Microsoft Expands IE7 Phishing Filter

Microsoft announced at the RSA security conference this week that it has expanded the number of data providers for the phishing filter built into Internet Explorer 7, which warns users when they are about to visit a potentially risky Web site.

Australian Computer Emergency Response Team (AusCERT), BrandProtect and MySpace.com are joining current partners Cyveillance, Digital Resolve, Internet Identity, Mark Monitor, and RSA. Netcraft has also agreed to provide Microsoft with data it obtains through its own anti-phishing toolbar for both IE and Firefox.

Microsoft says that since the launch of IE7, the browser has blocked over 10 million attempts by users to visit phishing Web sites. Currently, over 1 million blocks are being performed each week, and through feedback from IE7 users, over 10,000 phishing sites are added to blacklists every week.

"Carnegie-Mellon University’s Dr. Lorrie Cranor and her colleagues updated their independent, comparative study on anti-phishing toolbar accuracy last month, confirming that the Phishing Filter in IE7 is one of the most accurate anti-phishing technologies they tested," IE program manager Jeremy Dallman wrote on the IE blog.

"It was the only one that consistently caught more than 60% of phishing sites while having the lowest possible rates of incorrect ratings (otherwise known as false positives)."

Separately, Microsoft put live Tuesday support for Extended Validation SSL Certificates in IE7. These new SSL certificates require the issuee to be an incorporated and active business in good standing, and display as "green" in IE7's new Security Status Bar. A number of companies, including eBay and Charles Schwab have rolled out EV SSL certificates on their Web sites.