The fact of the matter is that his original point -- that IE is somehow unique with this flaw -- is a pile of stinking Linux leavings... Nick Danger demonstrated to me that IE fails to indicate spoofed URLs while Firebird does not. The analogy of not having an "idiot light" vs. not recognizing the "idiot light" seems appropriate. The evidence in Danger's favor is that a patch exists to make IE more like Firebird, rather than vice versa.
Nick Danger demonstrated to me that IE fails to indicate spoofed URLs while Firebird does not.
Per Nick, here are the URLs:
Firebird http://windowsupdate.microsoft.com%01@security.openwares.org/Update.htm
IE http://windowsupdate.microsoft.com
Clearly, the average person wouldn't be able to -- nor would they bother to -- distinguish between the two URLs.