Neat Net Tricks Software Reviews

Clear Search Anti-Phishing

What's it do?

This product claims to detect phishing attacks before they happen.

Does it do what it promises?

Reviewer 1. No. It did not identify known anti-phishing attacks; it enables Windows Messenger as a part of its program notwithstanding that it does not mention this (it does, however, show the Windows Messenger icon next to its own icon in its screenshots); and it is, in my opinion, spyware contrary to its statements (See below).

Reviewer 2. While the software provides many anti-phishing warnings, I did not find it useful or useable. There were too many alerts and not enough details or customization available to make them useful or manageable.

Reviewer 3. Not as far as I could confirm. Over the three weeks I had it installed and intermittently running, it detected only one alleged phishing event, one that it claimed was carried somewhere in a copy of the online daily www.NYTimes.com and which it did not locate any more precisely than just "somewhere" on that Web page.

Reviewer 4. Yes. It detects phishing attacks before they occur and warns the user with a popup.

Reviewer 5. I suspect it does, although I can't say how well. It does support my email client (Eudora), so it was actively checking my email and reporting occasional suspicious messages. It does not support my Web browser (Opera), but the vast majority of my email activity is through a POP server. Since it never did very much, and I receive considerable spam (which leads me to suspect I received many phishing emails), I can't say it works, but since it did report some suspicions, I can't say it doesn't work.

Reviewer 6. As there is an increasing variety of ways that people are using the Internet for nefarious and illegal ends, perhaps a definition of "phishing" would be helpful.

For good information visit:
http://www.webopedia.com/DidYouKnow/Internet/2005/phishing.asp. Here is their definition of phishing: "The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information." That said, I cannot verify that this program actually works. I have been running it on my computer for about three months, but it has not yet notified me of any attacks. As I do not run one of the supported email clients, the only email sites that it can advise me on are the Web-based email clients I use from time to time: Gmail and FastMail.

Reviewer 7.Phishing is growing on the Internet today by leaps and bounds. Each month more and more people are losing their personal and financial information by simply answering questions or updating their personal information through supposedly "trusted Web sites". This is usually done by spoofing and/or misdirecting users to counterfeit websites which have been designed to reflect true and secure institutions, such as banks. Here consumers may be asked to provide account usernames, PIN's or credit card numbers. Another type of attack is the use of key-loggers. This type of spyware is downloaded into your system when you respond to an email from an unknown source. A new source of Phishing is Spear-Phishing. This type of method involves scammers sending highly targeted email attacks to a small group of people within an organization. They are hoping someone may divulge company information that may put the company or even yourself at personal or financial risk. Clear Search Anti-phishing resides as an add-in to your system and monitors all Web sites and emails you frequent. It validates the sites against its database of trusted and "not-to-be-trusted" sites. This is done in real time. When a site is identified as unknown, the user is prompted to accept it or to reject it. There is an con located in the system tray that indicates the application is alive and working. The software is updated daily and the user is notified when a new update is ready to be downloaded. The downloads are quick and easy to do. Simply accept the request and your software is ready to monitor and protect you. This program does what it promises. It is one of the applications that monitors Web mails and spoofed URLs and verifies secure pages (valid yellow lock icons and associated organizations). As you browse the Web and your frequented sites are visited, the software may identify a particular site as being potentially hostile, but you can "train" the application to accept the site as a valid and trusted one.

Was it easy to install?

Reviewer 1. Reviewer 1. Yes. It is a tiny 100KB download. The ease of installation, however, is because of its rather featureless (and I will argue) useless, program. (See below)

Reviewer 2. Installation was straightforward and included the following events which are normal for a program of this type: WinPatrol asked for approval for this IE Helper and for a new sartup program; Counterspy asked for approval for this Browser Helper Object (BHO) and startup; and, ZoneAlarm asked for permission for this application to access the Internet.

Reviewer 3: No. It installed itself on my C Drive without my permission and failed to give me any choice about where to install. Immediately after installation begins, without explanation or justification Clear Search Anti-Phishing triggered a Zone Alarm message: "A BHO is an application that extends IExplorer and acts as a plug-in allowing the BHO full control of IExplorer." Neither justification nor consequences are presented, a very dangerous invitation. After installation, everything seemed to go smoothly and the Anti-Phishing shark took up residence in the Systems Tray, as expected, where it resided for almost a week without any indication of problems or activity; however, after the first reboot of my system following installation, the Anti-Phishing Software failed to load, saying AntiPhishingP114.exe has encountered a problem and needs to close. Please tell Microsoft about this problem."

Reviewer 4: Yes, I had no problems with installation

Reviewer 5: The installation was simple and fast. The only problem for me was that in order to purchase/activate the program, I was forced to use Internet Explorer. Generally, if a Web site requires Active X to function, I leave the site and don't return.

Reviewer 6: Yes, it was. However, it does not install in the usual way. I was not really sure that anything was actually happening until the programs that I have monitoring registry changes and changes in my startup process began popping up and asking me if I wanted this and that change to be made. I allowed them, as this program needs to be running whenever you are visiting Web sites or doing email. What was a bit more complicated was the process of registering the software. You need to follow the steps that they send you very carefully in order to change the 14-day trial period to a year-long license.

Reviewer 7: It was very easy to install. Simply start the installation application, accept the defaults, enter a valid serial number and the program immediately starts to monitor your system and Internet browsing.

Good Points

Reviewer 1: None, unless you find paying $40.00 a year for a rather cute shark icon in your system tray and a new way to compromise your security!

Reviewer 2: Anti-Phishing scans for potentially nefarious qualities in Web pages and email messages such as one site being displayed in a link while you would actually be redirected to a different site. This is a common technique used to fool you into providing potentially damaging personal information.

Reviewer 3: Excellent, responsive technical support: Having available a private contact name and telephone number, , I called and asked for help in resolving the installation problem cited above. The support contact worked the problem to resolution on the phone with me over the one and one-half hours, splendid support of a quality rarely found in the PC software industry. The problem turned out to be a flag missing from the installation directory, one that was supposed to be set on rebooting the system after installation. This was likely caused by my failure to do a reboot until nearly one week after installation of the software. On a subsequent -reinstallation, the installation flag was present, but the shark failed to appear and the program did not restart at the next system reboot; it had to be manually restarted once again.

Reviewer 4: Clear Search Anti-Phishing runs unobtrusively in the background and monitors incoming email as well as Web pages for deceptive practices. The program watches for emails with links not matching the URL associated with them, Web pages with popups linking to a page unrelated to the page you are on or those that ask for information without SSL encryption, and spoofed email addresses. It then warns the user of a suspected phishing attack and gives information on how to learn more about the attack and how to report it.

Reviewer 5: If you use a supported browser, it reportedly scans Web email for phishing attempts. In addition to Internet Explorer, it supports the AOL browser and the AIM IM client. Clear Search makes it extremely easy to report phishing attempts (and through those reports to improve their database and help them make the product more effective). It is also easy to contact the company and provide feedback or ask questions.

Reviewer 6: There is very little to do with the program. It takes up very few system resources. It runs as an icon (a shark - very nice!) in your system tray. Once a day, it pops up with a brief report on the pages and email it has scanned, and how many phishing scams it encountered. If you do suspect that someone has attempted to "phish" you, you can submit a report for the company to analyze. As mentioned above, I have not had any occasion to verify this information, or to submit any reports. For your own information, it would be worthwhile to look at the examples of phishing scams, under the "How it Works" tab on their Web site.

Reviewer 7: It is compatible with any operating system from Windows 98 through Windows XP Professional. It integrates into Outlook, Outlook Express, and Eudora as well as America Online mail clients. It is continually updated with known hostile Web sites and URLs

Weak Points

Reviewer 1: I suppose that if one were to "anti-fish," one would go fishing with the goal being to catch no fish. If so then Clear Search Anti Phishing succeeds remarkably well: in over three months of use, it caught no "phish." To the best of my ability to determine over a test period exceeding three months, Clear Search Anti-Phishing was unable to detect or identify any phishing attacks--even known attacks that other such programs such as Cloudmark's Anti-Fraud Toolbar or Comodo's Trust Tool Bar identified. Obviously, their 15 day free trial is useless as in my nearly four months "trial" I would have had no way of knowing if it found anything had I not had other similar tools in place for comparison. If this is not enough to keep you away from a program costing $40.00 for a one year license consider also the following. (1) The program activates and apparently needs Windows Messenger-a well known and universally considered security risk-and adds it to your start menu, and has found a way to do so even if you have Windows Messenger disabled in your Windows Services applet! Nowhere is it mentioned that Windows Messenger is needed to run this program; although, if you look closely you will see the Windows Messenger icon visible next to the Clear Search Anti-Phishing icon in the screen shots on their web site. (2) The program has virtually no GUI nor does it offer any significant instructions or help menu other than what is on its web site. (3) The EULA cannot be found other than by clicking on a tiny link in very small print at the very bottom of their web site. This may be because it has what must be the most extensive "limits of liability" that I have ever seen on any piece of software. I am not sure, but I think you may even be unable to hold them liable if one of the software developer's come to your home and murders you in your sleep! I mean, seriously, the United States Tax Code is less fraught with exceptions that this company's EULA! (4) Support? I got none, notwithstanding the fact that I supposedly had a "name" to use for an inside connection. (5) Installation was not only sloppy but also offered something unique in my all my experiences. Besides leaving 48 (yes, 48!) unused file types and 6 empty registry keys in my registry after the program was removed, it added its own uninstaller to my start menu!?! Is this enough yet to make you want to stay clear of this software? Wait, the worse is yet to come. (6) THIS SOFTWARE IS SPYWARE! It may not be "hidden spyware" as they do tell you in their EULA (and in further small print) that they will be installing "tracking cookies" and that the program does "report back to the server." In fact, and I quote, their statement says: We do not transmit, collect or store any personal information about our users on our servers other [emphasis added] than that which allows us to keep track of your registration data. Note the word "other." In other words, they DO transmit, collect, and store personal information if it is necessary to keep track of your registration data (whatever that means!). And of course, even this begs the question of why they need Windows Messenger-which, of course, the only purpose can be to transmit information.

Reviewer 2: Anti-Phishing's warnings are too general. For example, an alert might pop up on an email message warning you that there was a link present where you would be redirected to a different site. However, the email message might contain 20 links and there would be no indication of which of the links contained the redirect. There were too many false alarms. Email from sites such as eBay or NYTimes.com would always be flagged. There was an option to designate "safe sites", but entering these Websites here did nothing to change the alerts on the emails from these sites. Anti-phishing can be disabled from the system tray, but doing this and then examining running processes in Windows Task Manager reveals that AntiPhishingP114.exe is still running. Internet Explorer crashed regularly (once every 2-3 days) after installation of AntiPhishing and the Antiphishing.dll file was cited in the error message. This happened even with Anti-Phishing disabled. Anti-Phishing provided no uninstall option in the Start Menu, in the System Tray icon menu, and there is no mention of it under Support on their Website. The program also does not appear in the Add/Remove Programs section of Control Panel. I tried to email the company via the page on their support page. I filled out the form and clicked on the Submit button, but there did not seem to be any action taken and there was no confirmatory message screen indicating that the message was sent. The only message was in the informational line at the bottom of the Internet Explorer page which contained an alert icon and read "Done, but with errors on the page." After searching my hard drive, I did find an Uninstall file under the default install directory, C:\Program Files/AntiPhishing .

Reviewer 3: When the program detects an intrusion event, it fails to provide enough information for the user to really understand it or prevent it in the future. It just flags the event and keeps statistics. I'm highly skeptical that the single NYTimes.com event reported in my monitoring was valid, and it failed to detect three other phishing events that did occur : account information verification requests that I received during the test period from a pseudo PayPal website. Clear Search Anti-Phishing was quarantined by Webroot Spysweeper V4.5 as a Critical (Most dangerous) piece of Spyware, reporting "ClearSearch may hijack any of the following: Web searches, home page, and other Internet settings." Its annual subscription price of $39.95 is at least quadruple what I'd consider paying for it, even if it worked and it was credible with its findings. Its documentation is virtually non-existent, with only a few sparse Website screens. Nowhere is there any discussion of how it works nor examples of its output, nor what kind of 'escapes' the user might encounter. Nowhere is its performance discussed.

Reviewer 4: The program did not have 100% success during my tests, as it let a few phishing emails through; but, it did catch most. In all, l I have few complaints about the product.

Reviewer 5: No support for Opera, Firefox, Netscape browsers, or Trillian IM client. There is no 'cancel' or 'exit' option in the dialog for adding sites to the white list. No scroll bar, either, although my list was very short. No help system (for example, to explain how to use the 'Safe Site' whitelist). When it reports a suspicious message while I'm away from the computer, since there is nothing in the alert to identify the specific message that triggered the alert, I have no way to know which message I should be concerned about.

Reviewer 6: First, the only browser that it supports is Internet Explorer. To check this, I decided to run both Firefox and Explorer at the same time. Whenever I ran Explorer, the pages/subpages counts went up in the Daily Report, whereas, when I accessed the same (and also different) pages with Firefox, the count remained unchanged. Thus, although it claims to be checking Web-based mail (in my case, I tested it with FastMail), it is only doing so if you are using Internet Explorer. And, it is therefore not scanning any of the other Web sites that you are visiting, which may indulge in phishing activities, unless you are using Internet Explorer. Secondly, it is really difficult to know if the program is actually accomplishing anything for you. Perhaps I am lucky, and have not been subject to any phishing attacks. Perhaps I have been phished when using Firefox. The only reporting that you can get is under the "Current Report Activity" item, and there, I have very little accumulated. Thirdly, I found the support to be a bit spotty. It is not actually called "Support" but is available under the "Feedback" item. Rather than activating your email client, it brings you to a Web page, so you fill in your report online. I prefer the email system, as it provides me with a dated copy of my original request. However, they do have an auto-reply, which sends you back a copy of your comment. Sometimes, I received an answer within a day, but at other times, I had to resend my questions more than once before I was able to get a response.

Reviewer 7: It does not install into Firefox and this should be looked at in the near future, as many users are using Firefox as a browser.

Other Comments

Reviewer 1: There is a somewhat of an argument today of what constitutes spyware-although the argument tends to be made only by those who have been identified as producing spyware and are protesting their inclusion in anti-spyware programs. It is, however, not really all that difficult of a question to answer. According to the Anti-Spyware Coalition: Spyware is any program or portion of a program, or web site which is used in whole or in part to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information without fully disclosing what specific and exact information is being gathered, for what purpose, and to who it is being given. Note, there are no exceptions and no "other than." The definition is straightforward and really quite simple. It is not enough that you are told that information will be gathered, but you must be told exactly what information, foe what exact purpose, and to whom exactly it will be given-not simply "personal information" to "track registration data" given to "our servers." Internet crooks are evil geniuses: They always seem to be one step ahead of the good guys. That's why it's wise to scrutinize any software that asks or suggests that it can, for any reason, collect personal information or any software that requires the ability to transmit information from. i.e. "outbound," your computer to them. And when you add to that, software that is deceptive in what it discloses about its program and/or how it operates then the word "crook" seems quite apropos, in my opinion.

Reviewer 2: The first site to give an alert on IE was nytimes.com with the message "This page contains a link that doesn't match the URL underneath it". This was presumably one of the ads, but it was impossible to tell from the message since no specific link was referenced. This same pattern continued with analysis of links in my e-mail messages in Eudora. I would open an e-mail message and a warning would pop up saying that there was a mismatched URL/link. Most of these were ebay messages. I found these alerts to be annoying in that they gave an early general warning which was not specific enough to understand enough to do anything about except take a pause to click on OK in the warning window. I would have appreciated it more if the program could have either: 1) listed the link which contained the different URL so I could evaluate the risk level and know what to avoid, or 2) waited until I clicked on the potentially bad URL and then sent me a "you clicked on a link where the URL does not match the text in the link. Are you sure you want to proceed?" In the latter case, the warning comes up on a link I was actually going to click. As the system is now, it sends warning messages about links I might never click. But it did interfere with my workflow.

Reviewer 3: This program began with failing to install, requiring a 90-minute technical support conversation to generate a patch to get it working on my computer. After that, it apparently worked OK for a time, until it began failing to load automatically and had to be initiated manually. The extent of its scanning (947 Webpages and 81 emails) in more than two weeks indicates additional bug(s) and/or poor performance. Even when working, in my judgment it provides such lack of analysis or feedback that the data is relatively useless, even if true (which I doubt).

Reviewer 4: The program worked pretty well for me, catching several phishing emails and sites asking for personal information.

Reviewer 5: There is apparently an AdWare product called Clear Search which redirects your searches through their servers. I hope it's not the same Clear Search that created this product, since after an initial 'panic' uninstall, I re-installed Clear Search Anti-Phishing and told my malware software to ignore it. These folks may want to rebrand their product to avoid being (presumably erroneously) flagged as adware. Almost all the warnings I received were associated with known legitimate messages (e.g. New York Times daily Headlines). While I didn't receive any of the more blatant phishing messages (Ebay, Paypal, and banks I don't have accounts with are the most common) while Anti-Phishing was active, the fact that it reported so few non-Times threats, given the volume of daily spam I receive, makes me question its effectiveness. When I do receive phishing email, I like to forward the message, with full header, to the site being faked (Ebay, Paypal, whatever). This involves going to that site to determine how that business prefers to receive such reports. The Anti-Phishing 'report phishing attempt' form states "Please feel free to send us suspected phishing attacks. We will analyze these and take the appropriate action." I'm confident that if I send them a legitimate phishing email, they will add the data to their product's database. I'd like to be more explicitly assured that they will also forward the information to the security people at the faked site and/or to government authorities.

Reviewer 6: When I agreed to review this program, I did know that it does not yet support Pegasus email. I understand that Pegasus does not have a large corner of the email market, but it serves a significant number of people worldwide. The support people say that Pegasus is in their development plans, but it has not yet made it to actuality. A greater flaw is that it is limited to Internet Explorer and does not support such browsers as Firefox and Opera. Until they are included, the shark will not catch any phish for the millions of people who prefer these other means of navigating the Internet.

Reviewer 7: Phishing and Spear Phishing are the most growing threats on the Internet today. Sure, it is easy to tell someone not to open suspicious emails or to give your personal information to a "trusted" site. The design and use of Anti-phishing software is just added protection and one we all should be aware of. Consider it as another type of Anti-virus or spyware protection, something we all should use. Here are a few common sense tips we should all follow when surfing the Internet: Never give out personal or financial information in response to any email request, no matter where or who it is from or enter any personal information into a pop-up window; If you are unsure of the email, call the person who sent it or the institution it is from and ask to speak to them directly asking if they in fact did send the email; Do not respond or open an email message the requested personal or financial information; If you need to update your personal information at your financial institution, then type the address into the address bar and do not trust any supplied links; Make sure the Web site is secure. You can do this by checking the yellow lock on the bottom right of the Web page. A closed lock shows the web site is using encryption. Make sure this lock does not appear on every page you visit, only on the page where your personal information is being requested; The yellow lock can be faked as well so to verify it is valid then simply double-click on it and the Issued To field will match the site you are on. If it does not, then get out of there; and, Keep you computer and operating software up to date.

Will you continue to use it?

Reviewer 1: Under no circumstances.

Reviewer 2: No.

Reviewer 3: No.

Reviewer 4: Yes

Reviewer 5: Since my email client already displays the actual address of all links, and alerts me to IP address links, and since Anti-Phishing doesn't support Opera, no. Even if this product is as effective and useful as they promise - and I'm not entirely convinced of either , I have uninstalled it.

Reviewer 6: No, not at present.

Reviewer 7: In today's world, it is becoming more and more critical we protect our personal information. I personally never purchase anything over the Web and I do all my banking in person at the bank. Because of this, I will probably not use it; but, it is very intuitive and offers a high level of protection for those who do use the Internet for banking or other financial transactions.

OPERATING SYSTEMS USED IN THIS REVIEW
Windows XP Pro, XP Home

Back