Firefox anti-phishing better, says Mozilla

Browser phishing filters battle for supremacy.

Mozilla has released results of an independently run test of phishing filters, in which its latest product, Firefox 2.0, is compared with Microsoft's new offering, Internet Explorer 7. The test results show new technology in Firefox outperforming that in the rival browser.

Researchers at a third-party testing company visited over 1,000 websites listed as confirmed phishing sites by the PhishTank community project, with each browser in various configurations. IE7 scored 66% when in its default mode, which requires each site to be checked against a remote list at Microsoft headquarters, and a lowly 1.5% when cut off from the master list. Firefox, meanwhile, scored over 78% in its default local mode, and 81% when allowed to check with the latest blacklists provided by Google. As well as low detection rates, IE was criticised for the privacy risk and browsing slowdown caused by the use of remote data sources.

The tests have clashed with results of an earlier study, carried out for Microsoft by another third-party tester, which included several other phishing filters including an earlier version of the Firefox/Google collaboration. This test put the Microsoft product ahead of the field with a 'nine out of ten' detection rate (according a a Microsoft blogger) and zero false positives. The Mozilla-funded study has been criticised for poor methodology, including omitting false positive testing and not testing a wider range of products.

An overview of the new study can be found on Mozilla's site, here, while the earlier test was carried out by 3 Sharp, whose results are here. More info on the earlier test is on the Internet Explorer team blog, here, and a response to the new results from a 3 Sharp representative is here.

16 November 2006

Tags: del.icio.us digg this