Study: Microsoft Anti-Phishing Uses Best BaitBy Matt Hines | Posted 2006-09-29 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
A comparison of eight anti-phishing technologies places Microsoft's new Internet Explorer 7 Beta 3 ahead of similar tools from companies including eBay and McAfee, which have been marketing anti-malware applications for years.
Microsoft's maiden entry into the anti-phishing space outperforms similar technologies offered by more established security applications providers, according to a new report commissioned by the software company and conducted by researchers 3Sharp.
Based on a comparative study sponsored by Microsoft that tested anti-phishing applications from eight different software vendors and online specialists, the malicious Web site-blocking capabilities built into the latest beta version of Internet Explorer, specifically when used with the Microsoft Phishing Filter, catch a higher percentage of phishing attempts than rival technologies.
Phishing attempts most frequently involve the use of spam e-mail to direct traffic to Web sites built to appear as the online operations of a legitimate business in the name of stealing users' private information.
Common iterations of the attacks have sought to trick people to hand over their password information to sites tailored to look like those of large financial institutions, or popular online businesses such as eBay.
According to the APWG (Anti-Phishing Working Group) industry consortium, the number of phishing sites operating online is growing at a rate of 400 percent per year.
3Sharp, which is based in Redmond, Wash., and focuses its research primarily around Microsoft products, said that the IE 7 Beta 3 RC3 browser beat out similar products from anti-phishing technology makers Netcraft, Google, eBay, EarthLink, GeoTrust, Netscape and McAfee, whose product finished in that order in the test.
Based on 3Sharp's methodology, which awarded a composite score to each technology based on its accuracy in detecting phishing sites and frequency of incorrectly blocking legitimate sites, Microsoft's anti-phishing protection scored 172 out of a possible 200 points, while longtime security specialist McAfee's Site Advisor scored only a 3.
Just behind Microsoft, the Netcraft Toolbar scored a composite score of 168 in the study, while third-place finisher Google Safe Browsing on the Firefox browser earned 106 points.
eBay, which has seen its business assaulted by nearly every variety of phishing scheme cooked up on the Web, finished in fourth place with 92 points.
3Sharp Senior Partner Paul Robichaux said that Microsoft's technology won the comparison based on its ability to uncloak more sophisticated variations of the attacks.
"Early phish were pretty rudimentary, but today's phish are often very realistic, and they're getting better all the time," Robichaux wrote in the report.
"To protect users from this dynamic threat, our study results show that the best browser-based anti-phishing protection offered today uses a combination of heuristics and a broad set of regularly updated data sources."
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.