Microsoft Sponsors Antiphishing Bakeoff 94
uniquebydegrees writes, "InfoWorld is blogging about the (predictable) results of a Microsoft-sponsored antiphishing technology bakeoff. From the TechWatch blog: 'Microsoft's Phishing Filter (MPF) in IE 7 Beta 3 received the highest "composite score" at 172, followed closely by NetCraft's toolbar with a composite score of 168. But when you dig into the numbers, another story emerges... IE's MPF antiphishing toolbar doesn't top out any of the individual tests that make up the composite score... So how did MPF end up on top?... Microsoft didn't do the best job of spotting phish sites, but it did do the best job of blocking the ones it did spot, and blocking was what garnered the most points... Blocking a phishing Web site earned you twice as many points as just warning about it in this test, but is blocking really twice as effective as just warning users?'"
What a silly question. (Score:5, Funny)
No, of course not. That's why I tape the root password for the file server to users' monitors, but warn them strongly not to use it.
Re: (Score:2)
The real questions:
Provided that
1) If you block and earn twice the point, and
2) If you warn and earn as many as half the points you earn by blocking
how many point you would earn if
a) You warn 34 sites and block half as many as you have warned
b) You block twice as much sites as you have warned
Also, which one is more effective?
Remember, you will earn as much as twice the score for answering first quetion right, but as much as half the score for answering the second question wrong.
Yes, if you want to win the bakeoff (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
The "dancing pig" is another thing. Browser should block every kind of executable of being run directl
What do most users do when they get a warning box? (Score:4, Insightful)
Re:What do most users do when they get a warning b (Score:1)
Do a lot of people still get phished? (Score:1)
Re: (Score:1)
Re: (Score:3, Informative)
Re:Do a lot of people still get phished? (Score:4, Interesting)
A couple of months after the fact, my mom let slip that not only was this actually because she fell for phishing, but my mom had fallen for the same email - luckily, they didn't get to her bank account. (Mainly b/c when my sister discovered what had happened, my mom ran to cover her ass.)
I wanted to whack them both upside the head. But trust me, they are far more representative of the average user than you or I.
Re: (Score:2, Interesting)
Re: (Score:1)
Re: (Score:2)
Hmmm, some people might wonder why you want to know...
(j/k)
Re: (Score:2)
Re: (Score:3, Informative)
Them: I got a message from XYZ bank that my account is frozen. Do you think it is a scam?
Me: Do you have an account with XYZ?
Them: No, I've never done any business with them.
Me: Then you can be very sure it's a scam.
Re:Do a lot of people still get phished? (Score:5, Interesting)
"I just got an email saying I won the Canadian Lottery, and I need a cashiers check for $4,000 to cover the taxes"
"Did you ever _enter_ the Canadian lottery?"
"No."
"I hate to tell you this ma'am, but it's a scam."
Every god damn day.
Re: (Score:2)
A fool and his money are soon parted.
---Thomas Tusser
Re: (Score:2)
Maybe if you make a sign that describes these most common scams, have it printed on a nice board with a very official looking Wells Fargo logo, and put it on the counter, these people will recognize their situation and believe you when you hear their story and point to it. Then maybe this board would be seen by a district manager, your fiance gets a raise for a great idea that protects the customer and fosters faith in the company, and similar fancy signs go to every Wells Fargo in the country just like th
Re: (Score:2)
Re: (Score:1)
In 2006 eight people were arrested by Japanese police on suspicion of phishing fraud by creating bogus Yahoo Japan Web sites, netting themselves 100 million yen ($870 thousand USD).
AOL reinforced its efforts against phishing in early 2006 with three lawsuits seeking a total of $18 million USD under the 2005 amendments to the Virginia Computer Crimes Act.
Re: (Score:2)
I hate slashdot so much (Score:5, Insightful)
Re: (Score:2)
Re:I hate slashdot so much (Score:4, Insightful)
If anything, blocking a site should be worth more than double, since most people I know seem to just ignore warning dialogs.
My first thought was that the false positive rate is probably going to be about the same as WGA, blocking far too many sites, but you're right. The ideal solution would be to have it configurable and default to blocking, since the users who click through without reading are probably not going to go anywhere near the Options dialog.
BS composite scores didn't make a huge difference. (Score:4, Informative)
GeoTrust TrustWatch caught 99%, but had a 32% false positive rate.
IE7 - 89%
Netcraft Toolbar - 84%
EarthLink ScamBlocker - 64%
Firefox/Google - 53%
eBay Toolbar - 46%
Netscape 8.1 - 28%
McAfee Site Advisor - 3%
How they came out with only 89% when they selected the sites themselves is anyone's guess.
Re:BS composite scores didn't make a huge differen (Score:1)
Perhaps they thought nobody would actually believe the 100% figure they had originally planned to report - after all, 89% of statistics are made up on the spot by a caucasian male under the age of 35...
Re: (Score:2)
... as shown in the research done by Professor Togashi Raichu, a professor of Statistical Analysis at Tokyo University.
Statistics are much more credible when backed by reliable sources.
Re:BS composite scores didn't make a huge differen (Score:2, Funny)
Re:BS composite scores didn't make a huge differen (Score:1)
Re: (Score:2)
Ding! Ding! We have a winner!
Microsoft-sponsored benchmarks are almost always about making the other guy look bad, while inflating their own performance. Think of the 'Get the FUD^WFacts' campaign or the tests that pit Windows 2K3 Server against Samba, where the Red Hat box was tuned -- on purpose -- to the worst possible setting.
You only have to look better than your next biggest competitor in Microsoft's playboo
False positives = bad site design? (Score:3, Interesting)
I'd be interested to know about these false positives. I'd bet that some legitimate sites use designs that are are hard to distinguish from phishing sites. I would argue this is bad.
Perhaps GeoTrust is right and the false positive sites are wrong.
Re: (Score:2)
Stupid questions (Score:3, Insightful)
And for those who disagree, there ARE stupid questions.
Re: (Score:1)
Re: (Score:3, Funny)
KFG
Because IE doesn't block them (Score:2)
Re: (Score:2)
Or at least leading questions.
Re: (Score:2)
There are, however, quite a few inquisitive idiots.
Actually... (Score:2)
In fact, blocking is pi times as effective as warning, so this result is even better for IE than it appears. (Yeesh, even by Obligatory Stupid Question standards, that one was pretty stupid.)
Actually.... (Score:4, Insightful)
Re: (Score:3, Insightful)
That, bundled with way too many dialogs asking them questions they don't know the answers to, has resulted in the "Just click yes" reflex.
By way of example -- the first time you submit a form in any browser, you get that "You're about to send unsecured information over the internet!" dialog.
Re: (Score:2)
People don't care about what their car's doing or what all those road signs mean or why they should be looking ahead of them while driving, all they want to do is go places in their cars. But we still force them to prove they do know all those things they don't care about, on pain of not being allowed to drive, because their not knowing would endanger others. I fail to see why the same shouldn't hold for computers.
Re: (Score:2)
People have been killed by those not fit to drive. (And it's worth noting that the system hasn't proven too good at keeping those people off the road, by the way)
Ignorant computer users pose a minimal risk to life and property.
Theoretically, in the 'land of the free', we don't legislate activities that pose little risk to otherwise uninvolved parties. Of course, there are numerous examples of this not actually happen
Re: (Score:1)
Oh, sure, it is sooo coool to have your identity stolen, just because one friend of yours didn't care. Actually, there are fates worse than death.
People have been killed by those not fit to drive. (And it's worth noting that the system hasn't proven too good at keeping those people off the road, by the way)
Are you sure? Becaus you don't know what is going to happen without those rules, it has never been tried. Oh, wait
Sadly, yes (Score:3, Insightful)
While I am loath to say anything positive about Microsoft, I'd have to agree with the scoring. Most end-users, especially the developmentally challenged ones that are prone to phishing scams, simply do not read warnings. If someone is drooling, it does no good to tell them. Just wipe their chin.
Yes... (Score:3, Insightful)
I really don't want to advocate handholding, but some people really do need it..
Re: (Score:1)
Maybe people should be required to get an internet license before being allowed on the internet? (just like a drivers license but for the internet)
On a similar note, I think candidate politicians should pass some exam that tests their ability to function in stressful situations as well as their ability to conduct long term planning in spite of the pressure of the next elections, before being allowed to become a candidate. Other things which would be suitable to test include corruptability, taking responsi
Template for MS Slashdot Articles (Score:5, Insightful)
Microsoft performed well...but is performing well more important than performing badly?
Microsoft isnt all bad...but is not being bad the same as being good?
D
Re: (Score:2)
I'd add "Again." to the end of that, myself.
Soko
Mmmmm, Pie... (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Microsoft would never go for apple pie. Or maybe they would, and claim it was their original recipe.
Their cafeteria did have an excellent chocolate-peanut-butter pie though (one of the only things I remember clearly from my visit there). Can anyone comment on the current state of baked goods at Microsoft?
Never mind phishing (Score:1, Informative)
Perhaps we should start a "Spam is a Microsoft problem" campaign until they backport Vista's security model to the millions of systems already out there?
Lets Go 'Phishing'... (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Hahahaha....I love this guy, ok...Let me tell you this, usually the hacker do phishing by spoofing website that often people go into, acting like those website are the real website (like trustedsite.com and trustedsite.net), there's a difference between those two site. Why the hell people want to go to the phishing site again when they know that they have been phished?? let's think about that!!
P/S: hohoho, looks like we've arguing this thing like we're going to send this comment to some lecturer of some U
Re: (Score:1)
Average user ignores warnings (Score:1)
The average user ignores all warnings so it is very important to block phishing sites.
For advanced users warning is as effective as blocking a website.
Interesting (Score:1)
I would say that blocking is more effective than just warning users, but to tell you the truth, as a user I want to control what I have access too. I don't want a filter blocking things for me. A warning is nice, but I can take care of blocking on my own, thank you very much. Isn't this one of the annoying things about MS products - that they try to make up your mind for you?
Re: (Score:1)
Rigged weighting (Score:2)
This reminds me of when the "Quarterback Rating" came out back in the 80's. Back then, there were people arguing that Joe Montana was the greatest QB in history. Around that time, a "Quarterback Rating" scheme emerged with some esoteric weighting of various performance stats (completion percentage, TD's per game, etc. etc). Although nobody seemed to understand the rationale for the particular weighting...
But wait.. there's more.. (Score:1)
Yes, blocking a site is very effective, it's most likely more than two times more effective at preventing a phishing scam for the sites that it blocks.
But at the same time, if you block 50% of the sites and users never see them, never see a message or a warning, they think that they are safe and as a result, they are less likely to look at other sites with any degree of caution.
On the other side, if you as a user are warne
still beta.. (Score:1)
what's about this phishing stuff? (Score:1)
Results (Score:2, Informative)
1. Internet Explorer 7 Beta 3 RC3 with Microsoft Phishing Filter with a score of 172 points
2. Netcraft Toolbar with a score of 168
3. Google Safe Browsing on Firefox with a score of 106
4. eBay Toolbar with a score of 92
5. Earthlink ScamBlocker with a score of 76
6. GeoTrust TrustWatch with a score of 67
7. Netscape 8.1 with score a of 56
8. McAfee Site Advisor with a score of 3
Check http://www.3sharp.com/projects/antiphishing/ [3sharp.com]
Re: (Score:1)
Ratings and statistics... (Score:1)
( No truth has been hurted writing this post )
Washington Post recommends Netcraft toolbar (Score:1)
"It's worth noting that Netcraft's anti-phishing toolbar detected this site as malicious and tried to prevent me from visiting it, as it is designed to do. I have to say that I've visited countless phishing site
blocking more secure than warning (Score:1)
Methods of phishing (Score:1)
Just Throw in the Damn Towel. (Score:1)
RE : anti-phishing technology (Score:1)
alert (Score:1)
maybe they need more understanding the definition (Score:1)
The Gartner group estimates that the direct phishing-related loss to US banks
and credit card issuers in 2003 was $1.2 bill
no. 1 doesn't mean the Best (Score:1)
They wont tell average user that they get the high score in blocking the url, but they will absolutely tell them that "We have no.1 antiphising toolbar!".
Maybe for them, blocking the url is much more efficient to prevent their customer rather than warn them. This is because their customer (most are not computer geeks) maybe be not aware about "phishing" threats; "Phishing?? Is it a new cool words from Microsoft refer to fishing?" --
Hmm..... (Score:1)
And if they don't know what a phishing site is then they probably wouldn't understand the importance of enabling the phishing filter.
As soon as I got IE7 beta1 I disabled the filter because it seemed to be slowing things down. (I've uninstalled the beta btw)
And I believe anti-phishing heruistics is useless. All phishers will check their websites against IE7's filter and modify their techniques till IE7 stops det
the solution is .. (Score:2)
Antiphishing made easy. (Score:2)