Firefox anti-phishing better, says Mozilla

Posted by   Virus Bulletin on   Nov 16, 2006

Browser phishing filters battle for supremacy.

Mozilla has released results of an independently run test of phishing filters, in which its latest product, Firefox 2.0, is compared with Microsoft's new offering, Internet Explorer 7. The test results show new technology in Firefox outperforming that in the rival browser.

Researchers at a third-party testing company visited over 1,000 websites listed as confirmed phishing sites by the PhishTank community project, with each browser in various configurations. IE7 scored 66% when in its default mode, which requires each site to be checked against a remote list at Microsoft headquarters, and a lowly 1.5% when cut off from the master list. Firefox, meanwhile, scored over 78% in its default local mode, and 81% when allowed to check with the latest blacklists provided by Google. As well as low detection rates, IE was criticised for the privacy risk and browsing slowdown caused by the use of remote data sources.

The tests have clashed with results of an earlier study, carried out for Microsoft by another third-party tester, which included several other phishing filters including an earlier version of the Firefox/Google collaboration. This test put the Microsoft product ahead of the field with a 'nine out of ten' detection rate (according a a Microsoft blogger) and zero false positives. The Mozilla-funded study has been criticised for poor methodology, including omitting false positive testing and not testing a wider range of products.

An overview of the new study can be found on Mozilla's site, here, while the earlier test was carried out by 3 Sharp, whose results are here. More info on the earlier test is on the Internet Explorer team blog, here, and a response to the new results from a 3 Sharp representative is here.

Posted on 16 November 2006 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.