14 DAY TRIAL // It’s somewhat to be expected of Microsoft to build additional mitigation layers into the next major iteration of Windows, and it appears that one extra security mechanism has been confirmed for Windows 8 on top of what’s available by default today in Windows 7.
Softpedia readers might remember that in late 2010 I began writing a series of articles designed to outline some of the items on my Windows vNext wish list.
“Windows 8 Feature Wish List Item: App Blacklisting” is just one such article, which continues to be live (read it via this link).
In the piece mentioned above I argued the need for an application blacklisting mechanism in Windows 8.
At the time, it was clear to me that Microsoft needed to do something more than just provide the User Account Control to customers in order to block malicious software or malformed code from running on Windows.
UAC is certainly an extremely useful tool as far as I’m concerned, but it can’t really block malware from infecting a Windows PC if the user absolutely wants to run it, bypassing the mitigation.
As such, an app blacklisting mechanism would effectively help protect customers not only against malicious downloads but also against themselves.
According to Long Zheng, Microsoft has integrated SmartScreen file checking into Windows 8’s Windows Explorer, providing similar functionality to what’s already available today in Internet Explorer 9 (IE9) with SmartScreen Application Reputation feature.
“SmartScreen Application Reputation is a groundbreaking browser feature that uses reputation data to remove unnecessary warnings for well-known files, and show more severe warnings when the download shows a higher risk of being malicious,” Microsoft reveals.
“Users today are conditioned to ignore the generic warnings that are shown for every download, such as: "This file type can harm your computer. Are you sure you want to run this file?" This same warning is displayed whether the file is an extremely common program or a piece of malware created minutes ago.
“Other browsers leave it up to the user to decide if a program is safe to download and run from the Internet. Internet Explorer 9 is the only browser that uses application reputation to help users make safety decisions.”
My best guess is that Windows 8’s SmartScreen filter will function much in the same manner as that for IE9.
Customers will have two options at their disposal, to “Use SmartScreen Filter to check files” and to opt for “Never run downloaded programs that are unknown to SmartScreen.”
I see to immediate benefits to Windows 8’s SmartScreen. First off, SmartScreen can act as a whitelist mechanism for Windows 8 applications.
This means that known, properly signed programs downloaded from trusted sources, let’s say, a copy of Internet Explorer, can run without any additional security checks.
However, unknown and unsigned programs downloaded from untrusted sources or websites used for distributing malware, such as rogue antivirus or other types of scareware, will be blocked from running, even if victims are tricked into thinking that they are legitimate.
