Nick Danger demonstrated to me that IE fails to indicate spoofed URLs while Firebird does not.
Per Nick, here are the URLs:
Firebird http://windowsupdate.microsoft.com%01@security.openwares.org/Update.htm
IE http://windowsupdate.microsoft.com
Clearly, the average person wouldn't be able to -- nor would they bother to -- distinguish between the two URLs.
Clearly, the average person wouldn't be able to -- nor would they bother to -- distinguish between the two URLs." But the deception is still there, regardless. And it took me all of a minute to discern it, once warned. It is you who inserted the qualifier "average person." It is the only way out of the argument for you, and a lame one at that.
So, what is Microsoft doing to help customers avoid or discern nefarious URL spoofing?