Microsoft improves SmartScreen

    SmartScreen technology is a Windows security component that is used to protect the user from running suspicious executable files and visiting malicious resources. The component originally appeared for Internet Explorer 8 and allowed it to notify the user of visits to questionable resources based on a special replenished Microsoft database. Starting with Windows 8, this component has also become an integral part of the OS, increasing OS security by blocking the launch of dubious executable files.



    A few days ago, Microsoft announcedSmartScreen improvement, which is aimed at blocking attacks like drive-by download, which are so popular among cybercriminals today. This type of attack allows attackers to automatically install malware on a user's computer using an exploit when they visit a compromised website.

    For drive-by download, as a rule, an RCE exploit is selected either for the web browser itself, for example, Internet Explorer, or for a popular plug-in, for example, Adobe Flash Player, Oracle Java. The exploit can use both a zero-day vulnerability and the vulnerability for which a fix has already been issued by the vendor. Exploit kits are involved in the drive-by download implementation, which allows attackers to use not one, but several different exploits for various products and their versions.

    To avoid impacting browsing performance, SmartScreen helps protect against drive-by attacks by using a small cache file created by the SmartScreen service. This cache file is periodically updated by your browser to help keep you protected and to ensure that calls to the SmartScreen service are only made if we believe there's a high probability of malicious content on a page.

    Microsoft points out that to block SmartScreen malicious elements that are used in drive-by download, service data and telemetry data collected using various sources are used, including Edge web browsers and Internet Explorer, Bing search engine, Windows Defender defender, and also EMET.


    Fig. SmartScreen drive-by lock window on Edge web browser.

    SmartScreen is enabled by default and will also alert the user to the presence of potentially malicious frames on the IE 10.11 or Edge webpage loaded by the browser. The improvement was delivered to Windows 10 users as part of a major 1511 OS update .

    Also popular now: