Phishing

On the Wild Wild Web, where scams, fraud, and identity theft are
commonplace, which browser protects you more effectively? Is it
Microsoft's Internet Explorer 7 or Mozilla's Firefox 2.0?

According to a new report from software (Embedded image moved to file:
pic12319.jpg)testing firm SmartWare -- a report commissioned by Mozilla
-- the answer is Firefox, at least when it comes to protection against
phishing scams.


Phishing is the practice of directing Web surfers to fake Web sites that
prompt them to reveal personal data, such as social security (Embedded
image moved to file: pic06272.jpg)numbers. The fraudulent sites almost
always steal the designs and logos of well-known, trusted companies,
such as eBay and CitiGroup, to dupe users into divulging their data.


Phighting Phishing


Both IE7 and Firefox have built-in antiphishing features designed to
alert you when you've hit a fraudulent site. With Microsoft's browser,
antiphishing is turned on by default. Each Web site you visit is checked
against a database maintained by Microsoft, and known frauds are
blocked.


Firefox has two antiphishing options. With the first, the sites you
visit are checked against a local database on your computer. With the
second, the sites you visit are checked against a live database
maintained by Google.


In the SmartWare test, Microsoft's Internet Explorer 7 blocked 690 known
phishing sites, or 66.35 percent of the total. In contrast, Firefox
blocked 78.85 percent when using a local antiphishing database and 81.54
percent when using the online database.


Experts Weigh In


Advantage Firefox? Perhaps. "Historically, Firefox has had superior
security," said Patrick Peterson of security firm IronPort. "However,
Microsoft has been working very hard on IE7, which shows great promise
in closing this gap."


Peterson added that Microsoft's new work could be "a great leap
forward," but that it's still too soon to tell which browser will claim
the title of being the safest. "It is true that we see Firefox users
infected less frequently," he said, "but that is primarily because they
are the more technically educated users."


Andrew Braunberg, a security expert with research firm Current Analysis,
said there's another reason that Microsoft's users are more frequently
attacked than Mozilla's: Microsoft's size puts a target on its back.


"Microsoft will say, 'It's not that our software is less secure
inherently, it's just that we're a bigger target,'" said Braunberg.
People go hunting for Microsoft because "that's where the action is."


And, like Peterson, Braunberg said that Microsoft is taking large
strides in security, above all with the impending release of Windows
Vista. "In a lot of ways, Vista is morphing into a security platform, as
opposed to just being an OS."


Microsoft, said Braunberg, has been active in "beefing up the security
with Vista."


User Beware


But no matter how safe your browser -- or even which browser you choose
-- your own behavior might be the worst threat against you.


According to IronPort's Peterson, his firm's internal research shows
that a vast majority of the world's virus attacks and malicious software
infects users' machines with their complete permission.


"End-users are regularly infected by purposefully clicking on links," he
said, noting that even a perfect level of browser security would cause a
reduction in malicious software infections by 20 percent at the most.

"Better browser security is needed," said Peterson. "But no one should
confuse this with a solution to what ails us."
http://www.newsfactor.com/story.xhtml?story_id=032001VRKCKG