Firefox 2.0 has a built-in phishingfilter to protect users against bogussites. Visited sites are being compared with a list of known phishing sites, but it also has a feature that checks all pages opened against an online database, in that way users are warned against a new phish.
But for phishers it is dead easy to circumvent this filter. http://www.mozilla.com/firefox/its-a-trap.html makes the Mozilla browser alert. But if some slashes are added to the URL at hand, the filter fails miserably, like you can experience from this URL: http://www.mozilla.com/firefox////its-a-trap.html. This “ungepatched hole” can be found in Firefox 2.0.0.1, 2.0.0.2 en 2.0.0.3. You can protect yourself by installing the Netcraft anti-phising toolbar extension for Firefox or Flock.
I have to admit I have never been happy with the anti-phishing within firefox, with dial-up it is a right royal pain in the rear and mine has been disabled from day one of its existence.
I also prefer to take my own precautions on anti-phishing, using either DrWeb, manual check at McAfee’s site advisor, whilst neither of these are perfect for anti-phishing. But add to that NoScript and DropMyRights, allied with a healthy dose of common sense and not clicking links in unsolicited emails or links in suspect or untrusted web sites, I don’t feel vulnerable.
That is why it is beyond me, that they did not bring in something like the Netcraft Anti Phishing Toolbar. It is one of the very few toolbars I will allow inside the FF or Flock browser, and moreover it is a good “British” tool by all standards. And then again, it has not failed me until now one single time.
Why do the developers of these Mozilla type browsers not incorparate NoScript, Stealther or the Netcraft Toolbar, I cannot grasp to understand really? Flock now has come up with “Stumble upon” as by default, but I think that is inside this browser on complete other grounds, and it can always be explained away as an extension of the Web 2.0 character of this type of browser.
Browser security by default, that is the thing we need. But then the general user cries out, that he thinks that’s a nuisance, like now with the settings of IE7, where the inexperienced user starts to allow insecure active-X options, because they are uninstalled by default, and he or she is so accustomed to unsafe settings by default. So whenever you deliver a bit of security, they again experience this as a drag. “It seems you can never please the general masses, and that we have known for a long time, isn’t it?”