News

Anti-phishing toolbars? Too many false positives…

A survey of so-called ‘anti-phishing toolbars’ has come to the worrying conclusion that none of them are any good.

The study, Finding Phish: An Evaluation of Anti-Phishing Toolbars, was conducted by researchers at Carnegie Mellon University in Pittsburgh, and was backed by organisations such as the US National Science Foundation and the US Army Research Office.

The study looked at 10 browser toolbars: Microsoft Explorer 7, eBay, Google, Netcraft (Mozilla), Netscape, Cloudmark (Mozilla), Earthlink, Geotrust’s TrustWatch, Stanford University’s Spoofguard and McAfee’s SiteAdvisor.

Even the ‘better’ ones - Earthlink, Netcraft, Google, Cloudmark and Explorer 7 – were only able to detect 85% of fraudulent websites. That’s good, but it is a far from secure level of effectiveness. The remainder scored under the 50% mark.

“Overall, we found that the antiphishing toolbars examined in this study left a lot to be desired,” the authors concluded. “Many of the toolbars we tested were vulnerable to some simple exploits as well.”

The problem for most of the toolbars is their susceptibility to false positives, with legitimate sites being erroneously identified as being phishing sites. The researchers believed this to be almost as big a problem as missing a real phishing site because constant warnings about sites known to be OK might persuade users to ignore all warnings, even when they’re correct.

There’s no doubt that the conception of anti-phishing toolbars was a worthy idea. But as with any security method, the toolbars need to be closer to 100% effective to be worthwhile. And false positives are the bane of many attempted solutions.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy