Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 2.0 Wins Phishfight Against IE7

Posted by Zonk on from the hi-ya dept.

An anonymous reader writes "A new study that pitted the anti-phishing technology in Firefox 2.0 against that of IE7 generated some interesting results. From the Washingtonpost.com story: 'Firefox blocked 243 phishing sites that IE7 overlooked, while IE7 locked 117 sites that Firefox did not.' Microsoft responded by pointing to its own supposed comparison study that put it in front of Mozilla and others in phish fighting, but the story notes: '3Sharp, the company that authored the Microsoft study, clearly state on their site that their goal in creating 3Sharp was "to use the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies to enhance the business of our customers."'"

11 of 181 comments (clear)

  1. It's really Google vs. Microsoft by SimplexO · · Score: 5, Informative

    It's really Google vs. Microsoft because Firefox 2 essentially integrated Google's Safe Browsing extension into the core browser. And while Firefox has the ability to change phishing-list providers (Tools -> Options -> Security), the only one it ships with is from Google.

    --
    Get Firefox!
    1. Re:It's really Google vs. Microsoft by LiquidCoooled · · Score: 3, Informative

      No, firefox ships with an automatically updating local database of phishing sites.
      You don't need to test every site with google, just use the built in one.

      Read more here

      --
      liqbase :: faster than paper
    2. Re:It's really Google vs. Microsoft by aitan · · Score: 2, Informative

      That list is currently provided only by Google, so the grandparent is right.

  2. Re:A suggested improvement by LiquidCoooled · · Score: 4, Informative

    Its pretty hard to miss.

    Here is the hard-coded example of a phishing site from firefox: its-a-trap!.

    The info is here

    --
    liqbase :: faster than paper
  3. Re:If these are known phishing sites... by jfengel · · Score: 4, Informative

    They come and go very quickly. Shutting something down legally is a tremendous hassle. You have to go to a judge and get a court order to do it. You have to find the ISP responsible for hosting it, assuming its in a jurisdiction you can get a hold of. You have to get the ISP to pay attention to you in the first place.

    It's probably a few hours of work, and then 30 seconds later the same site appears elsewhere. Marking it as "phishing" in a database doesn't have any due process protections, but it's not as severe as shutting it down.

  4. Re:He mentions a whitelist. He must be joking. by Timesprout · · Score: 3, Informative

    Actually he mentions a banking whitelist which is not a bad idea at all and not impractical to implement. In fact I can imagine in the future the banks will request this themselves as their liability incurred for customers duped by phishing scams increases.

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  5. Re:But by Hijacked+Public · · Score: 1, Informative

    The people who sent the cake aren't the same people who decided to run a study. "Microsoft" is a vast corporation where each individual has distinct thoughts, plans, motives, etc.

    So no, it isn't weird.

    --
    "Sacrifice for the good of The State" - The State
  6. Re:That's wonderful by TheThiefMaster · · Score: 3, Informative

    The repeated crashes I had with FF2.0 all disappeared when I disabled the google toolbar add-in. With the integrated Google search, spellchecker and anti-phishing, there's very little for the google toolbar to do anyhow. Although, the buttons for finding/highlighting the search terms in the page are very useful.

  7. Re:Firefox antiphising is far from perfect... by Ash-Fox · · Score: 3, Informative
    fe, if you go to http://200.119.135.99/ebay/login5878/ the pishing filter will warn you
    Confirmed.
    but if you encode the IP with a unusual encoding

    http://0xc8.0x77.0x87.0x63/ebay/login5878/

    the phising filter will not kick in

    It does.
    --
    Change is certain; progress is not obligatory.
  8. Re:He mentions a whitelist. He must be joking. by jrsp · · Score: 2, Informative

    And now virus makers and phishers team up to hack your local copy of "safe" sites. "Why yes, young man, www.sitibank.com IS the right address."

    The problem, as always, is trusting the data. If you request it from a known source via a secure channel you're good. Once you save it you expose it to other attacks.

  9. Re:PhirePhox by Anonymous Coward · · Score: 1, Informative

    The Firefox 2 phishing protection doesn't phone home, at least not by default. It downloads a copy of Google's blacklist at regular intervals and checks the URL's against the local copy.

    No URL's are sent to Google so no privacy issues there.

    You can have your URL's send to Google if you really want to but you'd have to explicitly turn it on.