Credit: Curaga / Cofotoisme / Getty Images A new study of antiphishing toolbars has come to a stark conclusion about their effectiveness: None of them is any good.A week ago, a report from SmartWare told the world that Mozilla’s Firefox 2.0 had the best antiphishing capabilities, while a month ago a report from 3Sharp claimed Microsoft’s Internet Explorer 7.0 was tops.But however apparently independent their methodology, those reports were sponsored by the companies—Mozilla and Microsoft—that triumphed in each test, a fact that has undermined their reliability in many people’s eyes.By contrast, the new study, “Finding Phish: An Evaluation of Anti-Phishing Toolbars,” was conducted by researchers at Carnegie Mellon University in Pittsburgh, backed by organizations as worthily anodyne as the U.S. National Science Foundation and the U.S. Army Research Office. The study looked at 10 browser toolbars: Microsoft Explorer 7, eBay, Google, Netcraft (Mozilla), Netscape, Cloudmark (Mozilla), EarthLink, Geotrust’s TrustWatch, Stanford University’s Spoofguard and McAfee’s SiteAdvisor.Even the best of the bunch—EarthLink, Netcraft, Google, Cloudmark and Explorer 7—detected only 85 percent of fraudulent websites, a good but far from secure level of effectiveness. The rest scored under the 50 percent mark, with McAfee’s SiteAdvisor unable to spot any. “Overall, we found that the antiphishing toolbars that were examined in this study left a lot to be desired,” the authors concluded. “Many of the toolbars we tested were vulnerable to some simple exploits as well.”Most of the toolbars suffered to varying degrees from false positives, where legitimate sites were erroneously identified as being phishing sites. The researchers believed this to be almost as big a problem as missing a real phishing site because constant warnings about sites known to be OK might persuade users to ignore all warnings, even when correct.The inclusion of SiteAdvisor will likely attract the ire of McAfee, which was angered by the product’s dreadful showing in a Microsoft-sponsored test of antiphishing toolbars carried out some weeks ago by consultancy 3Sharp. McAfee claimed after the event that the product was not intended to perform as an antiphishing filter, something still disputed by 3Sharp.Despite the academic thoroughness of their experiments, the researchers offered no explanation as to why McAfee’s SiteAdvisor showed zero ability to spot antiphishing websites, an odd statistic even within the context of the other products’ modest abilities. The fact that the software might not have had any antiphishing features—regardless of how it had been described on its website—doesn’t appear to have dawned on the team.The researchers came up with a number of general observations about browser phishing security, the first and most obvious of which is to use all such filters with great care; no toolbar can spot all fraudulent sites to a high enough degree or reliability to make it a firm line of defense.The second point, referred to only obliquely, is that origin of the browser on which the filter is running—the Mozilla-versus-Internet Explorer debate—doesn’t appear to make any odds. It is the effectiveness of the heuristics used to identify sites that matters, and the usability of software design from the point of view of the users themselves. -John E. Dunn, Techworld.com (London)Related Links: Mozilla-Funded Study: Firefox 2 Tops IE 7 in Antifraud Mozilla Firefox 2.0 Hits the Web Microsoft Internet Explorer 7 Browser ReleasedCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature Key IT initiatives reshape the CIO agenda While cloud, cybersecurity, and analytics remain top of mind for IT leaders, a shift toward delivering business value is altering how CIOs approach key priorities, pushing transformative projects to the next phase. By Mary Pratt May 30, 2023 10 mins IT Strategy IT Leadership opinion Managing IT right starts with rightsizing IT for value While there are few universals when it comes to saying unambiguously what ‘managing IT right’ looks like, knowing how to navigate the limitless possibilities of IT is surely one. By Thornton May May 30, 2023 6 mins Digital Transformation IT Strategy IT Leadership feature Red Hat embraces hybrid cloud for internal IT The maker of OpenShift has leveraged its own open container offering to migrate business-critical apps to AWS as part of a strategy to move beyond facilitating hybrid cloud for others and capitalize on the model for itself. By Paula Rooney May 29, 2023 5 mins CIO 100 Technology Industry Hybrid Cloud feature 10 most popular IT certifications for 2023 Certifications are a great way to show employers you have the right IT skills and specializations for the job. These 10 certs are the ones IT pros are most likely to pursue, according to data from Dice. By Sarah K. White May 26, 2023 8 mins Certifications Careers Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe