Phishing data sources and transparency

Microsoft pointed to our study from the IE blog, where there are already several comments, including this one from “Sheep and Duck”:

3Sharp was founded in 2002 by three friends: Paul Robichaux, Peter Kelly, and John Peltonen, all experts in their respective fields. Their goal was to establish a company that could demonstrate the robustness, flexibility, and sheer native capabilities of the Microsoft communication and collaboration technologies. By working closely with Microsoft’s Information Worker Group, 3Sharp has always been able to stay on the cutting-edge of the Office System technologies.
Somehow I don’t trust this “study”.

To which I say:

Sheep and Duck, I understand why you’re skeptical. No matter who commissioned the study, *someone* would distrust the results on that basis alone. However, I think if you read the report, you’ll see that we have been transparent about our test methods and the data we used for the test. If you read the report and still have questions, feel free to contact me via e-mail ( or my blog ( and I’ll do my best to address them.

The report even says that the actual scores of which product blocked or warned on which URLs is available from us on request. It’s hard to be much more transparent than that!

The folks over at mozilla links also asked a good question that I should have addressed in the FAQ: because some of the URLs came from a feed generated by opt-in Hotmail users, does IE have an unfair advantage? The answer is “no”, because the feed we used wasn’t incorporated in the data feeds that Microsoft uses for the Phishing Filter.

Technorati Tags: ,

Comments Off on Phishing data sources and transparency

Filed under Security, UC&C

Comments are closed.