The problem with the phishing filter
Posted by multippt
It seems like even security experts make mistakes at times. Trendmicro is one of them. Aside from spreading the mentality that cookies do much harm to your computer (which is incredibly impossible), they decided to “help” you further by giving you that extra phishing site detector. The problem is, it doesn’t work sometimes.
What do you mean, “it didn’t work”?
It didn’t work in that it didn’t deliver the goods. When it comes to phishing filters, it means that the user will be severely discouraged from visiting the blacklisted site. So, what if a site gets into the list? One sad thing with the case of TrendMicro, is that once you are stuck on that list, you cannot come off it, unless TrendMicro discovers its mistake.
Just recently, TrendMicro blacklisted a few IP addresses, one of which is a Google datacenter. Pretty bad move, since not only has they shown that they didn’t actually check that it belongs to Google, this will mean that at random whenever a user uses Google cache, they get a nasty phishing site error.
Fortunately, there are cases where TrendMicro has remove several sites, most especially parked pages, from its list of blacklisted sites.
And then there were others
Thanks to phishing and viruses, we have rich guys like Norton, MCaFee and TrendMicro. Of course, there are others who want a slice of this pie, well, at least they used phshing filters as a means of advertising their actual product. Do you think Microsoft added that phishing filter into Internet Explorer 7 just to protect your surfing experience? Not really, all Microsoft wanted was users to use Internet Explorer 7 because it is now “safer”.
On the other hand, there were open-source projects and the giant Google that came into the phishing scene. Firefox now got a brilliant phishing filter, but it is not any better than the filter in Internet Explorer. For one thing, they are slow in responding, and sometimes they respond inaccurately (thanks to a group of people known as “saboteurs”). In light of that, some phishing filters have that remove site ability. But, what’s the point of a phishing filter if the owner of the phishing site gets to remove their sites from the filter?
It was flawed from the beginning
Most phishing sites often get away with phishing someone’s credentials. Unless there is a perfect automatic phishing site detector, no one can be sure that the login page is rigged, unless someone else has reported the issue.
The best phishing site detector is yourself. Not Google, not Norton, not Trendmicro. You are the one who can distinguish what appears to be off from the actual site. No one should tell you that you should always check the address bar, because you should probably know very well to know what site you are about to go to. Phishing E-mails are so common that they cease to be creative, making identifying one easy.
