Major Browsers Battle Over Which One Fights Phishing Better

In the ongoing battle between the two leading Internet browsers, Mozilla has fired a shot at Microsoft. The open-source browser used the results of a company-sponsored study to claim that the antiphishing filter in its Firefox 2 software more accurately flags potential phishing attacks than does the one in its rival's Internet Explorer 7.

The move comes after Microsoft in late September released data in support of its assertion that IE 7's phishing filter is superior to competing offerings, including those from Mozilla, McAfee, and EarthLink. That claim was based on tests by an independent research group.

Mozilla tapped independent consulting firm SmartWare to test the effectiveness of Firefox 2's Phishing Protection feature, the company said. According to Mozilla, SmartWare's concluded from its testing that Firefox 2's antiphishing feature is "more effective" than IE 7's.

Details of Mozilla Study Results

In the tests, Firefox blocked 820 phishing sites (out of a total of 1040 sites) when running in local mode, a 78.85 percent success rate, the new study found. Local mode checks a list of known phishing URLs (uniform resource locators) stored locally in the browser. When running through Ask Google, which can check URL phishing site lists that are updated online, Firefox 2 blocked 848 sites, upping its success rate to 81.54 percent.

When running in a mode with its antiphishing filter's auto-check turned off, IE 7 blocked 16 phishing sites, a 1.54 percent success rate, according to Mozilla's study. With auto-check turned on, IE 7 blocked 690 sites, giving it success in 66.35 percent of all cases.

The study found 243 instances where Firefox blocked a phishing site and IE did not, and 117 instances where IE blocked a phishing site, but Firefox did not, the study found. In 65 instances, neither browser's antiphishing filter blocked the predatory site.

How Study Was Conducted

SmartWare conducted the comparison tests between Firefox 2 and IE 7 over two weeks, from October 19 to November 11, using phishing URLs collected by a service called PhishTank via its public XML (Extensible Markup Language) feed of phishing URLs. PhishTank allows community participants to submit and verify phishing URLs. For the tests, SmartWare downloaded the feed once per hour, and added any newly listed phishing URLs to the testing database.

The browsers were running on Windows XP machines, Mozilla said.

Microsoft has published its analysis of how IE 7's antiphishing filter stacks up against Mozilla and others, on the company's IE 7 team blog for the product. Microsoft hired 3 Sharp LLC to conduct its study.