MoMusings

A number of people have asked me for my opinion on the built-in anti-phishing features of both Internet Explorer 7 [IE7] and Firefox 2.0.

They are particularly interested in how good, or bad, they are when compared against one of the most mature and accurate anti-phishing toolbars, this being the one from Netcraft.

So, I managed to spend a bit of time testing both browsers in-built anti-phishing capabilities, the results although not that surprising, were somewhat worrying when you take into account the amount of phishing that is now taking place.

The screeshots below are the results of just one test, but are indicative of the general accuracy of the built-in anti-phishing tools when used instead of the Netcraft toolbar. This is by no means a scientific test. However, I do use the built-in Firefox 2.0 anti-phishing [via Google] feature and the Netcraft toolbar, which co-exist well.

I received a new, for me, phishing scam e-mail which I used as a test for all the anti-phishing features and the Netcraft toolbar, and you can see the results for each of the browsers and tools below:

All the screenshots used in this blog entry have had the URL for the phishing site ‘munged‘, just in case anyone is mad enough to try and visit them

First up is Internet Explorer 7, the latest version of the much-maligned web browser from our old friends at Microsoft. However, you can only install and use IE7 on Windows XP, and even then only if you have Service Pack 2 [SP2] installed.

A larger version of the above screenshot can be found here.

As you can see, with this particular Barclays Bank phish, IE7 doesn’t flag it or warn us in any way that this is a bogus site, and not the real Barclays bank site, not good!

Next up is Firefox 2.0, the latest version of the much-admired, and recommended, web browser from our friends at Mozilla.org. Unlike IE7, you can only install and use Firefox 2.0 on most versions of Windows and even [gasp] Linux and other *NIX flavours too!

A larger version of the above screenshot can be found here.

As you can see, with this particular Barclays Bank phish, Firefox 2.0 does flag and warns us in a very obvious, in your face, kind of way that this is a bogus site, and not the real Barclays bank site, very good!

Staying with Firefox 2.0, let us now disable the in-built anti-phishing facility, and install the latest Netcraft anti-phishing toolbar instead. This works with both Internet Explorer [IE], including version 7, and all Fdoesn’tirefox versions up to and including 2.0. Not only that, but I have found that it will happily co-exist with the in-built anti-phishing feature in Firefox 2.0.

A larger version of the above screenshot can be found here.

As you can see, with this particular Barclays Bank phish, the Netcraft toolbar in Firefox 2.0 not only flags the site, warning us in a very obvious with a large dialogue box, it also doesn’t even allow the page time to render, which is good if there were any nasty scripts embedded in the HTML of the bogus site!

So, in conclusion, the in-built anti-phishing, in all the tests I’ve done so far with the many new phishing scams I get each and every day, in IE7 is really not very good, but in Firefox 2.0 [if using the Google option], is not bad, but neither of the in-built anti-phishing features are as good as using the Netcraft anti-phising toolbar…why?

Well, partly because they get lots of reports from researchers and end-users from all over the net, including me, and we are talking about thousands of new phishing URLS being reported each and every month, and furthermore because their toolbar is not tied to a specific browser this actually help them to get more reports, even from those that insist on still using IE6

For those fans of Opera out there in blogland, the news is that the next version of Opera will have some form of in-built anti-phising feature.

As with most security solutions, you shouldn’t rely on a single layer to protect your computer from attack, be that malware, spam or scams.

You should be using multiple overlapping techniques and/or technologies to ensure that a single point of failure is not likely to result in your defences being breached. So, by all means use the in-built anti-phishing features in IE7 or Firefox 2.0, but augment them with the Netcraft anti-phishing tool and a good dose of safe hex too….belt and braces, that way you are less likely to embarrassed by a failure which would otherwise expose your assets. You wouldn’t want those exposed or frozen, now would you?