Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs

The Anti-phishing Tool Bar Controversy...

by Christopher Boyd

Date: 09.30.2005

There are lots of rumours circulating at present, regarding the Antiphishing toolbar from Netcraft. These rumours have circulating? as far back as May, claiming that the toolbar itself contains "spyware". Like most things labeled spware, it depends on your point of view; whether you think cookies areevil, and whether the price you pay for some phishing protection is a little personal data sent back to base. With that in mind, let's continue...

The Install

There seems to be nothing unusual here. Firefox pops up the "blocked" install message, and you have to manually add the Netcraft site to the list of allowed sites.

When the install is initiated, a popup appears which seems to have caused concern in end-users, but it is simply a javascript popup describing what is going to happen - Netcraft being helpful.

This is a good example of what can happen when panic takes hold needlessly - not every popup is a bad thing. Then you get another clear message, indicating what will happen when you restart Firefox - for something that is supposedly doing something untoward, the toolbar is very clear with its disclosure!



In Practice

I tried the Toolbar out on a number of phishing sites - it blocked all of them (example here). I had no false positives and the tool uninstalled with no problems, but I only tried a limited selection of sites. Remember, here I'm primarily looking for "unusual" behaviour. The issue is - I didn't find any.

pqnelhleyy ac1f10b6 5a2de768


In Closing

Here we have a case of what the value proposition is for the customer. The toolbar privacy policy clearly states what the tool will do - from the agreement:

# Information Automatically Logged We use your IP address to help diagnose problems with our server and to administer our Web site. Your IP address may also used to display regional advertising banners.

# Advertisers Sometimes advertisers may use third party banner servers to display banners on our site. These servers are not under Netcraft's control.

# Cookies Netcraft uses cookies in areas of the site requiring authentication, and as part of its banner serving system.

Now, it has been mentioned on numerous sites as indicating that end-users should be looking out for popups, banner ads and other things associated with Adware, and that it tracks users for "hidden" purposes. But look again - it doesn't say this applies to the toolbar. It says these ads are on the website. And "banner serving system" has to refer to the website too - banners served by a toolbar wouldn't be very big to look at! No, the issue here is that the terms for the toolbar and the terms for the website don't appear to have been separated well enough. Or at least, they have, but not enough for the average end-user to understand. This is despite the fact that the article clearly states lower down the page that the toolbar collects the below (under the heading of Netcraft toolbar!):

* A unique identification reference is generated for each Toolbar installation. This is sent back to us when the Toolbar attempts to download updated versions of its software and is used for planning and licensing purposes. This is not sent as part of the Toolbar's normal operation when browsing the web.

* Web sites (not URLs) visited when browsing the web. These are used to provide contextual reports and popularity ranking information for the site being browsed.

* Secure hashes of URLs visited when browsing the web. These are used to defend against phishing sites by comparing the hash against a list of hashes of previously reported phishing URLs and blocking the page if a match is found. There is no other case in which we can determine the URL of the page you have visited from the hash which we receive.

* The Toolbar does not collect any personal information except that described above. In particular, we do not collect personal information which can identify the browsing habits of individual users.

So we can see that, although Netcraft has made every effort to make clear what the toolbar does, there is still confusion in the end-user's mind with regards what the software actually collects. The interesting question is, what can Netcraft and companies like them, and (more importantly) the end-users do to clarify these issues? It's a question with no easy answers, but as the above has illustrated, these days even producing a tool designed to increase security can be filled with unintentional perils.

Unless otherwise noted this article is Copyright © 2017 by FaceTime Communications, Inc. This article may not be resold, reprinted, or redistributed for compensation of any kind without prior written permission from FaceTime Communications, Inc. For reprint or media inquires please contact us with the phrase "Spyware Guide Articles" in the subject line and we will by happy to assist you. Links to this article from other websites are appreciated and encouraged. Users are also encouraged to utilize our RSS system to provide unique content and extracts for their site.

Read other articles (back to full list)

Help with the BUST!
Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
Recent Blog Posts

There was an error communicating with the requested site.

Recent Modifications
2017-11-13  Adult Networks/Services
2017-2-10  Adult Hosts
2016-3-30  CoolWebSearch
2015-9-29  Malicious URLS
2015-5-19  Dialers
2015-1-5  Email Threats
2013-7-20  Date Manager
2013-4-10  BeeBus
2012-12-18  JT.Moonwalk
2012-12-18  Sadbiz
 

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

© Copyright 2007, FaceTime Communications, Inc. All rights reserved.