Mozilla claims that the anti-phishingmeasures in its Firefox Web browser are superior to those of Microsoft’s Internet Explorer (IE), based on a report released Wednesday by software testing companySmartWare.
While IE owns around 80 percent of the browser market, it also draws the majority of Internet attacks, including those known as “phishing” — online scams that employ fake Web sites posing as those of legitimate banking and other financial services firms in order to dupe users into disclosing personal information to thieves.
The latest Firefox browser, Version 2.0, blocks phishing attempts better than IE7, SmartWare reported.
Both browsers use different methods of detecting phishing sites. During testing, Firefox 2.0 blocked 79 percent of phishing sites using its regularly updated, built-in list of malicious Web addresses, and 82 percent using Google’s list.
IE7 blocked 66 percent of phishing sites using the browser’s auto check feature, which confirms or denies malicious sites based on information contained in a Microsoft database. With auto check turned off, IE7 blocked only 1.5 percent of phishing sites listed in the database.
Regardless of the browser, between 20 percent and 40 percent of all phishing activities will go undetected, according to the report.
Both Microsoft and Mozilla rely on their lists and databases, but online users generally have no tools to discern phony Web sites and bogus e-mail requests for information from the real things.
“The phishers are way more sophisticated, and they can hit you beforeanybody can push out a list of phishing sites,” IT-Harvest Chief Research Analyst Richard Stiennon told LinuxInsider.
Firefox users are typically more tech-savvy than their IE counterparts, and thus less likely to fall for a phishing attempt, he pointed out. They are also less likely tofall victim to a “drive-by download” — the download of spyware, a virus or any type of malware that occurs without the knowledge of the user.
E-commerce sites can do more to protect users, Stiennon maintained. For example, banks can use heavy-duty encryption, monitor user access, and place limitations on fund transfers to mitigate phishing threats, he suggested.
Much of Mozilla’s work on Firefox 2.0 centered onanti-phishing and other security measures, which are of increasingconcern and priority to administrators and CIOs, Burton Group VicePresident Craig Roth told LinuxInsider.
The success of phishing attacks hinges on so-calledsocial engineering — that is, coming up with tricks that will be successful in duping users.Enterprise interest in phishing threats is growing, and security software vendors are providing enhancements to their products with that in mind.
“From an image point of view, it means a lot to have a message outthere [that] you can put under the security umbrella,” Roth said.