Microsoft Corp. has quietly backported one of the security improvements slated for the new Internet Explorer 7 browser into IE 6.0, but the giveaway comes with a small catch. The Microsoft Phishing Filter, which is being embedded into IE 7, will now be available in IE 6 but only via an add-on to the MSN Search Toolbar.
A free 1.3MB download of the anti-phishing add-on is now available in beta form for IE 6/MSN Search Toolbar users running Windows XP SP2 (Service Pack 2). Samantha McManus, a business strategy manager at Microsoft, said the toolbar add-on uses the same back-end technology as the phishing protection built into IE 7.
“The specific implementation for each product is very slightly different to fit in with each product’s user experience, but yes, the technology is the same,” McManus said. Both implementations are being run by the Technology Care and Safety team within the MSN unit. Overall, the implementations are the same for the toolbar add-in and IE 7 but, according to McManus, the consumer experience will differ slightly.
In the MSN Toolbar implementation, an IE user that is tricked into visiting a known phishing scam site will be automatically blocked from entering personal information on the site. In IE 7, the process is slightly different, as the Web surfer is automatically navigated away from the phishing site to a new page. “In both scenarios, consumers have the option to proceed at their own risk to the URL,” McManus explained.
The anti-phishing technology, which uses data from Symantec Corp.-owned WholeSecurity Inc., uses a client-side whitelist and a server-side blacklist to determine whether a Web site has been set up to steal user information.
In IE 7, if the filter is turned on, every URL a user visits that is not on the client-side whitelist is transmitted to Microsoft’s servers to be checked. In the toolbar add-in, the service will serve as an “early warning system” for suspicious Web sites and will provide two levels of color-coded warnings.
If a person visits a site that is confirmed on the list of reported phishing sites, the add-in will display a “red” warning bar above the Web page and block the user from entering personal data. If the Web site contains characteristics common to a phishing site but isn’t on the list of known sites, the MSN Toolbar add-in will display a “yellow” warning bar to serve as a warning that the site is a suspected phishing scam.
On suspicious sites, users will have the option to continue to the suspect site or close their browser or tab in the toolbar.