14 DAY TRIAL // The SmartScreen Filter introduced in Internet Explorer 8 is the evolution of the Phishing Filter feature brought to the table with Internet Explorer 7. Designed as an extra layer of defense not only against phishing scams but also against web-based malicious code, the SmartScreen filter has also evolved since it was initially offered, as IE8 advanced through development milestones from Beta 1 to Beta 2 and now to Release Candidate. In fact, the last update for the SmartScreen filter was delivered with the advent of Internet Explorer 8 Release Candidate at the end of January 2009.
“The SmartScreen Filter plays a critical role in keeping you safe online. As we see in news reports like the one I mentioned, malware authors are constantly thinking up new ways to attempt to get their code on to your computer. We've made changes to protect our users even better by making the risks of malicious sites clearer and discouraging people from clicking past the warnings. I encourage you to turn on the SmartScreen Filter in the IE8 Release Candidate, and continue giving us your feedback,” explained Alex Glover, Software Development Engineer in Test.
The SmartScreen filter uses a database constantly updated with items that IE8 will have to keep users away from. IE8 will prevent users from downloading malware masquerading as legitimate software, once a piece of code is confirmed as being malicious in nature. As long as the SmartScreen is enabled, the feature will make use of the underlying database in order to block malware downloads by unsuspecting users.
“Generally speaking, there are two ways malicious sites can attempt to infect your computer. One way is to exploit vulnerabilities in a web browser to automatically install malware without any user interaction, also known as a drive-by download. The other way is to lure or trick the user into choosing to download and run a program that is in fact malware, as in the example above. For complete protection, we must guard against both avenues of attack,” Glover stated.
And there are various layers of defense in Windows, including DEP/NX memory protection, ActiveX security enhancements, User Account Control in conjunction with IE's Protected Mode, designed to mitigate as much as possible eventual exploits for vulnerabilities. But these security features are incapable of blocking the user from infecting the machine, unlike IE8's SmartScreen.
“A common piece of feedback on the SmartScreen Filter in IE8 Beta 2, especially from the security community, was that it's too easy for users to click through the SmartScreen blocking page and end up at a dangerous website. We've acted on this feedback in IE8 RC1 and changed the SmartScreen blocking page to better protect and inform users. We want to encourage people encountering this page to make the safe choice, and also help them find additional information,” Glover added.
Of course users can always hit the "Disregard and continue" link, and ignore the warning presented by the SmartScreen filter, but they will have to open the More Information dialog in order to go against Microsoft's recommendation. At the same time, Microsoft has also revamped the Unsafe Download Dialog box added in IE8 Beta 2.
“The new dialog has a red banner and one-line summary at the top to make the danger easy to understand at a glance. Below that, we added an explanation of what it means for a download to be unsafe. As with the blocking page, domain administrators can remove the "Disregard and download unsafe file" link using Group Policy,” Glover stated.
Internet Explorer 8 (IE8) Release Candidate 1 (RC1) is available for download here.
