The Bottom Line
- Netcraft Toolbar provides added protection against commonly found phishing attacks.
- URLs constructed with specific characters for cross site scripting are detected immediately.
- Forcing certain browser elements to display protects you from deceptive popups masking their origin.
- Functions well in conjunction with most other toolbars and security applications.
- Netcraft's active community provides for a massive blacklist which is updated at an impressive clip.
- Not all XSS attacks are successfully detected.
- Compatibility issues exist with MSN Toolbar's "MSN Search Toolbar Helper" component.
- The formula for Risk Rating places too much weight on the age of a domain name.
- The toolbar blocks certain URLs that may be part of a phishing attack, based on information from Netcraft's database.
- If a URL is blocked, a warning dialog is displayed giving you the option to allow or deny the page from loading.
- You can easily report a suspicious URL via the toolbar's main menu by selecting Report a Phishing Site.
- Once a URL is reported, it is automatically blocked for all other Netcraft Toolbar Users (also known as community members).
- Supervisor validation is utilized to minimize the impact of community members falsely reporting suspicious URLs.
- The Risk Rating, determined by a Netcraft formula, is displayed on the toolbar for each web page visited.
- The current site's host country, depicted by a flag image and ISO code, as well as the site's netblock name is displayed.
- A link to the current page's Site Report is provided on the toolbar. The report contains origin date, IP address, and DNS.
- The toolbar can be configured to check for new versions as well as new local data files at user-specified hourly intervals.
- Browser elements such as status bar and menu bar can be forcibly displayed, preventing malicious sites from masking them.
Guide Review - Netcraft Toolbar
There was a time where most phishing attacks were poorly created and even the most novice Internet user could spot the hoax if they took the time to analyze it. The trouble then was that a lot of us may have been too busy to take the time out and eventually fell victim to a phishing attack. However, times have changed and the trouble now is that phishers have gotten much better at their craft. By mimicking the email formats and site designs that most of us have grown accustomed to, these hackers have been able to prey upon a larger number of people resulting in more stolen identities and other nightmarish consequences.
Netcraft Toolbar does a good job of detecting sites that may be part of a phishing attack before it is too late. By using a unique combination of user reporting, suspicious character detection, and the Netcraft Web Server Survey, the toolbar warns you if you are about to visit a phishing web page. Overall, this add-on is more thorough than IE's internal phishing protection and was able to detect attacker sites better than some other security products currently available. It also seems to play well with most other add-ons and I am personally a big proponent of this toolbar. If you do decide to use Netcraft Toolbar, please actively report any suspicious URLs that you may come across in your travels. The stronger the community grows, the better protection this add-on provides -- and protection is the bottom line.