Microsoft SmartScreen for Internet Explorer and now for Windows 8 too

Posted by bink on September 16 2011, 3:37 PM.

Traditional antimalware software plays a critical role in defending and remediating attacks. However, reputation-based technologies can help provide effective protection against social engineering attacks before traditional antimalware signatures are available, especially against malware that pretends to be legitimate software programs.

Windows 8 will help protect users with reputation-based technologies when launching applications as well as browsing with Internet Explorer.

Since its release, the SmartScreen filter has used URL reputation to help protect Internet Explorer customers from more than 1.5 billion attempted malware attacks and over 150 million attempted phishing attacks. Application reputation, a new feature added to SmartScreen in Internet Explorer 9, provides an additional layer of defense to help you make a safer decision when URL reputation and traditional antimalware aren’t enough to catch the attack. Telemetry data shows 95% of Internet Explorer 9 users are choosing to delete or not run malware when they receive a SmartScreen application reputation warning.

Microsoft understands that Internet Explorer isn’t the only way users download applications from the Internet, so Windows now uses SmartScreen to perform an application reputation check the first time you launch applications that come from the Internet.

In Windows 7 when launching these downloaded applications, users get the following notification:

Securtiy warning in Windows 7, which states "The publisher could not be verified, are you sure you want to run this software? Run/Cancel; This file does not have a valid digital signature that verifies its publisher....etc.

In Windows 8, SmartScreen will only notify users when you run an application that has not yet established a reputation and therefore is a higher risk:

Security warning in Windows 8 Developer Preview, which states "Windows protected your PC; Windows SmartScreen prevented an unrecognized program from starting. Running the program might put your PC at risk. And two buttons: Run Anyway, or Don't Run.

The user experience for applications with an established reputation is simple and clean: users just click and run, removing the prompt users would have seen in Windows 7.

SmartScreen uses a marker placed on files at download time to trigger a reputation check. All major web browsers and many mail clients, and IM services already add this marker, known as the “mark of the web,” to downloaded files.

Microsoft expects average users to see a SmartScreen prompt less than twice per year and when they do see it, it will signify a higher risk scenario. Telemetry data shows 92% of applications downloaded via Internet Explorer 9 already have an established reputation and show no warnings. The same data shows that when an application reputation warning is shown, the risk of getting a malware infection by running it is 25-70%. And SmartScreen has administrative controls to prevent the non-techie friends or children from ignoring these warnings.

Here’s a video that shows you Windows Defender and SmartScreen URL and application reputation in action:

High quality MP4 | Lower quality MP4