Anti-phishing toolbar study needs a reality check

A new study on the effectiveness of anti-phishing toolbars suggests they all suck. While you have to throw up the bullshit flag on the validity of tests sponsored by the developers themselves (like what seems the case in the Firefox/IE7 fight), you also have to look at the issue relatively.

Even the best of the bunch — Earthlink, Netcraft, Google, Cloudmark, and Explorer 7 — detected only 85% of fraudulent websites, a good but far from secure level of effectiveness. The rest scored under the 50% mark, with McAfee’s SiteAdvisor unable to spot any.

So throw out the McAfee deal – my Aunt Millie shouldn’t get a toolbar because the best only catch 85% of phishing sites? Is catching 85% worse than not having one installed, and leaving it 100% to chance?

I don’t think so.

Comments

Anonymous says:

The best way to protect Aunt Millie is probably to stop the messages carrying phishing threats from getting to her in the first place! Bassam Khan, VP of Marketing at Cloudmark, says the Anti-Fraud Toolbar from Cloudmark that was included in this test was, in fact, a beta product that has not been updated in over a year. It does not get live phishing feeds from the Cloudmark service. Cloudmark has removed the Anti-Fraud Toolbar from its website. The company recommends its Desktop product for individual computers, Cloudmark Server Edition for Exchange users, or the Cloudmark Authority platform for service providers, which provide live, active support fed by constant micro-updates by the Cloudmark Global Threat Network. These solutions consistently and with a high degree of accuracy stop messaging-bearing phishing threats before they ever get to the email subscriber. http://www.cloudmark.com.