Phishing protection in browsers
Both Internet Explorer 7 and Firefox 2.0 come with an anti-phishing feature. Both rely on a database of known phishing sites to warn you. And that is a weakness. Phishers often use a given URL for just a few hours and then move on to a new one. The lists of known phishing sites cannot keep up with the phishers, who are constantly changing their sites.
The phishing defense in IE7 relies on a list that has to be accessed online and I don’t know how often Microsoft updates it. I did a recent test and IE7 flunked. I get phishing emails all the time and I tried a few in IE7. It didn’t recognize any of them as phishing sites. Another problem with the IE7 method of going online to check every URL is that it makes surfing noticeably slower. There was a recent patch addressing the slowness of framed sites but it doesn’t make accessing regular pages any faster. I think that this is another attempt at a security measure that doesn’t work in practice. The fact that IE7 says that a site is not a known phishing site means nothing. I keep the phishing filter in IE7 turned off.
The phishing defense in Firefox uses a locally downloaded list of phishers. That doesn’t slow surfing like the IE7 online list. The list is supposedly kept updated by frequent downloads. There is also an online list that can be consulted if you want to check out a site.
Although a review (quoted below) gives Firefox a higher grade than IE7, it too cannot keep track of all the fast-moving phishers.
Better results come from some commercial programs but according to a review in CNET, the free add-on from Netcraft is the best at detecting phishing sites:
Using 10 sites recently reported to a reputable, independent phish-tracking site, we found that the Netcraft toolbar identified and blocked access to all 10 sites, tied with the premium version of McAfee SiteAdvisor Plus; the next best tools were Linkscanner Pro and Firefox 2, each identifying or blocking access to 7 suspected phishing sites; they were followed by Internet Explorer 7 which blocked an abysmal 5 sites.
Phishing filters may have their uses but don’t rely on them entirely. They pass too many bad sites. The best defense is still common sense plus the iron-clad rule to never click on attachments in email.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.