NEWS FROM THE LAB - Wednesday, December 20, 2006

Phishing Filters - No Add-ons Required Posted by Sean @ 15:50 GMT

Today Opera released version 9.1 of its browser for Windows. A new security feature is included – Fraud Protection.

Opera's Settings

Using a whitelist from GeoTrust and blacklists from GeoTrust and Phishtank, Opera now alerts users of fraudulent sites. When the option is enabled, each URL visited will be checked to confirm its security and the user is presented with a warning rather than being taken to a phishing site.


Firefox 2.x and Internet Explorer 7 also have their own anti-phishing filters built into the browsers. IE7 checks against locally stored files, then against the URL Reputation Web Service (URS) hosted by MSN, and then uses built-in heuristics to validate the URL. Firefox 2.x has two options – either it checks against Google's AntiTrust database, or it uses a downloaded list of suspected sites. The site list is local to the user's hard drive, so anyone concerned about privacy might prefer this method. The download file is updated frequently.

Firefox's Warning:

IE's Warnings:
Internet Explorer 7

Suspicious Site

Safari 3.0 will reportedly include similar functionality.

On another front, we've also noticed Yahoo! Mail started blocking non-standard URLs at some point. Outlook as been doing so for a while now. Any unusual URLs prompt the user with the following warning:

Yahoo! Mail

We see these updates as a very positive development for the typical Web consumer and hope to see the features widely enabled. If you haven't updated your browsers, do so now. — There's a Firefox security update today as well… And for those of you that have the great pleasure of being your family's IT support – put this on your Christmas to-do list.