The best antiphishing defense you could hope to build is based firmly upon end-user education. If people could be freed from their naivete, scammers wouldn't stand a chance of fooling anyone except themselves.

But many companies don't see the value in ongoing user education, and some people simply can't be educated to a reasonable degree. Thus, we need antiphishing software, which has become a major feature of Web browsers and of various third-party security solutions.

In October, a Microsoft-commissioned report on various antiphishing solutions was released. The testers found that Microsoft Internet Explorer (IE) 7.0 has better antiphishing technology than competing solutions. The products tested included IE 7.0 Beta 3, EarthLink ScamBlocker, eBay Toolbar with Account Guard, GeoTrust TrustWatch, Google Toolbar for Firefox with Safe Browsing, McAfee SiteAdvisor Plus, Netcraft Toolbar, and Netscape Browser with built-in antiphishing technology. In "IE 7.0 and Firefox 2.0 Both Have New Antiphishing Technologies" (at the URL below), I reported that the test results were weighted toward rewarding tools that completely blocked access to suspected phishing sites (rather than just warning users) and to tools that didn't produce false positives.

The Mozilla Foundation commissioned its own study to gauge the effectiveness of Mozilla Firefox 2.0's antiphishing technology as compared with IE 7.0's. This study found that Firefox's antiphishing technology was better than IE's by a considerable margin (see the results at the URL below).

One difference between the two studies is that Mozilla used a much larger sample of known phishing sites, all of which appear on the PhishTank Web site, at the URL below. The larger sample undoubtedly had an effect on the overall outcome. Another difference is the weighting in the Microsoft-sponsored test. If you don't place the same value on certain features as the test did, you might not give the tools the same ranking they received in the test results.

I think the most interesting result is that some of the third-party products performed exceptionally well in the test commissioned by Microsoft. But neither report seems conclusive to me. One report provides test results for many products but used a small sample of known phishing sites. The other report used a large sample of sites but tested only two products out of the many available.

It would be interesting to see a new report that uses a very large sample of phishing sites and performs tests on all (or most) of the available antiphishing solutions, including third-party solutions that offer both browser-based protection and gateway-level protection.

It's especially important to know how gateway-level solutions perform, because browsers and browser toolbars are updated frequently. Thus, keeping up on all workstations is a big chore, especially in large organizations. It seems to me that using a gateway-based solution would be much more cost effective if at all possible. However, a gateway-based solution might not work for you, depending on the way you handle connectivity and security for your mobile users.