Audit Clears MS Phishing Filter as Privacy Risk

A third-party audit of the new phishing filter built into the Internet Explorer 7 browser and the MSN Toolbar has given the technology a thumbs up on the sensitive issue of user privacy.


Jefferson Wells International, an IT auditing group, has validated Microsoft's assurances that the phishing filter does not transmit any personally identifiable information without explicit user consent and that any URL information sent from the user's browser cannot be traced back to the surfer's personal information.

The privacy thumbs up is a boost to Microsoft's mission to market IE 7 as a major security overhaul with features to thwart identity theft and drive-by spyware and Trojan installations.

Microsoft has long insisted the technology does not present a risk to user privacy, but because it uses a mechanism that transmits data to a Microsoft Web service for authentication checks, the company felt the need to call in third-party auditors to verify its claims.

"We gave [the auditors] in-depth access to the technology and to the engineering team. After they studied the technology and interviewed the engineering team, they agreed that the claims we made about protecting your privacy are true and accurate," said Rob Franco, lead program manager for IE security at Microsoft.

In a blog entry announcing the audit results, Franco said Microsoft will repeat the audit periodically so that even if the service changes in some way, surfers will still have proof that the Web service protects user privacy.

In the MSN Toolbar implementation, an IE user that is tricked into visiting a known phishing scam site will be automatically blocked from entering personal information on the site. This is done via a client-side whitelist that stores phishing site data.

In IE 7, when the filter is turned on, every URL a user visits that is not on the client-side whitelist is transmitted to Microsoft's servers to be checked. In the tool bar add-in, the service serves as an "early warning system" for suspicious Web sites and will provide two levels of color-coded warnings.

Details on how the data is transmitted is not known, but according to the audit by Jefferson Wells, HTTP and HTTP Secure URLs transmitted for rating by the Phishing Filter client are limited to the domain and path only. "All other information in the URL is stripped," company officials said.

The auditors confirmed that the phishing filter client only transmits URLs when the user wants to manually provide feedback on a URL, when the URL is not found in the Phishing Filter local data files, or when the phishing filter client heuristics determine a site as suspicious.

Transmission of any and all URL information by the Phishing Filter client is over SSL on the Internet, Jefferson Wells officials said.



Related Links:

• Go back to category Internet & Networks to read more reviews and articles.
• Go back to Software Magazine's main page.