A third-party audit of the new phishing filter built into the Internet Explorer 7 browser and the MSN Toolbar has given the technology a thumbs up on the sensitive issue of user privacy.
Jefferson Wells International, an IT auditing group, has validated Microsoft's assurances that the phishing filter does not transmit any personally identifiable information without explicit user consent and that any URL information sent from the user's browser cannot be traced back to the surfer's personal information.
The privacy thumbs up is a boost to Microsoft's mission to market IE 7 as a major security overhaul with features to thwart identity theft and drive-by spyware and Trojan installations. "We gave in-depth access to the technology and to the engineering team. After they studied the technology and interviewed the engineering team, they agreed that the claims we made about protecting your privacy are true and accurate," said Rob Franco, lead program manager for IE security at Microsoft.
The auditors confirmed that the phishing filter client only transmits URLs when the user wants to manually provide feedback on a URL, when the URL is not found in the Phishing Filter local data files, or when the phishing filter client heuristics determine a site as suspicious.
News source: eWeek via OSNN
Jefferson Wells International, an IT auditing group, has validated Microsoft's assurances that the phishing filter does not transmit any personally identifiable information without explicit user consent and that any URL information sent from the user's browser cannot be traced back to the surfer's personal information.
The privacy thumbs up is a boost to Microsoft's mission to market IE 7 as a major security overhaul with features to thwart identity theft and drive-by spyware and Trojan installations. "We gave in-depth access to the technology and to the engineering team. After they studied the technology and interviewed the engineering team, they agreed that the claims we made about protecting your privacy are true and accurate," said Rob Franco, lead program manager for IE security at Microsoft.
The auditors confirmed that the phishing filter client only transmits URLs when the user wants to manually provide feedback on a URL, when the URL is not found in the Phishing Filter local data files, or when the phishing filter client heuristics determine a site as suspicious.
News source: eWeek via OSNN
This has been some much-needed work from them, and it is nice to see that it did well in a third-party audit.
- it's not new, it already exists for firefox and probably other browsers as a final product, not in a beta
- FF2.0 which will be released before IE7 will have it by default and I believe will propose several online choices for the antiphishing service
it's a good feature for the future IE7 but it is in no way new or innovative, déjà vu elsewhere
This is a common story for Microsoft. Take desktop search for example. Apple has it first, but only thanks to years of delays in Vista. Microsoft had the idea first and demonstrated it back in 2003.
And the desktop search is no different from what BeOS offered like 15 years ago, it's just that all these actors are smaller fishes in the industry and they are not credited for their ideas, in the end it is always, microsoft, Google, Apple... who claim to have invented feature x o y with a lot of PR, but in computing most of the things have already been invented 20 years ago. There is a saying in my language that says that the one who speaks louder is the one people listen
Please explain how anything short of full AI can determine if a site is a phishing site?
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.