Security

New browser sniffs out phishy sites

Deepnet launches Web browser that detects fraudulent sites and nails an increasingly prevalent type of floating ad.

Stay on top of the latest tech news with our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

By Paul Festa
Staff Writer, CNET News.com

A browser launched on Wednesday with the promise to both detect "phishing" sites and nail an increasingly prevalent type of floating Web ad.

Deepnet Explorer, a browser shell that uses Microsoft's Internet Explorer to render Web pages, analyzes Web addresses and combs through its own list of suspect sites to determine whether a site might be part of a phishing scam, in which fraudsters attempt to get personal and payment information from unsuspecting visitors.

Phishing scams have become more sophisticated and common, though a report released today suggests that the monetary cost of the trend has been exaggerated.

Version 1.3 of the browser, previously available in a test, or "beta" version, also takes aim at a new kind of Web advertisement that has been evading pop-up blocking software.

The ads, called "floating" or "overlay" ads, move around on the screen and are immune to the pop-up controls increasingly common in browsers and browser toolbars.

"We've seen a lot of these adverts recently," Deepnet CEO Yurong Lin said. "It's the new trend in advertising because the pop-up blockers are so popular."

Pop-up blockers generally work by detecting and foiling a Web script command to open a new window. But floating ads rely on a more involved scripting object that keeps the pixels moving in an existing window.

Deepnet Explorer 1.3 also introduces an application that lets Web surfers monitor cookies, or files that a Web site places on a visiting computer to keep track of preferences and other personal information. Another feature lets people create groups of browser tabs within a single window. Tabbed browsing has emerged as a must-have feature for Web browser software trying to compete with or expand on IE, which doesn't offer tabs.

For Version 1.3, Deepnet added content from news headline aggregator Moreover Technologies. For future versions, the company is in negotiations with Google to provide general search results.

Lin dismissed criticism that the Deepnet browser's phishing detector could lull users into unwarranted complacency. Critics have noted that some phishing schemes work on legitimate sites through code sneaked onto Web surfers' computers.

"Antivirus companies are looking for viruses, but phishing sites are not viruses, and you need something like Deepnet to find those sites," Lin said. "I think we complement each other."

Lin also defended his company's decision to stick with the IE rendering engine. IE has gotten criticism by some Web developers, who have rapped both its security and its standards support. Open-source options such as the Mozilla Foundation's Gecko software have won better security and standards reputations in recent years.

"Over the last several years, IE became the de facto standard browser, so most Web sites are designed to work with IE," Lin said. "If we chose something like Mozilla, it's going to not display a lot of Web pages properly."

But Lin said Deepnet has considered doing something like Netscape did yesterday with its release of a prototype browser that gives surfers the option of switching back and forth between browser engines.

"That's something we've been talking about internally," Lin said. "It's possible for us to support multiple engines. The only problem is engineering resources. To provide compatibility for Gecko would require a lot of development work."

Editor's Picks

Free Newsletters, In your Inbox