All the latest UK technology news, reviews and analysis
|
|
|
22 Nov 2006
A study of anti-phishing toolbars by researchers at Carnegie Mellon University failed to find a single capable product.
The Evaluation of Anti-Phishing Toolbars (PDF download) compared 10 anti-phishing toolbars, including Google Toolbar, McAfee Site Advisor and Netcraft, as well as the anti-phishing filter built into Internet Explorer 7.
McAfee SiteAdvisor does not offer anti-phishing functionality, but the company launched SiteAdvisor Plus earlier this month that offers real-time anti-phishing protection.
The Carnegie Mellon researchers prepared a series of experiments that included identifying recently discovered phishing sites, identifying phishing sites over a period of 24 hours, and differentiating between phishing sites and legitimate sites.
Even the top performers failed to catch nine to 15 per cent of the phishing sites visited. SpoofGuard, which correctly identified 91 per cent of the phishing sites, also labeled 38 per cent of the legitimate sites as phishing operations.
Netscape Browser 8.1, eBay Toolbar and TrustWatch identified fewer than half of the phishing sites.
"Overall we found that the anti-phishing toolbars examined in this study left a lot to be desired," wrote the researchers. "Many of the toolbars we tested were vulnerable to some simple exploits as well."
Aside from reliability, the study found the user interface on several products ineffective. Many of the toolbars used warning dialogues to indicate when a phishing site was found.
Because many users have been desensitised to pop-up ads and dialogue windows in web browsers, they may simply dismiss the warnings and enter personal information on the phishing site.
"When using an anti-phishing toolbar, poor usability could mean the difference between correctly steering someone away from a phishing site and having them ignore the warnings only to become a victim of identity theft," wrote the researchers.
Latest stories from Privacy
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Systems Analysis Project Lead - UML, Agile, Waterfall...
IT Business Analyst - ISEB, PRINCE2 - Southampton, Hampshire...
Predictive Modelling analytics - (SAS) - South-East...
iOs Developer - JEE, cocoa, Objective-C - Midlands (potential...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?