Yesterday I mentioned the limitations, both technical and user, of the growing list of toolbars and browser plug-in's designed to detect phishing web sites.

Carnegie Mellon University just released the results of tests conducted on ten of the most popular toolbars and the results are not that encouraging. In tests like these the researchers usually present the toolbars with a selection of fraudulent and legitimate web urls and see how well they do in telling the difference.

According to the research, Spoofguard performed the best at detecting fraudulent web sites but also incorrectly identified many legitimate web sites as fraudulent (known as false positives). IE7, Google, Earthlink, Netcraft and Cloudmark had very few false positives but missed around 15% of fraudulent web sites.

Four of the toolbars were unable to detect even half of the fraudulent web sites. Most surprisingly, McAfee's SiteAdvisor seemed to come out worst in the tests and was unable to identify a single fraudulent web site. Be interesting to hear what McAfee's response is.

The report also highlighted the issues of usability and human factors and concluded "Overall we found that the anti-phishing toolbars that were examined in this study left a lot to be desired."