Microsoft adds another antiphishing partner

Cyveillance joins Microsoft's other partners in the fight against the prevalent information-stealing online scams.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
2 min read
CHICAGO--Microsoft has added another data provider to its list of allies in the fight against prevalent data-stealing online scams known as phishing.

Cyveillance has joined InternetIdentity, MarkMonitor and RSA Security's Cyota in providing Microsoft with information on known phishing attacks. That information is used for a phishing shield that can be downloaded for the MSN Toolbar and is built into the new Windows Live Toolbar and Internet Explorer 7.

"We want to get the best data coverage," Michael Aldridge, a group product planner at Microsoft, said Wednesday in an interview at an e-mail security event here. "We have added Cyveillance and you can expect to see more announcements in the future."

The additional partners will help Microsoft offer the phishing shield to customers in non-English-speaking geographies, Aldridge said. Currently, Microsoft offers protection against the scams only in English versions of the applicable software, he said.

Phishing attacks typically use spam e-mail messages to lure victims to malicious Web sites, where they are duped into disclosing log-ins and usernames for Web sites, as well as other sensitive information such as credit card numbers and Social Security numbers. The messages are typically spoofed to look like they come from a trusted company.

Filters that protect against such scams typically use blacklists that prevent the user from surfing to known fraudulent Web sites. Microsoft's tools are examples of such filters. Others are provided by companies including eBay, Netcraft and EartLink. Web browsers from Opera and AOL also include filters and one is slated for Firefox 2.0.

Meanwhile, Microsoft has parted ways with WholeSecurity, one of the early partners on its antiphishing software, Aldridge said. WholeSecurity was acquired by Symantec, but that played no role in the separation, he said.

"We initially worked with WholeSecurity as we were developing the system," Aldridge said. "As we defined the guidelines, we realized we needed to work with other partners."

Aldridge would not say when the international phishing protection would ship. However, he pointed to the Windows Vista ship date as an indicator, since that next release of the operating system will have the feature built-in. Windows Vista is due to be available for consumers early next year, Microsoft has said.