Enterprise

Firefox Anti-Phishing Features Score Points

Mozilla’s beta version of Firefox 2.0 is drawing applause from reviewers for its new anti-phishing features, which are likely to become increasingly important in consumers’ constant battle against data theft.

The built-in phishing protection in the latest version, which debuted Wednesday, warns users when they encounter suspected Web forgeries and offers to return to their home pages. Phishing Protection is turned on by default and works by checking sites that users browse against a local list of known phishing sites, according to Mozilla.

One Step Ahead

The severity of phishing is something that hit Joe Wilcox, senior analyst for JupiterResearch, on a personal level, he told LinuxInsider.

Wilcox received a message from a bank indicating that someone had accessed his account through an IP address that was not connected to his home address. He knew the e-mail was not genuine because he does not have an account with that particular bank. However, when he traced the message back to a Web site in Russia, he found, to his alarm, that it had his true home address.

“It’s an example of how savvy criminals are becoming, and it means anti-phishing technology has to stay ahead of it,” he said. “You assume [the bank] has your home address, you click the link, give the information, and you’re dead. But if you have anti-phishing technology built into the browser — even when the customer is fooled by a highly sophisticated attack, [the system provides protection].”

Waiting Game

Most Firefox fans will have to wait before taking advantage of the new security measures and other features included in the latest version, however.

“At this time we are using a limited list to test the core Phishing Protection framework within the browser, but the list is expected to grow as people use the feature and report new Web forgeries,” the company said. “Firefox 2 Beta 1 is intended for Web application developers and our testing community [only]. Current users of Mozilla Firefox 1.x should not use [it].” Final release is scheduled for August.

Meanwhile, Microsoft’s third beta version of Internet Explorer 7.0, which it released on June 29, also provides a phishing filter, along with a security status bar, address protection bar and URL handling security.

“We respect that customers have a choice of browsers on Windows,” Jim Hahn, product manager, Windows Client Division at Microsoft, told LinuxInsider. “Our goal is to make Internet Explorer the best and most secure choice available.”

Netscape also has strong anti-phishing tools, Wilcox noted.

Plethora of Offerings

The security feature was only one of several new Firefox options in Wednesday’s beta release. Some other enhancements include the following:

  • Automatic restoration of a browsing session — When a system or browser crashes, the Session Restore restarts where the user left off. It also enables users to reopen tabs and windows that were closed in a browsing session.
  • New micro-summaries feature for bookmarks — Micro-summaries are compact enough to fit in the space available to a bookmark label, provide more useful information about pages than static page titles, and are regularly updated as new information becomes available, according to Mozilla. For example, the micro-summary for a Web page on an auction item might display the item name, current highest bid, and time remaining: “Honda Accord – US$5000 – 1 minute left”.
  • Inline spell checking –This tool enables users to quickly check the spelling of text entered into Web text fields without having to use another application.

Combined, these features support Mozilla’s strong push into the global market, said Carol Baroudi, partner at Hurwitz and Associates, noting that downloads of the beta version are available in more than two dozen languages.

“It speaks to their potential. It’s a very strong offering with a bigger and bigger following,” Baroudi told LinuxInsider. “It’s the best alternative [to IE], and we’ll see an uptake. Maybe Mozilla will be a platform of choice for developers.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

LinuxInsider Channels