Address Bar

Is anyone else noticing that the anti-fishing filter is not working? The
actual web address is supposed to he high lighted in green in the address
bar.

I am seeing this in my Windows 7 Ultimate O/S and also on 6 virtual machines
within Windows Virtual PC and also within Virtual Box.

Hi Richard,

Which site?

The known phishing sites is dynamic and subject to change. You could
download the fiddler tool (http://www.fiddlertool.com) and examine your
traffic to see the response from the ms anti-phishing service. OR you could
try another service like malware.google.com or siteadvisor.com.



Regards.

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message
news:#ifmcI7dKHA.5136@TK2MSFTNGP02.phx.gbl...
> Is anyone else noticing that the anti-fishing filter is not working? The
> actual web address is supposed to he high lighted in green in the address
> bar.
>
> I am seeing this in my Windows 7 Ultimate O/S and also on 6 virtual
> machines within Windows Virtual PC and also within Virtual Box.
>

Richard Urban wrote:

> Is anyone else noticing that the anti-fishing filter is not working? The
> actual web address is supposed to he high lighted in green in the address
> bar.
>
> I am seeing this in my Windows 7 Ultimate O/S and also on 6 virtual machines
> within Windows Virtual PC and also within Virtual Box.

Only if you are visiting an HTTPS (secured) site and the server's
certificate is still valid (not revoked or expired which would show with red
highlighting). Non-secure sites don't have the green highlighting. See:

http://blogs.msdn.com/ie/archive/200...-8-beta-1.aspx

Remember how IE7 and earlier where the lock icon showing you were visiting a
secure site was shown in the bottom of the web browser's window in the
status bar? Well, that's been moved up alongside the Address Bar but is
still used to indicate that you are visiting a secure site (green highlight)
or something is wrong with the site, like the server's cert expired or was
revoked or it is in the phish list (red highlight).

http://sourceforge.net
No highlighting because it is neither a secure or a phish site. There is no
highlighting by using a background color, just the domain highlighting
(black versus the grey for the non-domain portion of the URL).

https://sourceforge.net/account/login.php
No highlighting because it only uses SSL. Click on the padlock icon that
appears to the right of the Address Bar to get info on their server cert.

http://www.hotmail.com
Click on the "Use enhanced security" link.
Green highlighting appears because their server users an EV SSL certificate.
You see the padlock icon along with the cert's owner. click on that field
to get more information.
(By the way, the non-secure login page sends its data to an SSL-secured web
page so the login credentials are still sent encrypted.)

For a site whose server certificate has expired, you get a prompt
(http://www.clerkendweller.com/posts/...-expired-1.jpg).

For a web page reported as unsafe, you see the red highlighting along with a
prompt dialog
(http://ieblog.members.winisp.net/ima...rtscreen_1.png).

If the anti-phish filter weren't working, you wouldn't see a *red* highlight
(not a green highlight) when you visited the phish site. You see a green
highlight when visiting a secure site (that uses an EV SSL cert). You see a
padlock with no red or green highlighting for secure site that uses just an
SSL cert.

So what was the URL for the site that you visited where you expected to see
a red highlight to indicate a "bad" site? If you expect to see a green
hightlight, is it for a secured (HTTPS) site that uses an EV SSL cert?