Menu
Antiphishing toolbars are all rubbish

Antiphishing toolbars are all rubbish

A new study of antiphishing toolbars has come to a stark conclusion about their effectiveness -- none of them are any good.

A week ago, a report from SmartWare told the world that Mozilla’s Firefox 2.0 had the best antiphishing capabilities, while a month ago a report from 3sharp claimed Microsoft’s Internet Explorer 7.0 was tops.

But however apparently independent their methodology, those reports were sponsored by the companies -- Mozilla and Microsoft -- that triumphed in each test, a fact that has undermined their reliability in many people’s eyes.

By contrast, the new study, Finding Phish: An Evaluation of Anti-Phishing Toolbars, was conducted by researchers at Carnegie Mellon University in Pittsburgh, backed by organizations as worthily anodyne as the US National Science Foundation and the US Army Research Office.

The study looked at ten browser toolbars: Microsoft Explorer 7, eBay, Google, Netcraft (Mozilla), Netscape, Cloudmark (Mozilla), Earthlink, Geotrust’s TrustWatch, and Stanford University’s Spoofguard, and McAfee’s SiteAdvisor.

Even the best of the bunch -- Earthlink, Netcraft, Google, Coudmark, and Explorer 7 -- detected only 85 percent of fraudulent websites, a good but far from secure level of effectiveness. The rest scored under the 50 percent mark, with McAfee’s SiteAdvisor unable to spot any.

"Overall, we found that the antiphishing toolbars that were examined in this study left a lot to be desired," the authors concluded. "Many of the toolbars we tested were vulnerable to some simple exploits as well."

Most of the toolbars suffered to varying degrees from false positives, where legitimate sites were erroneously identified as being phishing sites. The researchers reckoned this to be almost as big a problem as missing a real phishing site because constant warnings about sites known to be OK might persuade users to ignore all warnings, even when correct.

The inclusion of SiteAdvisor will likely attract the ire of McAfee, which was angered by the product’s dreadful showing in a Microsoft-sponsored test of antiphishing toolbars carried out some weeks ago by consultancy 3Sharp. McAfee claimed after the event that the product was not intended to perform as an antiphishing filter, something still disputed by 3Sharp.

Despite the academic thoroughness of their experiments the researchers offered no explanation as to why McAfee’s SiteAdvisor showed zero ability to spot antiphishing websites, an odd statistic even within the context of the other product’s modest abilities. The fact that the software might not have had any antiphishing features -- regardless of how it had been described on its website -- doesn’t appear to have dawned on the team.

The researchers come up with a number of general observations about browser phishing security, the first and most obvious of which is to use all such filters with great care -- no toolbar can spot all fraudulent sites to a high enough degree or reliability to make it a firm line of defense.

The second point, referred to only obliquely, is that origin of the browser on which the filter is running -- the Mozilla versus Internet Explorer debate -- doesn’t appear to make any odds. It is the effectiveness of the heuristics used to identify sites that matters, and the usability of software design from the point of view of the users themselves.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags antiphishing

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments