Monday, November 27, 2006

Opera 9.1x Fraud Protection

I have been a long time admirer of the Opera web browser. Internet Explorer (IE) and Firefox might get all the publicity but make no mistake Opera is a stellar web browser. Many of the features found in Firefox and newly added to IE 7 have long been available in Opera, such as tab browsing, integrated rss aggregator, password manager, download manager and integrated search box. Unfortunately, despite Opera’s laudable history of innovation, it hasn’t really built a large community of users. However, there is one niche in which Opera has been successful in capturing; Opera is widely used in mobile devices (e.g. mobile phones) (link).

Opera 9.02 is the latest stable version; however, the first release candidate for Opera 9.1 is available for download. This future version refines on already existing features but there is one new addition I would like to talk about. Opera 9.1 will include a new fraud detection feature. It is no big surprise; Firefox 2.0 and IE 7 both have one. The threat of phish websites has been on the rise for some time now. Phish sites pose a serious problem because, just as one is discovered, it is replaced by another. So, browsers which use blacklists are not very effective since new phish sites appear every minute and blacklists quickly become outdated. Opera’s fraud detection works a little different than Firefox and IE’s fraud detection.

By default, Firefox 2.0 only uses a blacklist to detect phish sites. Users need to enable the real time protection feature. And, the real time problem is not without problems. The technology behind Google’s Safe Browsing extension was used to create the real time protection for Firefox 2.0. Some privacy advocates are concern since a record of sites visited by users are sent to Google (link).

The built-in phishing protection is truly third-rate. There are two antiphishing options: Mozilla's weak blacklist-based protection (yes, seriously) and Google's antiphishing technology, which is both poorly rated and a privacy nightmare.” – Paul Thurrott

As usual, Google denies that it keeps any personal information and only the barest of information is recorded to determine if a site is genuine or malicious.

During installation of IE 7, the user will be prompted to either enable the phishing filter or not. If enabled, IE 7 will automatically check the webpage you are trying to load against an up-to-date list of known phish sites. The list is maintained by Microsoft based on suspected phish sites submitted by IE users. If a user declines to activate the phishing filter, he can still audit the current webpage with a single click (link). However, one annoying problem I noticed with IE’s phishing filter is that it significantly slows the loading of a webpage. It became so annoying that I disabled the feature and took my chances without the protection.

Phishing Filter helps to protect you in two key ways.

  • It operates in the background as you browse the Web, analyzing Web pages and determining if they have any characteristics that might be suspicious. If it finds suspicious Web pages, it will show a yellow warning, advising you to proceed with caution.

  • Phishing Filter checks the sites you visit against an up-to-the-hour,

dynamic list of reported phishing sites. If it finds a match, Phishing Filter will show you a red warning notifying you that the site has been blocked for your safety.” –

Well, enough about Firefox and IE 7, Opera has a solid phishing filter but they call it “fraud protection.” By default, the fraud protection is disabled. Users can enable it by going to Menu bar > Tools > Preferences > “Advanced” tab > check “Enable Fraud Protection” > [O.K.]. When loading a new webpage, Opera will automatically send the webpage’s URL to Opera’s server where it is matched against a list of known phish sites. To the right of the address bar, Opera will display either an “i” for a website known to be genuine or a “?” for unknown websites. However, if the website is a known phish site, Opera will block the loading of the webpage (see below).

Opera make every attempt to respect users’ privacy by not storing the sites visited on their servers. In addition, no cookies are created nor is any information forwarded to third parties. There is one feature which really caught my eye. Once a website has been declared safe, the browser will cache the website (link). As a result, if a user revisits the same website, Opera doesn’t need to check with the server since the website has been declared safe which saves time. While surfing the Internet with Opera, I hardly noticed any delay in loading a webpage.

When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless.

The reply from the server is an XML document containing the trust level of the domain. This reply will be cached by Opera for a time indicated by our server. This means that information about well-trusted sites can be cached for a longer period than for unknown sites.

We don't store information on our servers that let us track individual users. IP addresses are discarded and we don't use cookies or other session information. No information goes directly to third parties, all communication goes through our own servers. Our servers get the trust information from a database supplied by GeoTrust, who have a long experience with anti-fraud solutions.” – Opera Desktop Team

In closing, I would like to say that Opera is a solid web browser known for innovation. In addition, the Opera development team has done a remarkable job of creating a reliable and efficient fraud protection.

1 comment:

Anonymous said...

Rapidly improvements, RS Moneynumerous authorities still consider the agreement course of action to be really misleading as well as invasive. Authorities confess in which Ms is equipped with the legal right to Guild wars 2 Goldsafeguard their mental residence however they don't think the particular WGA program could be the response.