By Jay Lyman LinuxInsider Part of the ECT News Network
11/16/06 4:00 AM PT
Mozilla and Microsoft are duking it out over which of their browsers -- Firefox or Internet Explorer -- is better at alerting users to possible phishing attacks. Mozilla has fired the latest salvo, with a report from a software testing company showing that Firefox blocked more phishing sites than IE.
Tech Industry Paper - Finding Strength Through Customer Service Poised to capitalize on an upturn in the economy, technology companies are focused on retention & service. This paper, from Convergys, provides the latest research on customer experience for B2B & B2C technology customers. Learn more.
Mozilla claims that the anti-phishing
measures in its Firefox Web browser are superior to those of Microsoft's (Nasdaq: MSFT) Internet Explorer (IE), based on a report released Wednesday by software testing company
SmartWare.
While IE owns around 80 percent of the browser market, it also draws the majority of Internet attacks, including those known as "phishing" -- online scams that employ fake Web sites posing as those of legitimate banking and other financial services firms in order to dupe users into disclosing personal information to thieves.
The latest Firefox browser, Version 2.0, blocks phishing attempts better than IE7, SmartWare reported.
Out-Firefoxed
Both browsers use different methods of detecting phishing sites. During testing, Firefox 2.0 blocked 79 percent of phishing sites using its regularly updated, built-in list of malicious Web addresses, and 82 percent using Google's (Nasdaq: GOOG) list.
IE7 blocked 66 percent of phishing sites using the browser's auto check feature, which confirms or denies malicious sites based on information contained in a Microsoft database. With auto check turned off, IE7 blocked only 1.5 percent of phishing sites listed in the database.
Regardless of the browser, between 20 percent and 40 percent of all phishing activities will go undetected, according to the report.
Gone Phishing
Both Microsoft and Mozilla rely on their lists and databases, but online users generally have no tools to discern phony Web sites and bogus e-mail requests for information from the real things.
"The phishers are way more sophisticated, and they can hit you before
anybody can push out a list of phishing sites," IT-Harvest Chief Research Analyst Richard Stiennon told LinuxInsider.
Firefox users are typically more tech-savvy than their IE counterparts, and thus less likely to fall for a phishing attempt, he pointed out. They are also less likely to
fall victim to a "drive-by download" -- the download of spyware, a virus or any type of malware that occurs without the knowledge of the user.
E-commerce sites can do more to protect users, Stiennon maintained. For example, banks can use heavy-duty encryption, monitor user access, and place limitations on fund transfers to mitigate phishing threats, he suggested.
Securing Image
Much of Mozilla's work on Firefox 2.0 centered on
anti-phishing and other security measures, which are of increasing
concern and priority to administrators and CIOs, Burton Group Vice
President Craig Roth told LinuxInsider.
The success of phishing attacks hinges on so-called
social engineering -- that is, coming up with tricks that will be successful in duping users.
Enterprise interest in phishing threats is growing, and security software vendors are providing enhancements to their products with that in mind.
"From an image point of view, it means a lot to have a message out
there [that] you can put under the security umbrella," Roth said.
Mozilla Issues 'Critical' Security Fixes November 10, 2006
Although the vast majority of Internet attacks are aimed at Microsoft's Internet Explorer, due to its share of the browser market and IE's tight coupling with Windows, some do target Firefox code. Browser-based attacks have become common, and the trend is fueled by "point and click" exploit-and-attack methods, as well as the increasing availability of attack code.
Related Stories
Tax Time Opens Phishing Season April 13, 2006
"With the IRS, phishers are guaranteed a very large cohort of people that will care about their messages," said Peter Cassidy, director of research for the Anti-Phishing Work Group in Cambridge, Mass. "Someone may or may not have a relationship with an online retailer or bank that's being spoofed, but everyone has a relationship with the IRS."
Microsoft Taps Partners for Anti-Phishing Efforts November 18, 2005
"There is of course no silver bullet that can stop phishing," said John L. Scarrow, general manager of the Anti-Spam and Anti-Phishing Team in the Microsoft Technology Care and Safety Group. But he said the filter "can help make a significant difference."
Related News Alerts
More by Jay Lyman
Open Source Developer Dumps Novell Over Microsoft Deal December 26, 2006
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.
Financial Firms Tap Microsoft for Linux December 22, 2006
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.
Mozilla Beefs Up Security in Firefox 2.0 December 21, 2006
Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
Headline Feeds
Talkback: 
