14 DAY TRIAL // With Internet Explorer 9, Microsoft has adopted the ‘less is more’ model when it comes down to the security feature designed to alert users that the file they are downloading might be malicious. IE9 is the exponent of a key change in tactics, which involves less empty warning "This type of file may harm your computer" associated with downloaded files, while protecting users more by increasing the relevance of alerts.
This is done through the SmartScreen Application Reputation feature. As of earlier this week, the Redmond company has enabled the SmartScreen application reputation service, and is now encouraging early adopters to start testing the new and improved download protection of IE9.
“With IE9 we looked at ways to improve our malware protection overall and the experience consumers have with downloads,” revealed Ryan Colvin, Program Manager, SmartScreen.
“We had two primary goals in mind to help consumers make better trust decisions when downloading programs from the web:
•Show more useful warnings when a program is a higher risk
•Reduce the number of generic, unhelpful warnings consumers see when downloading programs"
“In analyzing software downloads actively in use on the internet today, we found that most have an established download footprint and no history of malware."
“This was the genesis of SmartScreen application reputation. By removing unnecessary warnings, the remaining warnings become relevant.”
The software giant estimates that users will see only a few warning a year from Internet Explorer 9, and those alerts will be relevant to them compared to their current experience.
IE8 for example is designed to present a new warning for every download, a move which has desensitized users almost completely, to the point where they ignore the alerts altogether, even though some files they put on their PCs might be malicious in nature.
“The importance of application reputation is as an early warning system,” Colvinsaid.
“There is latency between the outbreak of an attack and when it is detected and blocked. Consumers today are unprotected during that time. "
“Think of this new warning as “stranger danger” – it’s an early warning system for undetected malware".
“No antivirus or protection technology is perfect; it takes time to identify and block malicious sites and applications."
“Blocking after detection is still an important strategy, but there remains a gap between the start of an attack and when it is detected and blocked. IE9 SmartScreen application reputation fills that gap.”
IE9 SmartScreen Application Reputation can be switched on by navigating to the Tools Button, Safety, Turn on SmartScreen Filter menu item. Here users need to select Turn on SmartScreen Filter.
IE9 sends some information on every download to a Cloud application reputation service. According to the software giant this info consists of the file identifier and the publisher of the app, provided that it is digitally signed.
IE9 will automatically give green light to downloads of files with an established reputation, but will block the download in the eventuality that the file has been reported as malicious.
“If the file does not have an established reputation, IE lets you know in the notification bar and download manager, enabling you to make an informed trust decision,” Colvin added.
Microsoft has also set up two files where users can test the new SmartScreen Application Reputation feature in IE9.
First off they will need to download Internet Explorer 9 and make sure that SmartScreen Application Reputation is enabled. Next they can download an application with established reputation: freevideo.exe, or a file with the exact same name, but with unknown reputation: freevideo.exe.
The reputation rating that Microsoft slaps on files is based on a variety of criteria, from download traffic, to download history, past antivirus results and URL reputation.
“Not all uncommon programs are malicious, but the risk in the unknown category is significantly higher for the typical user.
Application reputation is intended to provide context and guidance for those who need it, especially if the warning is unexpected. Like SmartScreen in IE8, this is an opt-in service and can be easily disabled in the Tools menu, but this is not recommended,” Colvin said.
Internet Explorer 9 (IE9) Build 9.0.7930.16406 is available for download here.