If you’re looking to avoid phishing sites, you may need to look no further
than Microsoft’s soon to be released Internet Explorer 7 browser.
According to a new study published by technical services firm 3Sharp, security features in Microsoft’s IE 7 lead a pack of anti-phishing utilities from Netcraft, Google, eBay and Geotrust.
The study gave top marks to IE 7, which was tested at its beta 3 level and was closely followed by Netcraft.
The report noted that IE beat out Netcraft due to IE’s, “ability to anticipate phish,” or sites the trick people into coughing up personal information. Google’s Safe Browsing anti-phishing tool running on Firefox came in a distant third.
The study also found that neither IE 7 nor the Google/Firefox tool reported any false positives. In contrast, Geotrust
had a false positive rate of 32 percent.
“Geotrust has an excellent score on the portion of the test where they detect real phish, they caught 99 out of 100 which is outstanding,” report co-author Paul Robichaux told internetnews.com. “But points are taken
away for incorrectly flagging sites.”
Robichaux said Microsoft and Google had zero false positives, indicating they have done a better job of fine tuning their heuristics that determine if a site is a phish.
Both IE 7 and Firefox 2.0 will have integrated anti-phishing capabilities.
3Sharp did not test Firefox 2.0 but rather only Google’s Safe Browsing extension on Firefox. However, the Safe Browsing extension is integrated into the forthcoming Firefox 2.0.
“Timing worked out poorly for us. We originally wanted to include Firefox 2
in the testing but it was ready when we were ready to test it,” Robichaux
He went on to note that the study is really just a snapshot at a point in
“This is what the efficacy of these different technologies looked like in May and June of 2006,” Robichaux explained. Robichaux said he expects that the various tools will continue to improve.
Microsoft’s anti-phishing supremacy is the result of two key factors, according to Robichaux.
One of them is the fact that Microsoft has the advantage of having a very large data set of resources to draw from. On the technology side, they do heuristics on both the client and on the server.
Though Robichaux suggests that IE 7 will be a pretty good choice for most people, he noted that almost any protection is better than nothing. He advises users to employ some form of anti-phishing to protect themselves against threats.
Robichaux also noted that the study was impartial and fair despite being commissioned by Microsoft.
He explained that 3Sharp was very careful to include a discussion of the methodology and to
make sure that everyone can see that it’s an open and fair test.
“I’m pretty confident in saying that we did a fair evaluation and it happened in this case the Microsoft’s product came out on top,” Robichaux said. “Netcraft was not involved and they did very well in this study as
“Microsoft was willing to let the results speak for themselves.”