Firefox better at spotting fraudulent phishing sites

A study sponsored by Mozilla has claimed that the company's Firefox browser is 18% to 23% better at spotting fraudulent phishing sites than Microsoft's Internet Explorer 7.

The survey, which was done for Mozilla by testing company SmartWare, answers a Microsoft-backed study released in September that put IE 7 at the top of the anti-phishing list.

According to Mozilla's figures, Firefox 2.0 correctly pegged between 78.85% and 81.54% of the 1,040 phony sites culled from a PhishTank list of phishing URLs. IE 7, meanwhile, identified 66.35% of the same sites.

Firefox and IE tackle phishing differently. Mozilla's browser offers two detection options: One is based on a locally-stored blacklist that's updated from Mozilla's servers about every half hour; the other queries Mozilla's partner Google each time a URL is requested to see if the address is in the search engine's phish database. IE, on the other hand, only offers a real-time lookup to match the destination URL with Microsoft's fraud list.

Microsoft's September study, conducted by 3Sharp, put its IE 7 anti-phishing filter at the top of the chart with a score of 172 out of a possible 200. The U.K.-based Netcraft Toolbar came in second at 168. In that test, Firefox was paired with Google Toolbar, which offers phishing protection, because Firefox 2.0 had not yet been released when the Microsoft study was conducted.

Not surprisingly, Paul Robichaux of 3Sharp took the Mozilla/SmartWare survey to task for such shortcomings as using a too-brief testing period and a single source for phishing URLs.

"My personal opinion is that this study isn't as rigorous as the 3Sharp study or the one done by Dr. Lorrie Cranor et al of Carnegie Mellon," Robichaux wrote on a blog entry this week.

Mozilla's study results can be found on the open-source developer's Web site.