The Register® — Biting the hand that feeds IT

Firefox outshines IE in phish fight

Dodgy URLS at dawn

By John LeydenGet more from this author

Posted in Security, 15th November 2006 14:59 GMT

Free whitepaper – Managing operating systems and applications with the new Dell Management Console

Anti-phishing features in Firefox 2.0 perform better than equivalent security technologies in IE7, according to a study commissioned by the Mozilla corporation.

The tests, performed by testing firm SmartWare and audited by iSEC partners, looked at how each browser responded to known phishing URLs as identified by community anti-phishing website Phishtank.

Firefox in its most secure configuration blocked 81.5 per cent of the 1,040 phishing websites, whereas IE7 blocked only 66.4 per cent. Even with the Ask Google feature turned off, Firefox 2.0 blocked 78.9 per cent of the dodgy domains identified by Phishtank.

In 243 instances Firefox blocked fraudulent domains that IE allowed against 117 occasions when Firefox allowed visits to sites IE correctly identified as fraudulent. Both browsers failed to recognise 65 dodgy websites.

Looking at false positives (legitimate websites identified as potentially fraudulent) was out the scope of Smartwave's study, as explained here.

A similar study published in September commissioned by Microsoft found that IE7 performed better than a range of seven third-party security applications. The survey, by messaging firm 3sharp, a Microsoft partner, didn't compare the performance of IE7 against the then unreleased Firefox browser however. ®

Free whitepaper – PowerEdge M-Series blades I/O guide

Webcast: Jumpstart your Application Security initiatives