On 11-Sep-08, at 8:24 PM, Likarish, Peter F wrote: > I'm a grad student doing anti-phishing research and lately I've been > comparing the performance of FF2 and FF3 with regard to site > detection. FF2 has been substantially outperforming FF3 against our > test set of phishing attacks (generally garnered from published > online repositories of phishing attacks). Based on my outsider's > perspective, I was under the impression that both relied on Google's > Safebrowsing and was surprised by the disparity between versions. I > am wondering if this is a generally observed phenomenon or if we are > doing something odd in testing that could be causing it? If anyone > has a chance to enlighten me, I would greatly appreciate it.
Hi Peter, Can I ask what your methodology looks like? We've had some conversations with another grad student doing similar research, and found that his set up involved running the tests immediately after the browser started up with a new profile, or in short bursts. Because we use a local DB for the checks rather than pinging out to a network host to check every URL, Firefox needs to pull down a complete database of blocked sites before it will be effective. Because we don't want to eat up all our users bandwidth, this is done in pulses, so it can take several hours to get a complete list. Once the database has been built out, incremental updates are delivered about every 30 minutes which include any additions or deletions since the last update. In typical usage scenarios, where a user will be using the browser regularly over the course of months or years, this build- out time is an acceptable lag, but in a test environment it could easily confuse your results. Does this sound like it could be something that's tripping you up as well? In the case of the other researcher, he was able to get much more accurate data by leaving Firefox idle for a day to build up a complete profile before starting his tests. Cheers, Johnathan --- Johnathan Nightingale Human Shield [EMAIL PROTECTED] _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
