Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 2.0 Wins Phishfight Against IE7

Posted by Zonk on from the hi-ya dept.

An anonymous reader writes "A new study that pitted the anti-phishing technology in Firefox 2.0 against that of IE7 generated some interesting results. From the Washingtonpost.com story: 'Firefox blocked 243 phishing sites that IE7 overlooked, while IE7 locked 117 sites that Firefox did not.' Microsoft responded by pointing to its own supposed comparison study that put it in front of Mozilla and others in phish fighting, but the story notes: '3Sharp, the company that authored the Microsoft study, clearly state on their site that their goal in creating 3Sharp was "to use the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies to enhance the business of our customers."'"

13 of 181 comments (clear)

  1. You have to consider... by otacon · · Score: 5, Interesting

    that most phising sites are designed to circumvent Internet Explorer, since it is the most common internet browser, and practically the only browser for 'clueless' users, especially the ones that would be victims to a phishing site.

    --
    In a world of acronyms, the words are the real victims.
    1. Re:You have to consider... by flyingsquid · · Score: 4, Funny

      Also, should "www.firefox.com" and "www.mozilla.com" really be included in IE7's tally of phishing sites blocked?

    2. Re:You have to consider... by foamrotreturns · · Score: 4, Insightful

      No, you are dead wrong. Firefox gets patched more often, and since it is open source, that is the main reason that vulnerabilities are being found in it. Sooner or later, all the bugs in Firefox will be ironed out, and it will be considered bulletproof, while IE remains closed source and unavailable for third party code audits, which leaves it wide open to security breaches. Wouldn't you rather have a house that was built by one contractor and then inspected by thousands of others who were able to find and fix some issues with it than a house that was only inspected by the same contractor who built it? There is some correlation between popularity and number of exploits, but you make it sound like it's a 2-dimensional plane. It's not. There are other factors. The very same goes for Linux versus Windows. Until Windows and IE are open source, they will always be miles behind in security.
      BTW, security through insignificance is the same as security through obscurity, which is just a false sense of security. Just because something is out of the limelight does not mean that no one has the intention of messing with it.

    3. Re:You have to consider... by cosminn · · Score: 4, Insightful

      Sooner or later, all the bugs in Firefox will be ironed out, and it will be considered bulletproof

      You must be new to software engineering :) This will never happen with any software. The only way that would be possible is if you freeze the code, then ONLY fix bugs. Even then you have the possibility of creating a new bug from fixing a bug.

      That's never going to happen tho. And the more features you add, the more bugs you add, regardless of open/closed source.

      My problem is not that bugs exist, it's unavoidable, it's how they're handled that's important.

  2. MS will always struggle here by Timesprout · · Score: 5, Insightful

    The risk of litigation inspired by false positives means they will always have to be a little more circumspect with who they classify as a phisher.

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
    1. Re:MS will always struggle here by LordSnooty · · Score: 4, Insightful

      And why couldn't someone sue the Mozilla Corporation and/or Foundation in the same circumstances?

  3. PhishFight! by Anonymous Coward · · Score: 4, Funny

    /slap Microsoft

    * Anonymous Coward slaps Microsoft around a bit with a large trout.

    I win, I win!

  4. It's really Google vs. Microsoft by SimplexO · · Score: 5, Informative

    It's really Google vs. Microsoft because Firefox 2 essentially integrated Google's Safe Browsing extension into the core browser. And while Firefox has the ability to change phishing-list providers (Tools -> Options -> Security), the only one it ships with is from Google.

    --
    Get Firefox!
  5. Re:A suggested improvement by LiquidCoooled · · Score: 4, Informative

    Its pretty hard to miss.

    Here is the hard-coded example of a phishing site from firefox: its-a-trap!.

    The info is here

    --
    liqbase :: faster than paper
  6. Re:If these are known phishing sites... by jfengel · · Score: 4, Informative

    They come and go very quickly. Shutting something down legally is a tremendous hassle. You have to go to a judge and get a court order to do it. You have to find the ISP responsible for hosting it, assuming its in a jurisdiction you can get a hold of. You have to get the ISP to pay attention to you in the first place.

    It's probably a few hours of work, and then 30 seconds later the same site appears elsewhere. Marking it as "phishing" in a database doesn't have any due process protections, but it's not as severe as shutting it down.

  7. That's probably the first time... by petrus4 · · Score: 4, Funny

    ...I've honestly ever seen the words "robust," and "Microsoft," in the same sentence.

    1. Re:That's probably the first time... by Volante3192 · · Score: 4, Funny

      I've honestly ever seen the words "robust," and "Microsoft," in the same sentence.

      You don't read their marketing materials much, do you?

  8. Firefox antiphising is far from perfect... by diegocgteleline.es · · Score: 4, Interesting

    ...at least until they fix bug #356355 , which "jumps" the antiphising filter

    fe, if you go to http://200.119.135.99/ebay/login5878/ the pishing filter will warn you

    but if you encode the IP with a unusual encoding

    http://0xc8.0x77.0x87.0x63/ebay/login5878/

    the phising filter will not kick in