Dive into the PhishTankBy Larry Seltzer | Posted 2006-10-09 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Opinion: Finally someone is approaching the phishing problem the way it should be approached, but it may be too late to overcome the proprietary impulse of the big guys.Everybody complains about phishing, but how many of us actually do something about it? Now everyone can.
PhishTank, a new service from the OpenDNS folks, is an open and public phishing database. It finds itself up against several large and wealthy commercial products and services. PhishTank may prove to be a quixotic endeavor, but someone's got to dream the impossible dream.
There have been phishing databases for years. For years my favorite, one of the oldest, was the Netcraft Toolbar which, like all of the other client agents for the databases, is free.
Of course the fact that a site is submitted as a phish doesn't make it a phish, so it isn't listed as a phish until enough users vote for it. The voting is Cloudmark-style, where users themselves develop a reputation and a better reputation gives greater weight to their votes. How do you get good reputation? To the extent that your votes coincide with the judgment of the community, your reputation grows, and vice versa.
The voting system is good because it's fair and effective, but it also makes it imperative that a large community be constantly examining the submissions and voting. The longer it takes for phishing samples to be judged by the community, the longer they are not useful to potential phishing victims. So if PhishTank remains a nonmainstream community, it will remain a nonmainstream community.
That would be a shame. It doesn't help users for the big players in this area to keep their systems closed. Symantec may have a business reason to treat their database as proprietary, but Microsoft doesn't. Microsoft simply has an interest in the best possible protection. They don't need to make money off of security products, they need for computing to be more carefree and secure.
So why shouldn't IE7's Phishing Filter submit phishing candidates into PhishTank and read from it as well? The only real problem with this scenario is that Microsoft has performance requirements that PhishTank is unlikely to meet, but that's the kind of problem you can basically throw money at.
And since IE7 uses heuristics for many judgments, the database would have to take some account of this. It should get some number of points in the evaluation process based on the specific characteristics that got it flagged.
If only big companies would be so civil and logical. But it's probably just a dream.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.