main

Microsoft to Expand Anti-Phishing Tool

shawncruiksh   on 26 August 2005 - 15:27 · 17 comments & 2935 views

Advertisement (Why?)
Microsoft Corp. will soon make available to the general public a tool for warning users about "phishing" scams that could lead to identity theft. Currently, such a tool comes only with the Internet Explorer 7 browser, which is available in tests only to a select group of developers.

But within a few weeks, Microsoft will incorporate it into a toolbar for older versions of IE. While still officially a test, the anti-phishing tool will be available to anyone running the Windows XP operating system with the Service Pack 2 security upgrade from last summer. The company will eventually make it available to older Windows systems, too.

The tool was built to address scammers who try to trick people into revealing passwords by posing as legitimate banking or e-commerce site. When an unfamiliar site is encountered, users have the option of passing that address to Microsoft to check against a database of known phishing sites. A "red" warning page appears when there's a match. Even when there isn't a match, the tool will display a pop-up "yellow" warning when it sees telltale signs of phishing, such as the lack of SSL encryption when submitting passwords.

News source: ZDNet


What's new?
    General
  • new: IE7 Beta 1 direct integration support (xp sp2)
  • new: DEP Unattended option
  • new: Sereby's German Hotfix Pack v1.3+ support
  • new: Greek and Russian (non-Cyrillic) language translation
  • fix: Textmode Driver (nvraid post install reboots)
  • fix: Direct integration for KB896344,KB890046,KB898461,KB893357
  • fix: German pack integration (SetupHotfixesToRun included)
  • fix: Compress error popup with small files
  • fix: SFC Enabled full support
  • fix: Main files uppercased
    Components
  • new: ActiveX for streaming video
  • new: Intel Indeo codecs
  • new: Teletext codec
  • new: IP Conferencing
  • upd: TAPI App Support (removes more)
  • upd: CTF Loader -> Text Services Framework (removes more)
  • upd: WMP (now keeps MP3 codec)
  • fix: DRWatson (back and fixed)
  • fix: Printer drivers in Win2k (seemed like not removed)

Share this Article

About the Author

Full name: Unknown
User name: shawncruiksh
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

Post a comment · Send to friend Comments · There are 17 additional comments
(1 reply) #1 Gowcra on 26 Aug 2005 - 15:28
Well thanks MS. This is a step in the right direction
#1.1 lare2 on 26 Aug 2005 - 17:57
Any effort against the bad **** is great news.
#2 LTD on 26 Aug 2005 - 15:30
No more fishing! No more fishing!

Down with fishing!

lol
#3 SniperX on 26 Aug 2005 - 15:31
Yay, everyone submit their visitied domains to Microsoft! May as well, they want everything else.
#4 Rob on 26 Aug 2005 - 15:33
You can be as cynical as you like this but this is a step in the right direction. It's one of the truly great features of IE7, where Microsoft are innovating as opposed to just playing catch-up.
#5 mko on 26 Aug 2005 - 15:45
People will complain about this, but since when was phishing Microsofts fault? Any stupid user running any OS, Browser, software etc. can be fooled into visiting the wrong website. Unlike a lot of security features M$ has previously released, I don't think many people were expecting such a feature from microsoft, good to see they are one step ahead and this will reduce phishing before it becomes a huge problem.
(2 replies) #6 jivemastert on 26 Aug 2005 - 16:52
i like my idea better... hunt down and capture all of those that pull these phishing scams and sell them on ebay as house pets.
#6.1 Veiva on 26 Aug 2005 - 17:07
And get a free bagel that looks like Elvis! That was also touched by Jesus!
#6.2 xpgeek on 26 Aug 2005 - 20:33
haha
(1 reply) #7 imtoomuch on 26 Aug 2005 - 17:22
It's a good thing for Microsoft to do and it benefits everybody except the scammers, but as always there will be idiots on this site that will bash it just because Microsoft is the company that's doing it.
#7.1 justdarick on 26 Aug 2005 - 18:23
Down with Microsoft they 5uX0r... :-p

Just kidding, I don't think this is too inventive since Netcraft (http://toolbar.netcraft.com/) has had this for atleast a few months if not a year... But I do applaud Microsoft for doing a good thing.

Now for people to actually upgrade, that will be the hardest part. But then again, those who don't deserve to have their identities stolen.
#8 greg.douglas on 26 Aug 2005 - 18:33
is it just me who thinks they may add MSN search onto this toolbar as wel!?
(1 reply) #9 Richardo on 26 Aug 2005 - 18:51
This will make phishing sites improve further, maybe they'll start using SSL encryption now, and calling their "Password" fields something different, so that the toolbar can't detect it.
#9.1 sphbecker on 26 Aug 2005 - 19:53
That would be cool if they started using SSL. Then it would be really easy to track and arrest them
#10 lbmouse on 26 Aug 2005 - 23:23
QUOTE
such a tool comes only with the Internet Explorer 7 browser


It may not be exactly the same (perhaps better?), but the Netcraft Toolbar is available now. Plus, it is compatibility with Firefox and IE.
(1 reply) #11 BobMarley on 28 Aug 2005 - 07:11
Well how is this going to work? It will probably just throw up a warning if a page contains the words "Nigeria" or "offshore account". They obviously know a bit more than me so I just hope they execute this properly, even so it will only be a matter of time until phishing starts to get by the filter.
#11.1 Jugalator on 29 Aug 2005 - 07:52
If it's about backporting the IE 7 feature, it'll work by Microsoft and users tagging (and untagging) sites as suspected scam sites.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1020) © 2000 - 2008 Neowin.net