IE 6 Gets IE 7 Phishing Filter

Microsoft has quietly backported one of the security improvements slated for the new Internet Explorer 7 browser into IE 6.0, but the giveaway comes with a small catch.

Microsoft Corp. has quietly backported one of the security improvements slated for the new Internet Explorer 7 browser into IE 6.0, but the giveaway comes with a small catch.

The Microsoft Phishing Filter, which is being embedded into IE 7, will now be available in IE 6 but only via an add-on to the MSN Search Toolbar.

A free 1.3MB download of the anti-phishing add-on is now available in beta form for IE 6/MSN Search Toolbar users running Windows XP SP2 (Service Pack 2).

Samantha McManus, a business strategy manager at Microsoft, said the toolbar add-on uses the same back-end technology as the phishing protection built into IE 7.

"The specific implementation for each product is very slightly different to fit in with each products user experience, but yes, the technology is the same," McManus said. Both implementations are being run by the Technology Care and Safety team within the MSN unit.

/zimages/6/28571.gifClick here to read about Microsofts "low-rights" security feature in IE 7.

Overall, the implementations are the same for the toolbar add-in and IE 7 but, according to McManus, the consumer experience will differ slightly.

In the MSN Toolbar implementation, an IE user that is tricked into visiting a known phishing scam site will be automatically blocked from entering personal information on the site.

In IE 7, the process is slightly different, as the Web surfer is automatically navigated away from the phishing site to a new page. "In both scenarios, consumers have the option to proceed at their own risk to the URL," McManus explained.

/zimages/6/28571.gifMicrosoft joins its major online competitors with a download to add portal services such as search and e-mail directly to MSN. Click here to read more.

The anti-phishing technology, which uses data from Symantec Corp.-owned WholeSecurity Inc., uses a client-side whitelist and a server-side blacklist to determine whether a Web site has been set up to steal user information.

In IE 7, if the filter is turned on, every URL a user visits that is not on the client-side whitelist is transmitted to Microsofts servers to be checked.

In the toolbar add-in, the service will serve as an "early warning system" for suspicious Web sites and will provide two levels of color-coded warnings.

/zimages/6/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

If a person visits a site that is confirmed on the list of reported phishing sites, the add-in will display a "red" warning bar above the Web page and block the user from entering personal data.

If the Web site contains characteristics common to a phishing site but isnt on the list of known sites, the MSN Toolbar add-in will display a "yellow" warning bar to serve as a warning that the site is a suspected phishing scam.

On suspicious sites, users will have the option to continue to the suspect site or close their browser or tab in the toolbar.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.