• silicon.com
• Technology
• Security

By Alorie Gilbert, 29 July 2005 10:15

NEWS Microsoft has enlisted some outside help for one of the most anticipated new features of its updated web browser: the ability to alert people that they may be about to enter a fraudulent website.

The company has recruited WholeSecurity, a maker of computer security programs in Austin, Texas, to help Internet Explorer 7, the next version of its browser, identify websites designed to trick people into disclosing personal data to identity thieves, the companies said. These "phishing" sites mimic legitimate sites, such as eBay and Citibank, and have contributed to a national identity theft epidemic.

Microsoft released a beta version of the new browser, also known as IE7, this week to a select group of testers. The company plans to release a second beta version for the general public to test before shipping the final version.

WholeSecurity, which is privately held, is helping Microsoft assemble and maintain a list of verified phishing sites, also known as a blacklist. When people try to visit a website on the list, IE7 automatically warns them via a dialogue box that the site is fraudulent and suggests they "not continue to this website". At that point, people can close the web page, or continue on if they choose.

WholeSecurity, via a project called the Phish Report Network, has thousands of websites in its blacklist and adds more all the time from the hundreds of new sites that contributors flag daily, said John Ball, senior product manager at WholeSecurity. Microsoft helped the company launch the Phish Report Network in February, along with Visa, eBay and eBay's PayPal unit, which all help to build and maintain the list.

Microsoft isn't the first company to build anti-phishing features into a web browser, nor is it the first to recruit an outside security company for help with the task. AOL's Netscape unit introduced a new version of the Netscape browser in May with a similar feature. The company has compiled its own blacklist with the input of parent AOL, not-for-profit privacy group Truste, VeriSign and security software company Paretologic.

A UK-based browser company called Deepnet Technologies claims to have been the first to incorporate anti-phishing mechanisms into a browser when it released Deepnet Explorer in December.

But with close to 90 per cent market share in the United States, Microsoft is certainly the biggest browser company to attack phishing. Yet, the company doesn't expect its latest efforts to bring an end to these scams.

Gary Schare, Microsoft's director of IE product management, said: "Does having a police force wipe out crime? The purpose is to contain it. It's a tall order to say this will wipe out phishing."

CNET News.com's Ina Fried contributed to this report

Alorie Gilbert writes for CNET News.com