links in e-mails. "Dumb question"

I read the sticky thread about the M$ security updates and how you should NOT click on the links provided, rather enter them yourself.

Ok, I can see how that COULD be good.

"They" send you a fake link to a site and it attacks your machine.

Granted.

But the proposed idea of entering the site URL yourself seems flawed.

What if you don't know the URL?

How are you supposed to enter it?

You get it from the net? Then you are just as likely to have the fake one as well.

The "validity" of links supplied in e-mails is a point of concern, but to say enter the URL yourself is mis-leading (to me) in that it doesn't explain that you should go to other sites and compare the URLs supplied.
Or maybe go to M$'s home and go through their links.

Could the person please expand on the mechanics of how to "validate" a URL they want to use?

Only asking.

Thanks though for the post.

 

One thing you can do is to run the URL thru Virus Total.


At the main home page you an scan files, this is the page for URLs. Copy/Paste it in.
Chances are there are already some previous scans in their database, however I always re-scan.

I wouldn't be concerned with 1 or 2 positives, ParetoLogic shows majorgeeks.com as malware and I'm certain that is not the case...

Also, check with WOT to see what they have on a web site. same procedure as virusTotal, plug in the URL and see what they have...

Another thing you can do is run the URL thru a search engine. Put it in quotes to get an exact match. You will see reports most likely if it is bad and been around more than a few days...

 

Thanks for that.

I (luckily) have WOT installed.

But I hope others find it helpful because as much as I understood/understand what the original posting (the sticky one) was about, just the clarification of how to vet safe sites needed to be clarified.

 

Most certainly *not* a dumb question from my perspective, however, this one from me may be:

Security Updates from Microsoft are sent via email??

It has always been my understanding that having auto-update "Enabled" was the ONLY way to fly...(??) :confused :confused :confused

 

True.

But as support is ending soon for XP, if you are wanting to re-build a crashed machine, it would be handy to have all the security updates on hand as a file.

With autoupdates on, they install but you never see them or have a "copy" of them.

I am attempting to download the 3 gig ISO image of the updates from here.

Alas I am on a 5 gig/month plan, so it is being farmed off to someone who is on an unlimited plan.

 

I might add that with Microsoft suffering through 5 major update fails in 2012 alone, the option to notify and select your own after research would be prudent. At least wait a week or so and see if the web is filling up with disaster tales...

 

If you don't recognize the URL or it doesn't seem to pertain to the email, you shouldn't enter it either.


That is common sense.

 

That same plan bit people in the *** with msblast if you recall

More like, watch what you install and uninstall it if it causes issues.

Also that article is scathing, and in some places, downright false.

"There's no change log for Metro apps -- even key apps."

That is not true at all. You just have to trot your lazy butt over to the app store and look under Details.

 

Regarding your original question: what email client are you using?

Most or all modern email clients (as well as web-based email) will show you the real URL in the status bar at the bottom. Very often a link is not shown has a URL in the message, but a keyword to click on.

But if it is an actual URL, and it does not match the link shown in the status bar, then you can tell something is wrong.

But basically you should only open links in messages from people you trust. But even that is difficult nowadays; I regularly get spam messages from people who's email account have been hacked.

 

Microsoft does send out Security Bulletins on a regular basis, if you have subscribed to them.

Microsoft (nor any other software company I know) never sends out "updates" as attachments or direct download links.