Study Indicates Incapacity of Anti-Phishing Tools

When researchers at 'Carnegie Mellon University' were studying anti-phishing toolbars, they could not find a single capable product. The study involved a comparison of ten anti-phishing toolbars including Google Toolbar, MacAfee SiteAdvisor, Netcraft as well as anti-phishing filter integrated into Internet Explorer 7. SmartWare reported that Mozilla's Firefox 2.0 contained the best anti-phishing capabilities. However, just a month ago, a report from 3Sharp said that Microsoft's IE 7.0 ranked at the top.

Although the methodologies behind these reports were independent, companies - Mozilla and Microsoft that sponsored them - found victory in each test, a fact that has injured their reliability.

That the companies have been trying to make such cheap manipulation is shocking and is getting worse gradually. People are flatteringly accepting such surveys, which the winning companies are sponsoring, as valid.

The researchers identified phishing sites recently found; phishing sites found within 24 hours; and differentiated phishing sites from legitimate sites through a series of experiments.

As per the study, even the best performers of the ten tools tested failed to detect 9 to 15% of the phishing sites browsed. 'SpoofGuard' made yet another fault, which although unmistakably spotted 91% of the phishing sites but wrongly marked 38 percent of the legitimate sites as phishing sites.
The researchers wrote there were many things that they wanted from the examined anti-phishing toolbars. For instance, many of the tested toolbars were vulnerable to certain simple exploits.

McAfee is likely to feel offended by the inclusion of SiteAdvisor, and was annoyed because of the dreadful display of the product in a Microsoft sponsored test conducted by consultancy 3Sharp. McAfee said after the test that the product was not meant to work as an anti-phishing filter, something which 3Sharp is still debating on.

In addition to reliability, the study found that several products had ineffective user interface. The study group alerted about toolbars using warning signals indicating the presence of phishing sites. Since many users have become so insensitive to 'pop-up ads' and 'dialogue windows' while browsing webs that they may ignore the warnings and enter personal information on the phishing sites.

Related article: Stock Spamming On the Rise

» SPAMfighter News - 11/25/2006