Use windows at your own rrisk.

[eddie]

According to Microsoft's own documentation, they are now implementing a built in virus that will hijack the url you type in and direct it to the site they choose and not always the one you want, if not including keeping a record of the sites you frequent without using cookies. That has gone too far. I see some real security issues here and invasion of privacy. Caveat emptor.

[MattKingUSA]

According to Microsoft's own documentation, they are now implementing a built in virus that will hijack the url you type in and direct it to the site they choose and not always the one you want, if not including keeping a record of the sites you frequent without using cookies. That has gone too far. I see some real security issues here and invasion of privacy. Caveat emptor.

So you could type in thelinuxlink.net/forum and it would take you to ms.com?

[Claudio]

According to Microsoft's own documentation, they are now implementing a built in virus that will hijack the url you type in and direct it to the site they choose and not always the one you want, if not including keeping a record of the sites you frequent without using cookies. That has gone too far. I see some real security issues here and invasion of privacy. Caveat emptor.

So you could type in thelinuxlink.net/forum and it would take you to ms.com?

No, it would take you to a Wikipedia entry on cockroaches.

[deptrai]

Do you have a reference on that? This is a little reminiscent of the "anti-phishing" features of some browsers which, prior to doing a DNS lookup for each host, check it against a sort of RBL of URLs, and in the process annihilate your privacy since they could track every URL you ever visit. In that case, however, they likely don't redirect you so much as block the site, maybe with a splash screen or something.

As far as software doing (possibly nefarious) behavior that is not documented, that could be any closed-source software, it's hard to know. One method to gain a lot of insight into what's happening on your computer is to sniff your internet connection. If you are 100% in control of your box, there should be nothing there that you didn't expect. It can be quite enlightening -- even open-source software might be doing some things of which you weren't aware. A good starting-point is the 'etherape' software, but ultimately you'll want to examine a full packet capture.

[eddie]

Though it may not be intended to be bad, I see the real issues if a hacker was able to take advantage of it.
Link from a Microsoft email:
http://blogs.iis.net/ruslany/archive/20 ... lease.aspx

[dann]

Wait a minute, is this last entry about URL Rewrite what you were talking about in the first entry? Just be aware that Apache has had mod_rewrite for some time now and it's used quite often to simplify url's to directory structures amongst other things. It is not an intent to be malicious.

Besides, this is a server side solution, not a client side solution.

[eddie]

If you read the article it explains that the rewrite would happen before the url hits the server.

[dann]

I'm not sure where you are finding this information in the link provided. URL's will get rewritten before they hit the intended directory. It's a plugin to IIS. IIS will process the url the user puts in and substitute the rewrite url based upon the parameters defined on the server.

[MattKingUSA]

If you read the article it explains that the rewrite would happen before the url hits the server.

Yeah, that doesn't really make a lot of sense. It would have to check with the server for a refferance to point to before it could actualy change the url. At some point.

[Wally Balljacker]

More anti-MS FUD. Thanks Dann for clearing this up. I swear, it seems like people can say anything about Microsoft around here and the Linux crowd eats it up without even thinking or investigating. At least HALF of the anti-Microsoft threads around here are questionable at best. But what should I expect from such a biased bunch?

[eddie]

If you read the article it explains that the rewrite would happen before the url hits the server.

Yeah, that doesn't really make a lot of sense. It would have to check with the server for a refferance to point to before it could actually change the url. At some point.

I am sure you are right, but the article still need to be scrutinized for the truth.

[eddie]

More anti-MS FUD. Thanks Dann for clearing this up. I swear, it seems like people can say anything about Microsoft around here and the Linux crowd eats it up without even thinking or investigating. At least HALF of the anti-Microsoft threads around here are questionable at best. But what should I expect from such a biased bunch?

With all the anti-linux fud that is out there, give me a break. Why is it that Microsoft people and their software can do no wrong? After being a tech for more than ten years in the ms world, I know better. You should be glad that ms was even ever mentioned. You should be thankful that the article was brought to light so it could be scrutinized for the truth whether I was right or wrong.. I will never mention ms ever again. Merry xmas.

[dann]

Aw, now, come one. I for one hope you do mention MS in the future, be it good or bad. It's always good to ferret these things. Let's face it, MS needs all the help it can get, especially with this "biased" crowd.

I for one would do not like MS products or ever intend on using them again if I have my way.

So keep posting MS stories, and flame away!