Slashdot Mirror
Firefox 2.0 Wins Phishfight Against IE7
An anonymous reader writes "A new study that pitted the anti-phishing technology in Firefox 2.0 against that of IE7 generated some interesting results. From the Washingtonpost.com story: 'Firefox blocked 243 phishing sites that IE7 overlooked, while IE7 locked 117 sites that Firefox did not.' Microsoft responded by pointing to its own supposed comparison study that put it in front of Mozilla and others in phish fighting, but the story notes: '3Sharp, the company that authored the Microsoft study, clearly state on their site that their goal in creating 3Sharp was "to use the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies to enhance the business of our customers."'"
The risk of litigation inspired by false positives means they will always have to be a little more circumspect with who they classify as a phisher.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
I never get this argument...
If Linux/Firefox/(your favorite OSS product) was as popular as Windows/IE/(any proprietary Product), it will be attacked more, and will be equally vulnerable and would have equal # of security flaws.
Fact is I don't care, What I want is something that is secure and really don't care if it is not as popular. In fact, "security by insignificance" works for me.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
The clearly visible one would be better since there are people who are completely color-blind (i.e. see things only in shades of gray) or who are color-blind to certain colors.
A combination of what you suggest would be the most effective way of getting someones attention since it would be color-independent. Have the address bar flash between two different colored backgrounds which could be readily discerned to those who are color-blind yet understood by everyone else. How about red and yellow. They would show up to color-blind folks as dark gray and light gray.
Or, have an actual warning message appear and overwrite the page with a message about the page not being a real page and do you want to continue, then showing the real page if someone says yes, they want to proceed.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
This seems to me like another bonus for Google and Microsoft in tracking users browsing habits. If every time someone visit a site using FF2.0 or IE7 it 'phones home' to find out of the page is a phishing site or not, won't these companies be able to build a more concise and accurate profile of web users? Just a thought...
I'm no expert and well I'm also a Firefox (FF) lover and IE hater. Mainly cuz its CSS support sucks but that might be changing.
Anyways.. I would guess that FF has a small advantage here cuz its been out in users hands longer thus has had time to let its anti-fishing rules evolve somewhat. IE7 is still new and has some learning to do =)
My 1.5 cents.
I get spam but delete it without ever clicking.
I've learnt never to click links or open attachments in unsolicited mails.
liqbase
As the article points out, false positives were not addressed at all in this study. Without testing for false positives, those numbers are useless. If Firefox listed 100% of websites as phishing sites, the fact that it caught more than IE7 isn't all that impressive.
I get spam all the time... but I too had never seen this thing before. Just because people get spam and phishing emails doesn't mean they're dumb enough to click them. I don't even do it out of curiosity.
We're testing out new(ish) anti-phishing technology. At least, new enopugh that the argument that IE7 is the "incumbent" doesn't really hold unless the sites are exploiting leftovers from IE6. Then the point becomes obvious - if MS is pushing IE7's relative security over "previous browsers" (read: IE6), they should have fixed these holes.
No, you are dead wrong. Firefox gets patched more often, and since it is open source, that is the main reason that vulnerabilities are being found in it. Sooner or later, all the bugs in Firefox will be ironed out, and it will be considered bulletproof, while IE remains closed source and unavailable for third party code audits, which leaves it wide open to security breaches. Wouldn't you rather have a house that was built by one contractor and then inspected by thousands of others who were able to find and fix some issues with it than a house that was only inspected by the same contractor who built it? There is some correlation between popularity and number of exploits, but you make it sound like it's a 2-dimensional plane. It's not. There are other factors. The very same goes for Linux versus Windows. Until Windows and IE are open source, they will always be miles behind in security.
BTW, security through insignificance is the same as security through obscurity, which is just a false sense of security. Just because something is out of the limelight does not mean that no one has the intention of messing with it.
Sooner or later, all the bugs in Firefox will be ironed out, and it will be considered bulletproof
:) This will never happen with any software. The only way that would be possible is if you freeze the code, then ONLY fix bugs. Even then you have the possibility of creating a new bug from fixing a bug.
You must be new to software engineering
That's never going to happen tho. And the more features you add, the more bugs you add, regardless of open/closed source.
My problem is not that bugs exist, it's unavoidable, it's how they're handled that's important.
Really? Tell that to all the critics raving about Firefox, Amarok, and OpenOffice.org, among others. I don't have to list my satisfaction points with these products here because they'd only be repeats of what others have said. If you're curious, look up the testimonials. The devs of these projects are fighting fire with fire. They're releasing a technologically superior (arguable for OO.o, I know) product for free. What's not fiery about that?
As for gaming, plenty of us don't use Windows because we don't use our computers for gaming. There are plenty of fun games that are native to the Linux platform, but I rarely play them because my computer is for getting things done, not putting off the things that need to get done. I have a PS2 for games. For everything else, including the simpler install (Ubuntu install is 300x easier than Windows to install) and the simpler, more intuitive UI (I didn't much care for GNOME until I actually tried using it - It really rocks) Linux is more than sufficient, and has become the only OS on my desktop and the "98% of the time" OS on my dual-booted lappy.
But above all, use what works for you. If you don't like Linux, don't use it. But I will warn you: *nix is becoming more and more prevalent. Just this year, my school replaced all its public terminals with Sun workstations. You can complain about lack of support for games all you want, but you'll eventually be forced to use something other than Windows.
"Wouldn't you rather have a house that was built by one contractor and then inspected by thousands of others who were able to find and fix some issues with it than a house that was only inspected by the same contractor who built it?"
:0
Are you trying to be funny? Because I would never like to live in that first house. First of all, it would never get finished, disputes will break out and I would never get one ounce of peace. Fortunately, even with such hugely successfull applications, the number of real developers and fixers will be rather small. But other than that rather flawed analogy, I get your point