( 912387 ) on Friday April 14, 2006 @05:45PM (#15132901)
    Stupid parents to have their son's name collide with phonetics of Microsoft [slashdot.org].
  • A shot at Google (Score:5, Insightful)

    by Anonymous Coward on Friday April 14, 2006 @05:47PM (#15132912)
    It may not look like it, but this is a strategic move against Google.

    Google makes a significant amount of money of bulk domainers. Domainers are people who buy domains in bulk, expecting to make revenue off inexperienced users tying words directly into the URL bar, variations/misspellings on popular domain names etc). An example is something like http://www.bloggerforums.com/ [bloggerforums.com].

    By making users aware of what's going on, they'll be more likely to fix the problem themself (instead of clicking one of the sponsored links by Google), thus cutting a part of the revenue stream. (How big? Well, Google obviously isn't going to say, but it's estimated to be way into the hundred of millions.)

    • instead of clicking one of the sponsored links by Google

      Google's own toolbar shows a little green graph from 1-10 for a page's popularity.
      A popular site typo would be 7+ notches lower (Windows Update is a "4" now?!)

      • Little is the key there. Google also serves over 3 million domain names under their AdSense program for parked domains. They serve parked domains, which serve the typo domains, and make legitimate domain holders buy AdSense words to redirect typo domains to their real website. Users click, Google gets paid. Mad cash.

        While the toolbar is cool, that won't stop my grandmother from mistaking her bank's website. Icons don't cut it, unfortunately you have to be abrassive with this otherwise users will ignore the
    • That doesn't make it a strategic move against Google so much as a strategic move against cruft that nobody wants to see. If Google is indexing this crap, and their business somehow depends upon it (which is unlikely), then that's their problem.
    • Am I only one that thinks this somehow contradicts Google's "Do no evil"?
  • by wowbagger ( 69688 ) on Friday April 14, 2006 @05:49PM (#15132920) Homepage Journal
    There is a much easier way to block 99% of the typosquatters - they have a very small number of IP addresses they park their domains on.

    Block those IP addresses, block the squatters.

    Check it out for yourself - fire up your favorite DNS query tool, and plug in some typos.
  • pron.com (Score:4, Funny)

    by klenwell ( 960296 ) <klenwell@gmail.COBOLcom minus language> on Friday April 14, 2006 @05:49PM (#15132922) Homepage Journal
    will typing pron.com send me to porn.com? or vice-versa?

  • Tough Calls (Score:4, Funny)

    by wuffalicious ( 896539 ) on Friday April 14, 2006 @05:57PM (#15132969)
    Microsoft domain corrector has detected that you may have mis-typed your desination address.

    You were trying to access, "whitehouse.gov".
    Did you really mean, "whitehouse.com"?
  • not just typos (Score:2, Informative)

    by sloths ( 909607 )
    I really hate domain squatters. It's not just typos, but just cool domains that could be used for a legitimate site are just ads. IE the.com, yeah.com, sloths.com... Actually one time I was snooping around the directories of sloths.com looking for contact info to see if I could buy the domain when I came across a sql.txt file that told me their passwords.

    I've emailed Google several times about this [google.com] awful program. I hate all forms of advertising, but it just makes me mad to see cool domains used for illegiti
  • If Microsoft would open the protocol and/or the database there could be a way to implement this in other browsers too. Perhaps a web service. If they really think this is that big of a problem then a free service would convince me they're serious.
  • Only a band-aid (Score:4, Interesting)

    by Fastolfe ( 1470 ) on Friday April 14, 2006 @06:29PM (#15133122)
    This problem exists because users seem to place an unhealthy emphasis on a DNS domain name as a web topic. Perhaps we should be looking at ways of de-emphasizing a DNS domain name's importance in identifying content and start looking for ways to let users find specific pieces of information in a reliable manner using some other tool (such as an X.500 or LDAP directory of official organization names, registered trade marks, service marks, etc.).

    Until users stop thinking that they can just add a .com to their search term and get "official" content, this will remain a problem. Determining what domain names are squatters and what domains aren't is fairly easy today, but it will only be a matter of time (and a brief amount of time at that) before these typosquatters just dress their pages up to look a little more substantial and your horribly subjective test will start to fail.
  • I cannot remember all the times when I made a mistake and went to one of those "search" index sites because I know they will hose up your IE. I panic and just shut off IE as hastily is I can. I know a spyware-hosting site when I see one. I still panic when it happens to me when on Linux using FF or Konquorer. I don't use IE, not just because I don't use Windows, but because it gets pwnd all the time.
  • by trawg ( 308495 ) on Friday April 14, 2006 @07:21PM (#15133346) Homepage
    Aside from phishing attempts, which is a legitimate concern (but imo should be addressed by the company that is getting spoofed), what is the big deal about typo squatting?

    I enter in a lot of my URLs by hand. I frequently make typos because I was typing them too fast. I see a page that isn't what I was expecting or that is obviously a link farm, I just re-type the URL.

    Or I use bookmarks. Or I use Google.
  • Let's say you want to go to www.omgponies.com [omgponies.com] and typo it as omg!ponies!.com. Where do you end up going, and do you really deserve to be there?
  • Well, I'm for anything that will stick it to site-squatting parasites. I had to go with my second choice when naming my game suite because a link-farm scum was sitting on the domain I wanted.

    Mind you though, there's a pretty big potential for abuse. What will the protection fees be against ending up on this list?

    Seems like win-win from Microsoft's POV though. ;)
  • by nurb432 ( 527695 ) on Friday April 14, 2006 @08:07PM (#15133548) Homepage Journal
    We think you are trying to type in 'www.microsoft.com', please wait while we take you there.
  • by FFFish ( 7567 ) on Friday April 14, 2006 @08:12PM (#15133571) Homepage
    "Apparently, there's concern in Redmond that IE users are being exploited by companies running ad farms on typo domains."

    It occurs to me that the only people dumb enough to use MSIE these days are precisely those sorts of users who would be susceptible to the advertising on linkfarms.

    I'm not sure whether to praise Microsoft for trying to protect the retards from themselves, or to curse them for defeating the net's version of Darwinian selection...
    • Having the browser do spelling correction is not something I have a real problem with.

      Verisign was a big problem because it was screwing with important mechanisms that people rely on. Having a web browser do this may be:

      * a violation of your privacy

      * providing valuable marketing data to Microsoft

      * An attempt to squeeze Google out of the market by taking advantage of the fact that by default, Microsoft controls whatever gets entered in the URL bar.

      * Not likely to be that helpful.

      * Promote misspelling and ty
  • I'm betting that, despite this being an "optional" tool and users' voluntarily installing it, Microsoft will be sued by several companies who protest that their domains are legitimate despite appearing to be misspellings of other, more popular domains. And they have a point, too.
  • If you type in www.Knopper.Net, you go to www.Windows.com right?

    Nothing is going to change until we shoot the bastards.

    Andy Out!

  • It's good to know Microsoft is working on products like this. Really. I mean, instead of getting Vista back on schedule, they want to release things like this. Or spend money on their People Software ads.

    It's sad. I think this is a Titanic starting to sink.
  • Why would you use a program called MS Tool? anyway, isn't that name a bit.. redundant?
  • User: Control-L www.linux.org Enter
    IE: This is a typo-squatting domain. You really meant to go to www.microsoft.com

    Seriously: for software to try to determine whether two service names are confusingly similar is a really bad idea; this area is regulated by trademark law and the courts are responsible for enforcing it. What software can do is help trademark owners identify potentially confusingly similar domain names prior to going to court.
  • http://www.untied.com/ [untied.com] - which is just a merciless basher site of United Airlines (i.e. http://www.united.com/ [united.com]

    It's sad and hilarious - United Airlines completely sucks

This process can check if this value is zero, and if it is, it does something child-like. -- Forbes Burkowski, CS 454, University of Washington