Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Sponsors Antiphishing Bakeoff

Posted by ryuzaki0 on from the here-phishie-phishie dept.

uniquebydegrees writes, "InfoWorld is blogging about the (predictable) results of a Microsoft-sponsored antiphishing technology bakeoff. From the TechWatch blog: 'Microsoft's Phishing Filter (MPF) in IE 7 Beta 3 received the highest "composite score" at 172, followed closely by NetCraft's toolbar with a composite score of 168. But when you dig into the numbers, another story emerges... IE's MPF antiphishing toolbar doesn't top out any of the individual tests that make up the composite score... So how did MPF end up on top?... Microsoft didn't do the best job of spotting phish sites, but it did do the best job of blocking the ones it did spot, and blocking was what garnered the most points... Blocking a phishing Web site earned you twice as many points as just warning about it in this test, but is blocking really twice as effective as just warning users?'"

12 of 94 comments (clear)

  1. What a silly question. by Saint+Aardvark · · Score: 4, Funny

    ...but is blocking really twice as effective as just warning users?

    No, of course not. That's why I tape the root password for the file server to users' monitors, but warn them strongly not to use it.

    --
    Carousel is a lie!
  2. What do most users do when they get a warning box? by chroot_james · · Score: 4, Insightful

    "What is this window doing here?! I just want to get to paypal already..." *clicks ok* "There. Now I can finish this ssn and cc verification..."

    --
    Reality is nothing but a collective hunch.
  3. I hate slashdot so much by anotherone · · Score: 5, Insightful

    If anything, blocking a site should be worth more than double, since most people I know seem to just ignore warning dialogs.

    --
    Username taken, please choose another one.
    1. Re:I hate slashdot so much by jrumney · · Score: 3, Insightful

      If anything, blocking a site should be worth more than double, since most people I know seem to just ignore warning dialogs.

      My first thought was that the false positive rate is probably going to be about the same as WGA, blocking far too many sites, but you're right. The ideal solution would be to have it configurable and default to blocking, since the users who click through without reading are probably not going to go anywhere near the Options dialog.

  4. BS composite scores didn't make a huge difference. by dtfinch · · Score: 3, Informative

    Disregarding their arbitrary scoring BS, and only looking at detection percentages, IE7 still did a good job, as expected from a Microsoft commissioned study.
    GeoTrust TrustWatch caught 99%, but had a 32% false positive rate.
    IE7 - 89%
    Netcraft Toolbar - 84%
    EarthLink ScamBlocker - 64%
    Firefox/Google - 53%
    eBay Toolbar - 46%
    Netscape 8.1 - 28%
    McAfee Site Advisor - 3%

    How they came out with only 89% when they selected the sites themselves is anyone's guess.

  5. Stupid questions by Solkre · · Score: 3, Insightful

    Why do all article descriptions end with a stupid question?

    And for those who disagree, there ARE stupid questions.

    1. Re:Stupid questions by kfg · · Score: 3, Funny

      Q.E.D. :)

      KFG

  6. Actually.... by zappepcs · · Score: 3, Insightful

    It is the blocking part without user interaction that provokes that 'just click ok' reflex all the time. When the OS (or any machine, service, etc.) coddles the user to the point that they don't know what they are doing, or having the computer do, it breeds ignorance. No, I'm not dumb enough to think that all computer users must be sysadmins, but software that deepens their ignorance is not good software. Intelligent software should tell user's what is happening, why(if possible), and what the software can do about it, and/or what the user should do about it. I know that clippy was pretty annoying, but a less annoying and more intelligent approach like clippy would help user's to make better security decisions in the future. Just two cents worth.

    --
    Support NYCountryLawyer RIAA vs People
  7. Re:Do a lot of people still get phished? by xenoarch · · Score: 3, Informative

    untill December of last year i was a sysadmin for a large ISP, and when i left we still had 30+ phsing scams caught per day. Phishing is a social hack, and those are always more effective then just plain tech hacks. And yes blocking is more effective then warning.

  8. Re:Do a lot of people still get phished? by porcupine8 · · Score: 3, Interesting
    Just a few months ago, someone "broke into" my sister's PayPal account, and from there her bank account.

    A couple of months after the fact, my mom let slip that not only was this actually because she fell for phishing, but my mom had fallen for the same email - luckily, they didn't get to her bank account. (Mainly b/c when my sister discovered what had happened, my mom ran to cover her ass.)

    I wanted to whack them both upside the head. But trust me, they are far more representative of the average user than you or I.

    --
    Warning: Apple/Nintendo fangirl. Likes her electronics cute & cuddly. May be rabid.
  9. Template for MS Slashdot Articles by derrickh · · Score: 4, Insightful

    Microsoft did something right...but is that something actually not wrong?

    Microsoft performed well...but is performing well more important than performing badly?

    Microsoft isnt all bad...but is not being bad the same as being good?

    D

    --
    The first, last, and only tech news site on the net
  10. Re:Do a lot of people still get phished? by merreborn · · Score: 4, Interesting

    My fiance just started as a teller at a Wells Fargo. She says that people come in with questions exactly like that every single day, along with "I need a cashiers check to send to this nice man in Nigeria", and

    "I just got an email saying I won the Canadian Lottery, and I need a cashiers check for $4,000 to cover the taxes"
    "Did you ever _enter_ the Canadian lottery?"
    "No."
    "I hate to tell you this ma'am, but it's a scam."

    Every god damn day.