Browser to act like anti-phishing tool? Possible!

Gervase Markham blogged his thoughts on a “future” and “possible” function of browsers to act like anti-phishing tool e.g. Netcraft toolbar

With Netcraft toolbar (anti-phishing tool which is available to Firefox and IE browsers), user will report a suspected phished site. Once verified by Netcraft’s central server as phishing site, it will be added in the database.  The next time the user or other users will visit the phished site, it is blocked.  The reporter just saved the community  from fraudsters.  IMHO, reporting is always useful. Report suspected spywaretrojans, worms and virus to security vendors.

G. Markham wrote:

So… it would certainly be technically possible for browsers to automatically detect sites attempting to exploit fixed security holes. For example, Firefox 1.0.4 could have been written to detect sites attempting to use the Firefox installation API with a javascript iconURL. Rather than just blocking the exploit attempt, it could then, either automatically or with the user’s permission, report the URL of that site back to a central server, so it could be assessed for placing in a block list feed. Such an assessment could be automatic – script a copy of the browser to go to the URL and see if it detects the exploit also.

Then, older browsers which had not been upgraded, but which were blocking sites from a list including that feed, would still have some amount of protection from attack. As soon as it had been reported by one user using a new browser, all users using older versions would be vaccinated against attack from that site.“

Leave a Reply