Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Microsoft, Mozilla compete on anti-phishing data
Published: 2006-11-14

More than a month after Microsoft released a study recommending its browser's anti-phishing features, the Mozilla Foundation struck back on Tuesday with a survey using different data, and unsurprisingly, came up with different results.

Using 1,040 phishing sites flagged by the open PhishTank database over a two-week period, the Mozilla Foundation found that Firefox 2.0 blocked 79 percent of the malicious sites just using the local black list of phishing URLs and blocked 82 percent of phishing sites using the real-time Google filtering feature. Microsoft's Internet Explorer 7's anti-phishing features blocked only 66 percent of the sites with its auto-check feature enabled and only 2 percent with the autocheck feature disabled.

The Mozilla Foundation commissioned business strategy firm SmartWare to conduct the test of the anti-phishing filters in its Firefox 2.0 browser and in Microsoft's Internet Explorer 7 browser. Security testing firm iSec Partners certified the testing methodology.

There were 243 instances where Firefox 2.0 blocked the phishing site, but Internet Explorer 7 did not. Another 117 instances where Internet Explorer 7 blocked a phishing site and Firefox 2.0 did not. In 65 instances, neither browser's anti-phishing tool blocked the site. The PhishTank data is not used by either browser as part of the decision of whether to block a site or not, according to Mozilla.

Microsoft's study, conducted by business strategy firm 3Sharp, scored Microsoft's Internet Explorer 7 highest--at 172 points--followed closely by Netcraft's (corrected) anti-phishing toolbar at 168. Mozilla's Firefox 1.5 combined with Google's toolbar scored only 106 points. The study used a small sample set of 100 phishing sites and 500 legitimate sites culled from live e-mails collected over a six-week period. Neither Internet Explorer nor Firefox with the Google toolbar flagged legitimate sites as potential phishing attacks.

Window Snyder, the chief security officer for the Mozilla Foundation and former security strategist at Microsoft, flagged the software giant's small sample size as the likely reason for the different results.

"They only tested a 100 URLs--that's a really small sample," Snyder said. "So that might have impacted their results. Otherwise, the methodologies are pretty similar."

Microsoft released Internet Explorer 7 on October 18. Mozilla followed suit a week later, releasing Firefox 2.0 on October 25. Mozilla's Firefox has gradually increased its share of the market in the past two years, accounting for 12 percent of unique visitors in September compared to 8 percent a year ago, according to the HitsLink Market Share service run by Web software firm NetApplications. Microsoft's Internet Explorer fell to 82 percent of the market in September, down from 87 percent a year ago, according to the data.

Mozilla plans to release all the data used in the study to its site.

CORRECTION: The news brief referred to the wrong company as the runner-up in the Microsoft-commissioned study. Netcraft's anti-phishing toolbar took second place with 168 points.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus