3Sharp Study finds Internet Explorer 7 Edges Out Netcraft As Most Accurate for Anti-Phishing Protection

Six Week Study Tested Eight Products to Determine Best Overall Anti-Phishing Accuracy including EarthLink, eBay, GeoTrust, Google using Firefox, McAfee, Microsoft Internet Explorer 7, Netcraft, and Netscape

REDMOND, Wash.--()--3Sharp LLC, a privately held technical services firm with offices in Redmond and Toledo, Ohio, today released the results of the most extensive public testing to date on the effectiveness of different Web browser and toolbar-based anti-phishing technologies. The rising tide of identity theft through fraudulent websites is becoming a key concern among consumers, and is resulting in increased focus on anti-phishing technologies from large vendors. In fact, the Anti-Phishing Working Group (APWG), a global industry group focused on eliminating identity theft through spoofed e-mail, recently reported the number of phishing sites is growing as much as 400% a year.

Paul Robichaux, senior partner at 3Sharp, has more than 20 years experience as a software developer, messaging architect, and system administrator. Over the last few years, he points out, phishing has become a much bigger problem. Phishers have become more sophisticatedand brazenin their attacks, and theyre getting better at fooling people.

Robichaux says, Early phish were pretty rudimentary, but todays phish are often very realistic, and theyre getting better all the time. To protect users from this dynamic threat, our study results show that the best browser-based anti-phishing protection offered today uses a combination of heuristics and a broad set of regularly updated data sources.

To gain perspective on the technologies available and their effectiveness in protecting consumers from these increased risks, 3Sharp conducted a study commissioned by Microsoft called Gone Phishing: Evaluating Anti-Phishing Tools for Windows. The study offers the industry and consumers a more quantitative understanding of anti-phishing technology effectiveness. This study was designed to go beyond the common practice of citing anecdotal conclusions based on a handful of test phishing sites. We believe that this is the most comprehensive public study to date of how well anti-phishing technologies work against live phish, said Robichaux.

3Sharps methodology creates a composite score for each technology based on both its accuracy in catching real phishing websites and its error rate in incorrectly blocking legitimate websites. The overall results of these tests show that Internet Explorer 7 Beta 3 with Phishing Filter had the best overall accuracy, resulting in an overall composite score of 172 out of a possible 200. The Netcraft Toolbar was close behind Internet Explorer 7 with a composite score of 168.

Following Netcraft there was a significant gap in terms of overall effectiveness: the third-place technology scored 106 of a possible 200, while the last-place technology scored 3 of 200. Other phishing technologies analyzed include (in alphabetical order) EarthLink ScamBlocker, the eBay Toolbar, GeoTrust TrustWatch, Google Safe Browsing on Firefox, McAfee SiteAdvisor, and Netscape Browser.

   The results of the study are highlighted below:

    1.  Internet Explorer 7 Beta 3 RC3 with Microsoft Phishing Filter
        with a score of 172 points
    2.  Netcraft Toolbar with a score of 168
    3.  Google Safe Browsing on Firefox with a score of 106
    4.  eBay Toolbar with a score of 92
    5.  Earthlink ScamBlocker with a score of 76
    6.  GeoTrust TrustWatch with a score of 67
    7.  Netscape 8.1 with score a of 56
    8.  McAfee Site Advisor with a score of 3

3Sharps goal was to evaluate each anti-phishing technology based on the principle that effectiveness of anti-phishing technologies needs to balance two critical goals: protecting the user through high accuracy in warning and blocking known phish, and ensuring a low rate of mistakes - or false warnings and blocks - on legitimate websites. 3Sharp did this by testing each technology against the same independent list of 100 phish, collected and updated daily from several well-known industry e-mail sources between May and July 2006). 3Sharp also tested each technology against 500 known-good legitimate websites and scored the results to develop the composite effectiveness score. Blocking a site correctly scored twice as much as just warning on a site, while incorrectly blocking or warning on legitimate sites resulted in similar point deductions, and a mathematical formula was used to calculate overall accuracy.

The 3Sharp report, Gone Phishing: Evaluating Anti-Phishing Tools for Windows, is now free to download and posted publicly at http://www.3sharp.com/projects/antiphishing. This report includes a detailed description of the methodology and all URLs that were tested. The report also contains a detailed description of how the testing methodology was designed, where the sources of data came from, and the specific versions of each vendors technology and the browsers tested.

3Sharp LLC is a privately held technical services company founded in 2002. Our customers include Andrews & Kurth, eBay, Global Market Insite, MessageOne, Microsoft, Memorial Sloan Kettering Cancer Center, Scripps Media, USG, and Zippo Manufacturing.

Our core business revolves around three areas:

  • The Infrastructure and Platform group delivers design and deployment consulting and related services for Microsoft Windows, Microsoft Exchange Server, Microsoft Live Communications Server, Windows SharePoint Services, and SharePoint Portal Server.
  • Our Technical Content division creates technical materials, including white papers, public and internal training, courseware, demos, and hands-on labs.
  • Our Office System Solutions division develops solutions for customers that leverage the latest releases of Microsoft Office System client and server applications to integrate with existing business applications and processes.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Contacts

3Sharp LLC
Paul Robichaux, 419-873-8308
paulr@3sharp.com

Contacts

3Sharp LLC
Paul Robichaux, 419-873-8308
paulr@3sharp.com