Technology News: Security: Firefox: The Better Phisher Fighter

Firefox: The Better Phisher Fighter

By Jay Lyman
LinuxInsider
Part of the ECT News Network
11/16/06 4:00 AM PT

Mozilla and Microsoft are duking it out over which of their browsers -- Firefox or Internet Explorer -- is better at alerting users to possible phishing attacks. Mozilla has fired the latest salvo, with a report from a software testing company showing that Firefox blocked more phishing sites than IE.

eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.

Mozilla claims that the anti-phishing measures in its Firefox Web browser are superior to those of Microsoft's (Nasdaq: MSFT) Internet Explorer (IE), based on a report released Wednesday by software testing company SmartWare.

While IE owns around 80 percent of the browser market, it also draws the majority of Internet attacks, including those known as "phishing" -- online scams that employ fake Web sites posing as those of legitimate banking and other financial services firms in order to dupe users into disclosing personal information to thieves.

The latest Firefox browser, Version 2.0, blocks phishing attempts better than IE7, SmartWare reported.

Out-Firefoxed

Both browsers use different methods of detecting phishing sites. During testing, Firefox 2.0 blocked 79 percent of phishing sites using its regularly updated, built-in list of malicious Web addresses, and 82 percent using Google's (Nasdaq: GOOG) list.

IE7 blocked 66 percent of phishing sites using the browser's auto check feature, which confirms or denies malicious sites based on information contained in a Microsoft database. With auto check turned off, IE7 blocked only 1.5 percent of phishing sites listed in the database.

Regardless of the browser, between 20 percent and 40 percent of all phishing activities will go undetected, according to the report.

Gone Phishing

Both Microsoft and Mozilla rely on their lists and databases, but online users generally have no tools to discern phony Web sites and bogus e-mail requests for information from the real things.

"The phishers are way more sophisticated, and they can hit you before anybody can push out a list of phishing sites," IT-Harvest Chief Research Analyst Richard Stiennon told LinuxInsider.

Firefox users are typically more tech-savvy than their IE counterparts, and thus less likely to fall for a phishing attempt, he pointed out. They are also less likely to fall victim to a "drive-by download" -- the download of spyware, a virus or any type of malware that occurs without the knowledge of the user.

E-commerce sites can do more to protect users, Stiennon maintained. For example, banks can use heavy-duty encryption, monitor user access, and place limitations on fund transfers to mitigate phishing threats, he suggested.

Securing Image

Much of Mozilla's work on Firefox 2.0 centered on anti-phishing and other security measures, which are of increasing concern and priority to administrators and CIOs, Burton Group Vice President Craig Roth told LinuxInsider.

The success of phishing attacks hinges on so-called social engineering -- that is, coming up with tricks that will be successful in duping users. Enterprise interest in phishing threats is growing, and security software vendors are providing enhancements to their products with that in mind.

"From an image point of view, it means a lot to have a message out there [that] you can put under the security umbrella," Roth said.

Next Article in Security

Mozilla Issues 'Critical' Security Fixes
November 10, 2006

Although the vast majority of Internet attacks are aimed at Microsoft's Internet Explorer, due to its share of the browser market and IE's tight coupling with Windows, some do target Firefox code. Browser-based attacks have become common, and the trend is fueled by "point and click" exploit-and-attack methods, as well as the increasing availability of attack code.

More by Jay Lyman

Open Source Developer Dumps Novell Over Microsoft Deal
December 26, 2006

A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.

Financial Firms Tap Microsoft for Linux
December 22, 2006

Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.

Mozilla Beefs Up Security in Firefox 2.0
December 21, 2006

Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.

[Search More...]

Mozilla Foundation	Activate Alert \| Search Archives

Microsoft	Activate Alert \| Search Archives

Google	Activate Alert \| Search Archives