In the movies, hackers work hard breaking into networks to steal passwords. In the real world, they just politely ask for your credentials using a phishing website designed to look exactly like a valid financial site. If you log in to the fake website, you compromise your own security.
Fortunately, most popular browsers include some degree of antiphishing protection. Unfortunately, their effectiveness varies widely. AV-Comparatives just released the results of a test examining how well popular browsers detect and block these frauds.
I test antiphishing protection for my own security reviews by checking URLs that have been reported as fraudulent, but not yet verified. I check each one myself, using only those that are clearly fraudulent and clearly attempt to steal login credentials. I find that a significant majority of current security suites are less effective at phishing prevention than Internet Explorer 8 alone. However, interestingly enough, Internet Explorer didn't come out on top in the AV-Comparatives study. As you may just have guessed from the title of this article, it was Opera that proved top of the anti-fraud browser squad.
During nine days in December 2012, researchers at AV-Comparatives gathered almost 300 verified phishing URLs from real-world fraudulent email messages. Phishing websites typically vanish after a day or two, so they tested each URL immediately upon discovery. Each browser's score is simply the percentage of fraudulent URLs detected and blocked.
My own antiphishing tests use Internet Explorer 8, because the test system I use runs Windows XP. IE8 has averaged around 65 per cent detection in my recent tests. The Microsoft engineer who "owns" phishing protection wishes I would use IE9, as its SmartScreen Filter is even more accurate. AV-Comparatives used IE9, and it definitely scored better, with an 82 per cent detection rate.
However, Opera beat out IE9 significantly, with a sterling 94 per cent detection rate. Because Norton Internet Security consistently does well when it comes to detecting frauds, I compare each suite's detection rate with Norton's detection of the same sample set. In recent tests Norton has averaged 94 per cent detection, the same as Opera alone achieved in the AV-Comparatives test. I'm impressed, Opera!
The other browsers lagged behind significantly. Chrome still performed reasonably with a 72 per cent detection rate, but Safari got 66 per cent, and Firefox only detected 55 per cent.
Norton is good at detecting frauds, but according to my tests, so are McAfee, Kaspersky, G Data, and Bitdefender. If you're using a security suite from a different vendor, be sure to leave your browser's phishing protection turned on. Even if you've chosen one of the suites that catches most frauds, it can't hurt to leave the browser's protection turned on as a second line of defence. You can never be too safe. Also it can’t hurt to underline the need to always exercise common sense in what URLs you visit, and what links you follow, in the first place, protection matters aside.
The full test results will be available later this week on the AV-Comparatives website.
As a final note, if you want to read up more about Opera’s security features, check out our full review of the browser here.
Michael J. Miller is Chief Information Officer at Ziff Brothers Investments, a private investment firm. Mr. Miller, who was editor-in-chief at PC Magazine from 1991-2005, authors this blog for PC Magazine to share his thoughts on PC-related products. No investment advice is offered in this blog. All duties are disclaimed. Mr. Miller works separately for a private investment firm which may at any time invest in companies whose products are discussed in this blog, and no disclosure of securities transactions will be made.