Comparison of phishing filters

Peter Kruse at CSIS did a quick comparison test of some of the phishing filters out there.

Unfortunately: It’s in Danish. Snaka du Dansk?

Fortunately: Peter was kind enough to provide an English language abstract.

We did a small comparison test of the latest anti-phishing filters in Microsoft Internet Explorer 7.0 and Firefox 2. Although the test is only available in Danish we think the results might have interest.

The test was conducted by adding 50 active phishing sites to a database.

We then visited each site with the antiphishing filters enabled in order to determine which antiphishing filter had to best phish-detection. All phishing sites used in this test was collected within a 24 hour timeframe.

All in all we tested 5 different phishing filters, which most of them, performed very well:

- Netcraft picked up 48 of the 50 fraudulent sites

- Firefox 2 picked up 49 of the 50 fraudulent sites

- Microsoft Internet Explorer 7.0 picked up 46 of the 50 fraudulent sites

- Earthlink Scamblocker picked up 46 of the 50 fraudulent sites

The PDF-document can be downloaded here.

Caveats: This is not a comprehensive test, as it doesn’t take into account false positives (how many sites will the filter flag as being bad, when they’re really ok?).

Also, Cloudmark’s toolbar was included on the test, but it’s not a product that has been updated for some time — that toolbar doesn’t get updated phishing feeds.