New browser sniffs out phishy sites

A browser launched on Wednesday with the promise to both detect "phishing" sites and nail an increasingly prevalent type of floating Web ad.

Deepnet Explorer, a browser shell that uses Microsoft's Internet Explorer to render Web pages, analyzes Web addresses and combs through its own list of suspect sites to determine whether a site might be part of a phishing scam, in which fraudsters attempt to get personal and payment information from unsuspecting visitors.

Phishing scams have become more sophisticated and common, though a report released today suggests that the monetary cost of the trend has been exaggerated.

Version 1.3 of the browser, previously available in a test, or "beta" version, also takes aim at a new kind of Web advertisement that has been evading pop-up blocking software.

The ads, called "floating" or "overlay" ads, move around on the screen and are immune to the pop-up controls increasingly common in browsers and browser toolbars.

"We've seen a lot of these adverts recently," Deepnet CEO Yurong Lin said. "It's the new trend in advertising because the pop-up blockers are so popular."

Related feature
Have you been phished?

Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.

Pop-up blockers generally work by detecting and foiling a Web script command to open a new window. But floating ads rely on a more involved scripting object that keeps the pixels moving in an existing window.

Deepnet Explorer 1.3 also introduces an application that lets Web surfers monitor cookies, or files that a Web site places on a visiting computer to keep track of preferences and other personal information. Another feature lets people create groups of browser tabs within a single window. Tabbed browsing has emerged as a must-have feature for Web browser software trying to compete with or expand on IE, which doesn't offer tabs.

For Version 1.3, Deepnet added content from news headline aggregator Moreover Technologies. For future versions, the company is in negotiations with Google to provide general search results.

Lin dismissed criticism that the Deepnet browser's phishing detector could lull users into unwarranted complacency. Critics have noted that some phishing schemes work on legitimate sites through code sneaked onto Web surfers' computers.

"Antivirus companies are looking for viruses, but phishing sites are not viruses, and you need something like Deepnet to find those sites," Lin said. "I think we complement each other."

Lin also defended his company's decision to stick with the IE rendering engine. IE has gotten criticism by some Web developers, who have rapped both its security and its standards support. Open-source options such as the Mozilla Foundation's Gecko software have won better security and standards reputations in recent years.

"Over the last several years, IE became the de facto standard browser, so most Web sites are designed to work with IE," Lin said. "If we chose something like Mozilla, it's going to not display a lot of Web pages properly."

But Lin said Deepnet has considered doing something like Netscape did yesterday with its release of a prototype browser that gives surfers the option of switching back and forth between browser engines.

"That's something we've been talking about internally," Lin said. "It's possible for us to support multiple engines. The only problem is engineering resources. To provide compatibility for Gecko would require a lot of development work."

Firefox Can Already Detect Spoof Sites

Just use Firefox with the Spoofstick extension!

but it is so primitive

The so-called anti-phishing feature in Firefox is very primitive, though. All it does is to prompt the user when the URL contains login name and password.

[Ubber geek]

use Firefox

http://www.analogstereo.com/vacuum/miele_hay_fever.htm

So what?

It still has all the security holes of IE, so what little gain it might bring is swallowed up by IE's myriad of issues.

Personally I think that people who fall for online scams of any kind, get what they deserve. Like AOL users and MS fanboys, it also marks them as people who shouldn't be allowed online access. ;)