Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

goose — Thu, 28 Sep 2006 16:52:35 GMT

With Microsoft AntiPhish nothing can fool me. Thank you for AntiPhish!! I feel more confident clicking random things now without care. Microsoft, you are GREAT. Innovation! Best CSS support. Best record of blocking spyware. Good GUI. Thank you.

re: Anti-Phishing Accuracy Study

hAl — Thu, 28 Sep 2006 17:14:35 GMT

Really funny is the score of McAfee Site Advisor scoring 3 points out of 200 where the top two products including IE7 score 172 and 168.
Hilarious even !!!

Hey, nice results.

Jeff — Thu, 28 Sep 2006 17:31:18 GMT

Congratulations, guys. Those are some pretty impressive scores. Poor McAffee. :)

Gone Phishing: Evaluating Anti-Phishing tools for Windows

Spyware Sucks — Thu, 28 Sep 2006 17:42:19 GMT

3sharp, a Redmond based technical services company, has been commissioned by Microsoft to undertake a

re: Anti-Phishing Accuracy Study

David Taylor — Thu, 28 Sep 2006 17:48:17 GMT

Tony,

I will definately turn it on for my parents and non-technical friends. However I am not convinced it wont slow down my browsing.

Could you give us an outline in technical detail of what steps are taken to ensure this does not slow down browsing.

re: Anti-Phishing Accuracy Study

Francis — Thu, 28 Sep 2006 17:57:15 GMT

Good work! However, I must note that my installation of RC1 identified a Microsoft web site under microsoft.com as a phishing site. So either it's a false positive or... ? ;-)

(Unfortunately, I no longer have the link.)

re: Anti-Phishing Accuracy Study

Sheep and Duck — Thu, 28 Sep 2006 18:41:58 GMT

3Sharp was founded in 2002 by three friends: Paul Robichaux, Peter Kelly, and John Peltonen, all experts in their respective fields. Their goal was to establish a company that could demonstrate the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies. By working closely with Microsoft's Information Worker Group, 3Sharp has always been able to stay on the cutting-edge of the Office System technologies.

http://www.3sharp.com/about_us.htm

Somehow I don't trust this "study".

mozilla links » Blog Archive » Microsoft on anti-phishing: We are winning

mozilla links » Blog Archive » Microsoft on anti-phishing: We are winning — Thu, 28 Sep 2006 18:51:44 GMT

PingBack from http://mozillalinks.org/wp/2006/09/microsoft-on-anti-phishing-we-are-winning/

re: Anti-Phishing Accuracy Study

Tony Chor [Msft] — Thu, 28 Sep 2006 19:01:32 GMT

Everyone: thanks for the comments far!

David: In order to minimize the performance impact, we do the phishing filter checks asynchronously from the navigations, that is we don't block navigation while we check. If you prefer, you can also run the Phishing Filter manually, by turning PF off and then choosing "Check this website" from the Phishing Filter option under the Tools menu. This allows spot checking of sites you think might be suspicious.

Francis: We're continuing to tune the Phishing Filter heuristics to minimize false positives to prevent good sites from being flagged.

Sheep and Duck: I'm not sure how to convince you to trust the study; it doesn't help us improve the product if we weight the results. Ultimately, you should be the judge based on your personal experience with the tools.

re: Anti-Phishing Accuracy Study

Paul Robichaux — Thu, 28 Sep 2006 19:09:29 GMT

Sheep and Duck, I understand why you're skeptical. No matter who commissioned the study, *someone* would distrust the results on that basis alone. However, I think if you read the report, you'll see that we have been transparent about our test methods and the data we used for the test. If you read the report and still have questions, feel free to contact me via e-mail (paulr@3sharp.com) or my blog (www.robichaux.net/blog) and I'll do my best to address them.

re: Anti-Phishing Accuracy Study

Jill — Thu, 28 Sep 2006 20:24:47 GMT

I would be very interested to know, in cold hard facts (not a comissioned study), how many end users have been "scammed" by a phishing site? per month, per year, and ideally by geographic location.

As an avid user of the Internet for many years, it would take a heck-uv-a-lot of a scam, to actually get me to part way with my money, or be convinced that the site was legitimate.

7 times out of 10, the url gives it away, or the graphics, or a complete mis-guided attempt at English. ie. "For our security, your credentials you must enter below and click submit"

Profesional web sites, just don't have glaring gramatical errors on them (or if they do, they are cleared up within minutes of posting)

My other comment, is a request. Can the phishing filter be added as a right click option on the url? Since this is the address of the site, it is the most logical place on the screen to go to, if in doubt.

re: Anti-Phishing Accuracy Study

Steve — Thu, 28 Sep 2006 20:32:58 GMT

Interesting. Microsoft's main competitor in the Web Browser market is of course Mozilla Firefox. Why in the study, was there no comparison against Firefox 2.0 Beta X or RC1? It is by far a superior browser, and now too includes anti-phishing technology. Were the study's commissioners worried that going head to head with a better browser, might indeed show that their anti-phishing technology was also not up to par?

-

Very interesting, because in the Press Release, at 3Sharp, it mentions testing with Google Safe search... which, well, is all very good, but not an apples/apples comparison in the slightest... but interestingly, only here, in your comparison list, is Firefox mentioned...

It sounds like Firefox was an active player in the tests, when it most certainly was not.

Microsoft antisphishing tool wins Microsoft sponsored bakeoff

InfoWorld Tech Watch — Thu, 28 Sep 2006 20:47:58 GMT

Microsoft sponsors an antiphishing technology bake-off. Guess who wins...

re: Anti-Phishing Accuracy Study

Shane Keats — Thu, 28 Sep 2006 21:05:48 GMT

This is Shane from McAfee SiteAdvisor here. We're not surprised to find out that we came in last in Microsoft's anti-phishing study.

Why? Because we don't offer anti-phishing.

We test for a lot of important things that no one else does, like whether a site's e-mail practices result in spam, or whether an offered download bundles spyware, or whether the site attempts to breach browser security, or whether the site agressively links to known bad sites.

But we don’t offer anti-phishing protection, at least not yet. We're pretty explicit about that too:

<a href="http://support.siteadvisor.com/support-center/index.php?x=&mod_id=2&id=131">
"SiteAdvisor's software does not currently provide automated or real-time phishing detection."</a>

SiteAdvisor's protections complement McAfee's other products which do deliver strong anti-phishing protection.

re: Anti-Phishing Accuracy Study

Paul Robichaux — Thu, 28 Sep 2006 21:14:12 GMT

Steve: we didn't include Firefox version 2 because at the time our test started it wasn't available in beta. Because 2.0 incorporats the same code base as Google's Safe Browsing add-on for Firefox 1.5. I think the results are representative, although I'm sure you're right that the release version of 2.0 will do a better job.

Shane: I wrote you a lengthy mail explaining why we thought SiteAdvisor was an anti-phishing tool. Just in case your mail filtering system blocked it, I've explained our reasoning at <http://www.robichaux.net/blog/2006/09/mcafee_siteadvisor_sure_looks_like_an_an.php>. If you'd like to discuss this further, my door is always open.

re: Anti-Phishing Accuracy Study

Aedrin — Thu, 28 Sep 2006 22:08:18 GMT

"Why in the study, was there no comparison against Firefox 2.0 Beta X or RC1"

I don't see how a minor version update matters in the results.

I still don't understand which feature made it require a major version increment.

Sounds to me like they're worried about IE's major version increment.

Valiant, but...

Joe — Thu, 28 Sep 2006 23:05:22 GMT

"we didn't include Firefox version 2 because at the time our test started it wasn't available in beta."

A valid explanation, but ultimately futile. In no time some other reason to distrust this study will be brought up, simply because to some, studies that have MS coming out on top are automatically 'suspicious.'

re: Anti-Phishing Accuracy Study

Joe — Thu, 28 Sep 2006 23:07:30 GMT

Wow, looks like the firefox lobby has arrived. I guess this story was posted on slashdot?

re: Anti-Phishing Accuracy Study

Steve — Thu, 28 Sep 2006 23:21:02 GMT

@ Jill

You said: "As an avid user of the Internet for many years, it would take a heck-uv-a-lot of a scam, to actually get me to part way with my money, or be convinced that the site was legitimate."

That may be correct for me and you (let's call ourselves 'power users' - not sure if you would brand yourself as that, but I would, and I'll assume you are fairly competent computer user).

However lets take my mum... or my Gran.. or heck my 25 year old friend - varying degrees of computer literacy, but would all probably fool for a phishing scam if it was good enough.

I agree some are bad... no, in fact, some are really bad - but some are also good. Came across one in my mum's inbox 'from PayPal'... HTML email was well crafted, good English, website looked very authentic. The link text in the email was different from the actual URL - but not everyone would check.

Suppose all i'm saying is this feature isn't for you and me... its for your mum, dad, grand, aunt, or anyone else you know who isn't a fairly knowledgeable web user.

re: Anti-Phishing Accuracy Study

I hate fanboys — Thu, 28 Sep 2006 23:21:39 GMT

Hey, you, YES YOU, firefox fan boys, please don't post off-topic posts. If you don't like IE just don't go there. JUST DON'T.

re: Anti-Phishing Accuracy Study

EdH — Fri, 29 Sep 2006 00:43:41 GMT

Hrm.... Seems to have done the best job of blocking what it detected, where you get 2X the points than for just detecting and warning users. When it comes to warning, IE7 didn't win in any category.

http://weblog.infoworld.com/techwatch/archives/008114.html

Great work so far, but I'd like to see better performance in detection.

re: Anti-Phishing Accuracy Study

Dao — Fri, 29 Sep 2006 02:37:15 GMT

I don't know about Microsoft Phishing Filter, but I think Google Safe Browsing gets better the more users participate. Thus speaking of accuracy, I could imagine a boost once Firefox 2 ships.

> I still don't understand which feature made it require a major version increment.
> Sounds to me like they're worried about IE's major version increment.

Let's be fair. Firefox has been a decent browser since 2004, whereas Internet Explorer wasn't. It made a straight progress with 1.5, whereas Internet Explorer didn't. Now it's no surprise that Mozilla doesn't have to fix as much as MS. If you want a comparison, then take IE 5.5 and 6.

re: Anti-Phishing Accuracy Study

Mike Jackson — Fri, 29 Sep 2006 03:03:15 GMT

Anti Phishing keeps picking on Yahoo! Answers every time I try to log on

re: Anti-Phishing Accuracy Study

Sandi — Fri, 29 Sep 2006 03:24:02 GMT

Jill,

From February to Mid Aug 2006 the Phishing Filter helped block over 800,000 instances of people trying to access reported phishing websites using IE7 or MSN/Windows Live Toolbar. This figure includes almost 500,000 blocks since IE7 Beta 2 was released.

IE7 users are reporting up to 4,500 potential phishing sites per week.

Microsoft has been adding up to 17,000 URLS a month to its Phishing Filter service.

re: Anti-Phishing Accuracy Study

Anomynous — Fri, 29 Sep 2006 04:28:43 GMT

Unfortuantly, anything that shows Microsoft came out at the top will immediatly be looked upon with suspicion because of the well known sucurity problems with Internet Explorer 6 and Windows XP. Microsoft will have to work hard to turn that negative image around.

re: Anti-Phishing Accuracy Study

Anomynous — Fri, 29 Sep 2006 04:29:22 GMT

re: Anti-Phishing Accuracy Study

Fduch — Fri, 29 Sep 2006 07:52:01 GMT

How beta testing of IE7 on Connect goes with regards to the filter:

q> IE7 crashes on these websites: {...}
A> Do you have phishing filter on?
q> yes
A> Turn it off. Closed

re: Anti-Phishing Accuracy Study

Fduch — Fri, 29 Sep 2006 08:02:05 GMT

Read the Paul's blog entry about McAfee http://www.robichaux.net/blog/2006/09/mcafee_siteadvisor_sure_looks_like_an_an.php

re: Anti-Phishing Accuracy Study

Luc — Fri, 29 Sep 2006 11:04:10 GMT

@Steve
Firefox 2.0 uses Google antiphishing

re: Anti-Phishing Accuracy Study

Schreuder — Fri, 29 Sep 2006 15:56:42 GMT

Can i test myself the antiphishing filter? Like the EICAR tests? Any URL known to be malicious?

re: Anti-Phishing Accuracy Study

tseving — Fri, 29 Sep 2006 16:49:13 GMT

I've been using Sitehound, a product of Firetrust, a NZ company. Sitehound uses an internally stored URL database, updated daily. I turned it off and clicked a few banners that are known scam/spyware sites. The antiphishing filter let me into about half of them. If addition, the antiphishing filter gave me several false positives, including my own Comcast web mail beta email account. While I don't have any measurable data to support this, my browser seemed sluggish with antiphishing filter engaged. So I disabled it and enabled my Sitehound again. I'm not intending to bad-mouth IE7. I love it. This is just feedback FYI.

re: Anti-Phishing Accuracy Study

John A. Bilicki III — Fri, 29 Sep 2006 16:50:38 GMT

Does Opera or Safari have or will have this feature as IE7 and Firefox 2 will? Good to see this being added. Any idea when we'll get a slightly newer build then 7.0.5700.6?

re: Anti-Phishing Accuracy Study

Eduardo Valencia — Fri, 29 Sep 2006 19:47:27 GMT

it's a challenge for you guys (IE Team) to make this broswer the best of all,please

It's important you keep improving, adding new functionality prior to release

re: Anti-Phishing Accuracy Study

Fred — Fri, 29 Sep 2006 22:39:24 GMT

@Schreuder: See http://www.antiphishing.org/phishing_archive/phishing_archive.html for known phishing sites.

re: Anti-Phishing Accuracy Study

Sandi — Sat, 30 Sep 2006 04:20:57 GMT

Shane Keats,

As I said in response to your comment on my blog, your service warns of "fraudulent practices" and has tested "sites representing more than 95% of worldwide Web traffic" and performs "tens of thousands" of tests every day, but phishing sites aren't included?

http://www.siteadvisor.com/download/ie_learnmore.html

No exclusion of phishing sites here either:

http://www.siteadvisor.com/press/faqs.html#q11

Perhaps you should be more specific about what these "fraudulent practices" are (fraud, but not phishing, despite phishing being a type of fraud?) and add a mention about not covering phishing in the FAQ in addition to the Support Centre (people won't go to the support centre unless they have problems).

The Teklow Group » Blog Archive » MS anti-phishing tool wins MS bakeoff

The Teklow Group » Blog Archive » MS anti-phishing tool wins MS bakeoff — Sat, 30 Sep 2006 19:44:50 GMT

PingBack from http://www.teklow.com/weblog/2006/09/30/ms-anti-phishing-tool-wins-ms-bakeoff/

Une étude commissionnée par Microsoft place IE7 en tête sur le phishing

WebLog de Stéphane PAPP [MSFT] — Sun, 01 Oct 2006 09:58:04 GMT

Il est amusant de constater que les simples faits qu’une étude ait été financée par Microsoft et que...

aesjkt » MS antisphishing tool wins MS bakeoff

aesjkt » MS antisphishing tool wins MS bakeoff — Tue, 03 Oct 2006 22:08:05 GMT

PingBack from http://www.aesjkt.com/wp2/?p=540

re: Anti-Phishing Accuracy Study

George Heindel — Wed, 04 Oct 2006 20:35:19 GMT

TONY CHOR:

Thank you for a fine product!

READ THE ABOVE COMMENTS AT LENGTH..and must comment myself. WE have a trust issue to face!

I have installed IE7 RCI with live toolbar and used now over a month. Note I as well have McAffee Anti-virus and Spam Filter.

My dedication to Microsoft Products is founded

on all you are doing to improve each day and each week.

YOU and your teams are amazing me so I vote

to use Microsoft now and in the future.

re: Anti-Phishing Accuracy Study

Harold — Wed, 04 Oct 2006 22:54:42 GMT

@George You seem very pro-Microsoft in your comments. Thats good. Out of interest, you say you use MS products now/and intend to in the future, also good. But one question. Have you tried other Web browsers? e.g. Opera, Maxthon, Firefox?

I would hazzard to guess you haven't, since I think you'll find the other products even more impressive. Even the "tabs" are better in IE6, with the MSN Toolbar.

(((Yes MS Developers... that's right! The tabs in IE6, with the MSN Toolbar, are BETTER than the tabs in IE7)))

re: Anti-Phishing Accuracy Study

EricLaw [MSFT] — Thu, 05 Oct 2006 06:29:15 GMT

@Harold: I'd love to hear more about what you think is better about the MSN Toolbar's tab implementation. Thanks!

re: Anti-Phishing Accuracy Study

RRWW — Fri, 06 Oct 2006 21:24:42 GMT

actually IE7 tabs are much better than MSN Toolbar

Anti-phishing Impacts on Web Site Owner at iTechNote

Anti-phishing Impacts on Web Site Owner at iTechNote — Mon, 09 Oct 2006 20:11:40 GMT

PingBack from http://www.itechnote.com/2006/10/09/anti-phishing-impacts-on-web-site-owner/

Anti-Phishing Services

Reddy — Tue, 10 Oct 2006 22:06:35 GMT

It is nice to have Anti-Phishing Services available at individual Enterprise level. As I understood that if Anti-Phishing options enabled , then every link will be scanned by "Anti-Phishing services or by servers at microsoft.com " . This is kind of privacy concern. If Microsoft come up having tool to have Anti-Phishing service or server available at individual enterprises ( like the way SUS is) , then individual enterprises sync with Microsoft Servers and route all the traffic thru enterprise owned and controlled Anti-Phishing Services/Servers.

More Thoughts on Measuring Anti-Phishing Accuracy

IEBlog — Wed, 15 Nov 2006 03:30:24 GMT

Some of you may have seen stories comparing IE7’s anti-phishing accuracy with our competitors, citing

Firefox ?? mais confi??vel que o IE7 « O Pinto Palrador

Firefox ?? mais confi??vel que o IE7 « O Pinto Palrador — Sun, 19 Nov 2006 01:54:06 GMT

PingBack from http://adelinos.wordpress.com/2006/11/18/firefox-e-mais-confiavel-que-o-ie7-contra-phishings/

i’m nobody. » Mozilla: Firefox antiphishing tool better than IE7’s

i’m nobody. » Mozilla: Firefox antiphishing tool better than IE7’s — Mon, 20 Nov 2006 13:28:40 GMT

PingBack from http://shahrul.info/blog/?p=97

McAfee forced to back down in argument with 3Sharp over phishing report results

Spyware Sucks — Wed, 22 Nov 2006 15:59:24 GMT

McAfee, which originally disputed SiteAdvisor's inclusion in the 3Sharp phishing filter tests back in

Pierres Service » Blog Archive » Anti-Phishing Accuracy Study

Pierres Service » Blog Archive » Anti-Phishing Accuracy Study — Tue, 28 Nov 2006 23:18:43 GMT

PingBack from http://accuracy.pierresccservice.com/anti-phishing-accuracy-study/

Anti-Phishing Accuracy Study :: Newstack

Anti-Phishing Accuracy Study :: Newstack — Thu, 07 Dec 2006 21:56:13 GMT

PingBack from http://accuracy.newstack.com/anti-phishing-accuracy-study-2/

paul thurrot gets it wrong on firefox

Asa Dotzler - Firefox and more — Wed, 17 Jan 2007 08:05:08 GMT

Paul Thurrott, in his somewhat late review, takes a look at Firefox 2's new features. Unfortunately, and something I didn't expect from Paul, it's either the most intentionally misleading review of Firefox, or it's a completely unserious piece of writing.

IE7 at RSA San Francisco

IEBlog — Tue, 06 Feb 2007 21:10:26 GMT

Back in November, we announced our intention to bring Extended Validation SSL Certificates to IE7 . This

Computer » IE7 at RSA San Francisco

Computer » IE7 at RSA San Francisco — Tue, 06 Feb 2007 22:30:23 GMT

PingBack from http://computer.chardum.com/uncategorized/2007/02/06/ie7-at-rsa-san-francisco/

Windows Security Blogs » Blog Archive » Anti-Phishing Accuracy Study

Windows Security Blogs » Blog Archive » Anti-Phishing Accuracy Study — Wed, 14 Mar 2007 02:00:08 GMT

PingBack from http://winblogs.security-feed.com/2006/09/28/anti-phishing-accuracy-study/

Firefox Myths | Foxfire Facts

Firefox Myths | Foxfire Facts — Sat, 15 Dec 2007 13:22:49 GMT

PingBack from http://mozillafirefox3.net/firefox-myths/

IEBlog Anti Phishing Accuracy Study | Paid Surveys

IEBlog Anti Phishing Accuracy Study | Paid Surveys — Sat, 30 May 2009 03:36:52 GMT

PingBack from http://paidsurveyshub.info/story.php?title=ieblog-anti-phishing-accuracy-study

IEBlog Anti Phishing Accuracy Study | Green Tea Fat Burner

IEBlog Anti Phishing Accuracy Study | Green Tea Fat Burner — Tue, 09 Jun 2009 22:33:33 GMT

PingBack from http://greenteafatburner.info/story.php?id=3455

IEBlog Anti Phishing Accuracy Study | internet marketing tools

IEBlog Anti Phishing Accuracy Study | internet marketing tools — Tue, 16 Jun 2009 07:34:52 GMT

PingBack from http://einternetmarketingtools.info/story.php?id=7644

Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

Hey, nice results.

Gone Phishing: Evaluating Anti-Phishing tools for Windows

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

mozilla links » Blog Archive » Microsoft on anti-phishing: We are winning

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

Microsoft antisphishing tool wins Microsoft sponsored bakeoff

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

Valiant, but...

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

The Teklow Group » Blog Archive » MS anti-phishing tool wins MS bakeoff

Une &#233;tude commissionn&#233;e par Microsoft place IE7 en t&#234;te sur le phishing

aesjkt » MS antisphishing tool wins MS bakeoff

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

re: Anti-Phishing Accuracy Study

Anti-phishing Impacts on Web Site Owner at iTechNote

Anti-Phishing Services

More Thoughts on Measuring Anti-Phishing Accuracy

Firefox ?? mais confi??vel que o IE7 « O Pinto Palrador

i’m nobody. » Mozilla: Firefox antiphishing tool better than IE7’s

McAfee forced to back down in argument with 3Sharp over phishing report results

Pierres Service » Blog Archive » Anti-Phishing Accuracy Study

Anti-Phishing Accuracy Study :: Newstack

paul thurrot gets it wrong on firefox

IE7 at RSA San Francisco

Computer » IE7 at RSA San Francisco

Windows Security Blogs » Blog Archive » Anti-Phishing Accuracy Study

Firefox Myths | Foxfire Facts

IEBlog Anti Phishing Accuracy Study | Paid Surveys

IEBlog Anti Phishing Accuracy Study | Green Tea Fat Burner

IEBlog Anti Phishing Accuracy Study | internet marketing tools

Une étude commissionnée par Microsoft place IE7 en tête sur le phishing