FireFox Phishing Protection

In Firefox 2, Mozilla adopts an important security feature that Microsoft first added to IE 7, a phishing filter called Phishing Protection that helps protect against malicious Web sites that masquerade as banks, e-tailers, and other sites that might store financial data. Unlike with IE 7, Firefox’s phishing filter is enabled by default, which is of course a good idea. There’s just one problem: The Firefox Phishing Protection feature isn’t very sophisticated. It uses a blacklist of known dangerous sites, which isn’t an effective protection against modern electronic attacks that rely on social engineering as well as technical vulnerabilities in the underlying products you’re using online. What you need is something that can adapt to threats and update itself automatically.

Alternatively, Firefox lets you enable Google’s phishing filter, which is more effective because it is updated regularly and provides more advanced functionality. On the minus side, the terms of service for Google’s phishing filter literally explain that Google will violate your privacy if you use this product: “Google will log your action and the URL of the page [you visit],” the agreement reads. “It is possible that a URL sent to Google may itself contain personal information” (Figure). Hey, we all trust Google, right? And can you imagine the uproar that would occur if Microsoft did something even remotely this anti-privacy? Meanwhile’s Google’s phishing filter hasn’t caused any concern. Unbelievable.

In previous versions of Firefox, I used Netcraft’s toolbar to help protect against phishing attacks. And while I appreciate that Firefox now offers two integrated anti-phishing solutions, neither is particularly good and neither is as good as what Microsoft offers in IE 7. That’s a shame.

Incidentally, Mozilla initially responded to news that their solution was ineffective by publishing a paper on its Web site that seeks to prove that Firefox Phishing Protection is, in fact, more effective than IE 7’s Phishing Filter. However, a third party study–commissioned by Microsoft–had already reported this not to be true. So who’s right? Here’s what I know to be true: Blacklists are not effective and Google admits it probably will collect your personal information. Neither of those seems very good to me.

Now, since publishing this review, Mozilla has contacted me and told me that their blacklist is updated “regularly,” which is quite a bit more frequently than I previously understood. With phishing attacks, you need protection that is regularly updated, so this is at least acceptable.

Michael is the developer of FireFox, features many articles telling user how they can help improve their web browsing experience. http://www.spreadfoxfire.com Find more Web browsing Advice on our Nice Blog(at)spreadfoxfire.com/blog .