How secure are the Internet Explorer 7 and Firefox 2 anti-phishing mechanisms after all? According to Paul Thurrott this is how great the built-in anti-phishing feature is for Firefox 2:
The built-in phishing protection is truly third-rate. There are two antiphishing options: Mozilla’s weak blacklist-based protection (yes, seriously) and Google’s antiphishing technology, which is both poorly rated and a privacy nightmare.
The result of the most recent test, by a consulting firm called SmartWare, pitted both Firefox 2 and Internet Explorer 7 against 1,040 known phishing sites. Of those sites Firefox came out well above IE 7 as you can see in the chart above that I put together.
There aren’t many specifics on how the test was conducted and where the known phishing sites were retrieved from because that could make a large difference. Firefox 2 does use a blacklist which the browser downloads and compares URL’s to. That blacklist can be viewed by anyone which would make the test highly unfair if many of the sites were pulled from that list.
I’m not very fond of using a blacklist for detecting fraudulent sites but I do think it is an effective method. A combination of blacklist and heuristics would definitely be the best but the heuristics would take some time to properly develop to prevent false positives (identifying a clean site as fraudulent). It would also be nice if SmartWare would release some detailed information on how the tests were conducted and how the sites were picked so that we can ensure the results are unbiased.