Warning: MVP.org is not an MSoft MVP site

[Roger Abell [MVP]]

The Microsoft MVPs have a web domain, mvps.org, which
contains whatwe hope are a lot of useful articles aimed at
being of help to users of Windows.

We have become aware that there is another domain,
mvp.org *without*the s, and would advise you all that this
has no connection with theMicrosoft MVP program or its
members, and may put visitors at risk.
(Visiting that site is not recommended at the present time!)

Posted on behalf of numerous MVPs.

 

[James Reather]

The Microsoft MVPs have a web domain, mvps.org, which
contains whatwe hope are a lot of useful articles aimed at
being of help to users of Windows.

We have become aware that there is another domain,
mvp.org *without*the s, and would advise you all that this
has no connection with theMicrosoft MVP program or its
members, and may put visitors at risk.
(Visiting that site is not recommended at the present time!)

Not trying to picky, but you do realise that by mentioning it here, you're
actually directing traffic to it ... <sigh> There are plenty of domains
with mvp in their names, most of which have nothing to do with the MS MVP
program....... why single out mvp.org for comment?

James

 

[Bill \(nee Gizmo\) Swan]

Agreed....I admit I was tempted...pop ups galore...no site.

Beginning to think this was a clever hoax but see same post in other NGs by
other MVPs....Hmmmm

--
www.smallbizserver.net (2000 and 2003)

microsoft.public.backoffice.smallbiz2000 (2000 NG)

microsoft.public.windows.server.sbs (2003 NG)

http://groups.google.com/groups?hl=en&safe=off&group=microsoft.public.backoffice.smallbiz2000

http://groups.google.com/groups?hl=...off&group=microsoft.public.windows.server.sbs

http://www.sbslinks.com/

 

[Torgeir Bakken (MVP)]

Not trying to picky, but you do realise that by mentioning it here, you're
actually directing traffic to it ... <sigh> There are plenty of domains
with mvp in their names, most of which have nothing to do with the MS MVP
program....... why single out mvp.org for comment?

Hi

As far as I am informed this site (or one on the pop-up sites it calls) does
"drive-by" installs of malware, e.g. HitQ Navigator (a toolbar hijacker) is
mentioned. Hence the message to the newsgroups.

 

[Roger Abell [MVP]]

We discussed long on whether to post, and if so
how much to say.

We realize that the post provided the domain name,
but at least not as a clickable. How else could the
warning be useful ??

We are very concerned because it is just a typo away,
actively installs (or attempts to) malware, and some
which is not yet been fully covered by the detector
programs, nor a search preemptor much yet discussed
if one googles after info.

I added the (parenthesized warning to stay away)
at the end as the post as found in other NGs was IMO
not sufficently clear that bad things lay beyond that
URL, but for legalities sake a weak wording was choosen.

If someone considers the posting ill-advised, please
excuse, but this seems to have only recently appeared
(although the name has been owned for quite a while)
and we wished to take a precautionary approach.

Regards,
Roger

 

[Robert Moir]

why single out mvp.org for
comment?

(note that the decision to post a warning was nothing at all to do with me,
I didn't know it was going to happen)

I assume, because its easy to be attempting to type mvps.org into your
browser, and miss/typo the "s" off the end of "mvps"


--

 

[Taurarian]

Roger Abell, I for one appreciate your warning and will be careful not to visit
the suspect site.
Thanks again for the warning and would appreciate any updates on your posting
regarding the site.

 

[Paul Adare]

microsoft.public.security news group, Torgeir Bakken (MVP)

does
"drive-by" installs of malware, e.g. HitQ Navigator (a toolbar hijacker) is
mentioned. Hence the message to the newsgroups.

So, by announcing it, all those non-tech folks who come here and see the
post, and are tempted to go there, and have no protection, wind up being
nailed.

Why would anyone go to mvps.org in the first place?

 

[Roger Abell [MVP]]

Roger Abell, I for one appreciate your warning and will be careful not to visit
the suspect site.
Thanks again for the warning and would appreciate any updates on your posting
regarding the site.

Thanks. AFAIK the most commonly installed anti-walware
software vendors have been informed.
--ra

 

[Paul Adare]

microsoft.public.security news group, Roger Abell [MVP]

We are very concerned because it is just a typo away,
actively installs (or attempts to) malware

Away from what? Another domain that Microsoft doesn't control? Why
should anyone go to mvps.org in the first place?

 

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

It's a site with tons of helpful links, answers and information that
MVPs have built.

It's a site you DO want to visit.

 

[Roger Abell [MVP]]

Paul,

Like it or not, it is not a question of why, but the
fact that many do, mostly ones directed their by
visiting these NGs. You seem to believe no one
would wish to visit a non-MS website (?).

That is all I will have to say.

Roger

 

[SuperGumby]

you're a 'glass half empty' type of person heh?

as has been posted, the advisory doesn't even have a clickable link. A
reader would have to ignore the warning and deliberately visit the site, I
believe such action would be easily described as 'criminal stupidity'.

 

[Bill Sanderson]

Away from what? Another domain that Microsoft doesn't control? Why
should anyone go to mvps.org in the first place?

What action should Microsoft take if someone owning Microsfot.com creates a
site dispensing browser hijack code?

I can agree that this posting is a two-edged sword--there's a risk here. It
is important for the MVP's whose sites are hosted by mvps.org to understand
the risk that a typo may lead to for their readers.

The MVP's as a group don't have the clout to go after this site--if, indeed,
there's anything to "go after"--I'm unclear about whether there's anything
illegal in what it does.

It's reasonable to want to warn potential readers that the imposter (via a
typo) site is dangerous, I think.

 

[Rowdy Yates]

The Microsoft MVPs have a web domain, mvps.org, which
contains whatwe hope are a lot of useful articles aimed at
being of help to users of Windows.

We have become aware that there is another domain,
mvp.org *without*the s, and would advise you all that this
has no connection with theMicrosoft MVP program or its
members, and may put visitors at risk.
(Visiting that site is not recommended at the present time!)

Posted on behalf of numerous MVPs.

sorry MVP's, i am going to have to go against y'all on this one. you
shouldn't post this stuff in the first place.

just tell the people how to get to "YOUR" site. don't try to do "pre-
emptive" support.

 

[mae]

| In article <[email protected]>, in the
| microsoft.public.security news group, Torgeir Bakken (MVP)
| <[email protected]> says...
|
| > does
| > "drive-by" installs of malware, e.g. HitQ Navigator (a toolbar hijacker) is
| > mentioned. Hence the message to the newsgroups.
| >
|
| So, by announcing it, all those non-tech folks who come here and see the
| post, and are tempted to go there, and have no protection, wind up being
| nailed.
|
| Why would anyone go to mvps.org in the first place?
|
| --
| Paul Adare
| Moral indignation is jealousy with a halo.
| H. G. Wells, The Wife of Sir Isaac Harman

Why?
For starters, do you want the first million and one?
All the reasons would probably exceed your lifetime.

mae

 

[James Reather]

We discussed long on whether to post, and if so
how much to say.

[snip]

The sad truth is, that (especially newbie) end users shouldn't trust advice
or binaries except those found on www.microsoft.com. There's simply no way
for the uninitiated to tell that www.mvps.org is "approved" or "safe" or
"legitimate" (and anyway, mvps.org isn't "approved" by MS, check the
disclaimer: "Microsoft is in no way affiliated with, nor offers endorsement
of, this site")

Official MS content is (almost) always hosted under the microsoft.com
domain - notice www.betaplace.com has been phased out and the content moved
to beta.microsoft.com. One of the FAQs on www.betaplace.com was "Q: Is this
an official MS site? A: Yes...". The fact that they had to put that there
showed that people misunderstood it.

mvps.org is a mine of useful information (and I've found many helpful tips
there over the years), but so are www.smallbizserver.net , www.sbslinks.com
, www.sbs03.com (just naming three third-party sites from the SBS world).
However, if a user is unable to tell whether they should trust a site or
not, they should stick to reading www.microsoft.com....

James

 

[Paul Adare]

microsoft.public.security news group, Susan Bradley, CPA aka Ebitz - SBS

It's a site with tons of helpful links, answers and information that
MVPs have built.

It's a site you DO want to visit.

Just asking.

Thanks for the info.

 

[Paul Adare]

microsoft.public.security news group, Roger Abell [MVP]

Like it or not, it is not a question of why, but the
fact that many do, mostly ones directed their by
visiting these NGs. You seem to believe no one
would wish to visit a non-MS website (?).

That is all I will have to say.

Thanks Roger. I had never been. Was interested, and asked. Thanks for
the answer.

 

[Roger Abell [MVP]]

microsoft.public.security news group, Roger Abell [MVP]


Thanks Roger. I had never been. Was interested, and asked. Thanks for
the answer.

No problem Paul.
While I also agree it may have been just as wise to not post
and do nothing, between the current lack of protections,
and this is the one to which I related
the simplicity of not typing that terminal s
the decision was taken.
It seems I am always exchanging letters, leaving the
r off or your, typing their for there though I full know
better, etc. . . .
Roger