The Security Mentor

There's software now that supposed to help protect you against web sites that impersonate your bank or broker and try to steal passwords and accoutn numbers. It comes in the form of toolbars for your web browser, from many suppliers with many different approaches. How well do they work?

Carnegie Mellon researchers tested anti-phishing toolbars in a recent study. The reuslts are not encouraging.

"[the best products]still missed more than 15% of fraudulent sites. The other four toolbars we tested could correctly identify less than half the fraudulent sites, and one did not correctly identify any fraudulent sites."

Software is doing you some good if it cuts the number of undetected attacks by a factor of 6. But there's an easier way that's more reliable, and the free toolbars come with a high price.

Simply bookmark the places that need high-value passwords and always use the bookmark to go there. Even easier, you may be able to put a link in your browser's navigation bar. Don't follow links from email even if they look right. That will protect you against all but a tiny minority of forgeries.

The price of the free toolbars is that, in the case of those I'm familiar with, they check the URL you're visiting by sending it to a central machine that compares it against a list of known crooked sites. That's right: the company providing the toolbar knows whether you're going to redheadedasiansincombatboots.com.