Technology News: Security: Firefox: The Better Phisher Fighter

Mozilla and Microsoft are duking it out over which of their browsers -- Firefox or Internet Explorer -- is better at alerting users to possible phishing attacks. Mozilla has fired the latest salvo, with a report from a software testing company showing that Firefox blocked more phishing sites than IE.

95% of email is spam. Want to spend more time on the other 5%? Google's hosted email security, powered by Postini, stops email threats before they reach your business. There is no installation or maintenance required, freeing you to focus on strategic activities. Watch our video to learn more.

Mozilla claims that the anti-phishing measures in its Firefox Web browser are superior to those of Microsoft's (Nasdaq: MSFT) Internet Explorer (IE), based on a report released Wednesday by software testing company SmartWare.

While IE owns around 80 percent of the browser market, it also draws the majority of Internet attacks, including those known as "phishing" -- online scams that employ fake Web sites posing as those of legitimate banking and other financial services firms in order to dupe users into disclosing personal information to thieves.

The latest Firefox browser, Version 2.0, blocks phishing attempts better than IE7, SmartWare reported.

Out-Firefoxed

Both browsers use different methods of detecting phishing sites. During testing, Firefox 2.0 blocked 79 percent of phishing sites using its regularly updated, built-in list of malicious Web addresses, and 82 percent using Google's (Nasdaq: GOOG) list.

IE7 blocked 66 percent of phishing sites using the browser's auto check feature, which confirms or denies malicious sites based on information contained in a Microsoft database. With auto check turned off, IE7 blocked only 1.5 percent of phishing sites listed in the database.

Regardless of the browser, between 20 percent and 40 percent of all phishing activities will go undetected, according to the report.

Gone Phishing

Both Microsoft and Mozilla rely on their lists and databases, but online users generally have no tools to discern phony Web sites and bogus e-mail requests for information from the real things.

"The phishers are way more sophisticated, and they can hit you before anybody can push out a list of phishing sites," IT-Harvest Chief Research Analyst Richard Stiennon told LinuxInsider.

Firefox users are typically more tech-savvy than their IE counterparts, and thus less likely to fall for a phishing attempt, he pointed out. They are also less likely to fall victim to a "drive-by download" -- the download of spyware, a virus or any type of malware that occurs without the knowledge of the user.

E-commerce sites can do more to protect users, Stiennon maintained. For example, banks can use heavy-duty encryption, monitor user access, and place limitations on fund transfers to mitigate phishing threats, he suggested.

Securing Image

Much of Mozilla's work on Firefox 2.0 centered on anti-phishing and other security measures, which are of increasing concern and priority to administrators and CIOs, Burton Group Vice President Craig Roth told LinuxInsider.

The success of phishing attacks hinges on so-called social engineering -- that is, coming up with tricks that will be successful in duping users. Enterprise interest in phishing threats is growing, and security software vendors are providing enhancements to their products with that in mind.

"From an image point of view, it means a lot to have a message out there [that] you can put under the security umbrella," Roth said.

Mozilla Foundation	Activate Alert \| Search Archives

Microsoft	Activate Alert \| Search Archives

Google	Activate Alert \| Search Archives