Apple added an anti-phishing feature to Safari in the 3.1 release. Called Fraud Warning (it's in Settings->Safari->Security), the modification was released with little fanfare (or explanation), and it appears that there may be confusion about how it works.
Computerworld reported on two anti-malware researchers who had taken a look at users who had implemented the feature and found it gave inconsistent results with known malicious sites. On Wednesday, Michael Sutton, the vice president of security research at Zscaler told Computerworld "[i]t was blocking nothing." On Thursday, he said, "it started blocking some sites, for some users, but it was inconsistent. Some sites are being blocked, others are not."
Sutton noted that it appeared to be due to the fact that users were getting updates of the blacklist inconsistently. Safari uses Google's SafeBrowsing API, which provides applications access to the blacklist database that Google maintains. Sutton found different versions of the list, or none at all.
Jim Dalrymple at the Loop may have discovered the cause of the inconsistency. He sent a request for more information to Apple after hearing of users' experiences with Fraud Warning, and got the following response:
Safariís anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there arenít any additional data fees. After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone.
It's unclear if the researchers interviewed in the Computerworld piece had set up the iPhones properly. In any regard, the perception of a botched anti-malware measure is damaging in and of itself. Ideally, the details of the process should have been made more transparent from the outset.
Fortunately, those of us who are waiting to upgrade have time to educate ourselves...