http://www.networkworld.com/news/2009/081309-microsoft-ie8-browser-security.html?page=1
Hit the link and find out that amazingly, IE 8 comes out on top in phishing protection, not surprisingly Firefox is 2nd just barely tailing behind IE and even less surprising is Safari’s 2% catch rate… it’s almost a given. Maybe you have to be more intelligent to browse the Internet with Safari.
In any cases, I’d like to believe IE 8 was really that good, but that research was sponsored by Microsoft. Every research sponsored by Microsoft has given results favorable towards IE. Anyone remember the IE-8-is-as-fast-as-other-browsers research sponsored by Microsoft, well no, done by Microsoft in fact I think? That was loads of crap. Apparently the fact that IE 8 is NOTICEABLY slower, that means you can SEE it, was unexplainable and proven wrong by this test, I disagree.
So, is this whole phishing filter thing loads of crap? Actually, it isn’t. It makes a lot of sense. Safari has just had a phishing filter installed, almost as an excuse, because it didn’t have one at all before. Apparently Apple thinks you’re secure because you’re on a Mac so it doesn’t need a phishing filter, but no, really, they didn’t say that. IE 7 was the first browser, if not the second, with a phishing filter integrated and Microsoft has been very aggressive on this front. Firefox, well, you know the drill, community power. Opera, not really impressive, but still amazing considering the minimalistic amount of statistics they must be able to gather.
The only thing is Chrome got only 26% of successful catch rate. That’s pretty disappointing and very surprising in fact for a browser coming from a company that scans the whole web.
However, the real question is, does it matter? I found it doesn’t, it never really did.
No matter what the browser, every new phishing site in my spam mail is never blocked. Takes a while to have it blocked, so the whole anti-phishing attempt is useless. The risk is there, but the real problem is user education, not the browser. I’d worry more about exploitable security holes too. If you go on a schetchy web site and get infected while on IE because of a security flaw while Firefox could have saved you, phishing has nothing to do with it.
But back on track with the User Education thing. IE 8 does one thing better than every other browser; that is URL highlighting.
Example!
Regular URL: http://paypal.xbx22.com/php?id=38
IE 8 URL: http://paypal.xbx22.com/php?id=38
Chrome URL: http://paypal.xbx22.com/php?id=38
So, if you’re like me you don’t have to look twice to know it’s a fake URL (just an example btw). However, take a look at what IE does, it highlights only the main domain name. How brilliant! It now becomes super obvious for any user that the site they are on isn’t really the site they should be on. Chapeau to the IE team.
However, take a look at what Chrome does. I’m surprised they didn’t fix this yet. How stupid can you be. They highlight the URL, but the complete URL with the subdomain too. That’s like saying “look, in fact you’re on PayPal too!”. It was one of my biggest complaint about Chrome when it came out and they didn’t fix that trivial thing. It’s stupid, it’s just f****** stupid and IMO even worse than not highlighting the URL at all.
Another big complaint I have to make about Chrome is the fact that when you type the address, it stays grayed out. How stupid, I want to see the address while I type it. At least IE 8 acts the right way on that => removes the highlight when you type.
Great! We’ve once again determined Chrome is faster but more stupid. Welcome to the story of Microsoft vs Google, Better & Slower vs Stupid & Faster.
