Study: Microsoft Anti-Phishing Uses Best Bait

 
 
By Matt Hines  |  Posted 2006-09-29 Email Print this article Print
 
 
 
 
 
 
 

A comparison of eight anti-phishing technologies places Microsoft's new Internet Explorer 7 Beta 3 ahead of similar tools from companies including eBay and McAfee, which have been marketing anti-malware applications for years.

Microsofts maiden entry into the anti-phishing space outperforms similar technologies offered by more established security applications providers, according to a new report commissioned by the software company and conducted by researchers 3Sharp.

Based on a comparative study sponsored by Microsoft that tested anti-phishing applications from eight different software vendors and online specialists, the malicious Web site-blocking capabilities built into the latest beta version of Internet Explorer, specifically when used with the Microsoft Phishing Filter, catch a higher percentage of phishing attempts than rival technologies.

Phishing attempts most frequently involve the use of spam e-mail to direct traffic to Web sites built to appear as the online operations of a legitimate business in the name of stealing users private information.
Common iterations of the attacks have sought to trick people to hand over their password information to sites tailored to look like those of large financial institutions, or popular online businesses such as eBay.

According to the APWG (Anti-Phishing Working Group) industry consortium, the number of phishing sites operating online is growing at a rate of 400 percent per year.

3Sharp, which is based in Redmond, Wash., and focuses its research primarily around Microsoft products, said that the IE 7 Beta 3 RC3 browser beat out similar products from anti-phishing technology makers Netcraft, Google, eBay, EarthLink, GeoTrust, Netscape and McAfee, whose product finished in that order in the test.

To read more about IE 7s anti-phishing tools, click here. Based on 3Sharps methodology, which awarded a composite score to each technology based on its accuracy in detecting phishing sites and frequency of incorrectly blocking legitimate sites, Microsofts anti-phishing protection scored 172 out of a possible 200 points, while longtime security specialist McAfees Site Advisor scored only a 3.

Just behind Microsoft, the Netcraft Toolbar scored a composite score of 168 in the study, while third-place finisher Google Safe Browsing on the Firefox browser earned 106 points. eBay, which has seen its business assaulted by nearly every variety of phishing scheme cooked up on the Web, finished in fourth place with 92 points.

3Sharp Senior Partner Paul Robichaux said that Microsofts technology won the comparison based on its ability to uncloak more sophisticated variations of the attacks.

"Early phish were pretty rudimentary, but todays phish are often very realistic, and theyre getting better all the time," Robichaux wrote in the report. "To protect users from this dynamic threat, our study results show that the best browser-based anti-phishing protection offered today uses a combination of heuristics and a broad set of regularly updated data sources."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel