The Internet Explorer security team has uploaded a blog post detailing the new Application Reputation functionality in IE 9, which helps protect users from undetected malware masquerading as legitimate executable downloads, while also removing unnecessary warnings when a download has an established reputation.
Through the SmartScreen Filter, IE has been effective at blocking socially engineered malware attacks and malicious downloads – IE blocks between 2 and 5 million attacks a day for IE8 and IE9 customers. Since the release of IE8, SmartScreen has blocked more than 1.5 billion attempted malware attacks. IE is still the only major production browser to offer this kind of protection from socially engineered malware.
IE9 adds another layer of defense against socially engineered attacks that now looks at the application being downloaded - this is in addition to the URL-based protection described above. This new layer of protection is called SmartScreen Application Reputation. When it comes to program downloads, other browsers today either warn on every file or don’t warn at all. Neither of these approaches helps the user make a better decision. Application Reputation also addresses a limitation present in all block-based approaches that happens at the beginning of new attacks, before a Web site or program has been identified as malicious.
Using reputation helps protect users from newly released malware programs - pretending to be legitimate software programs - that are not yet detected by existing defense mechanisms. Reputation also enables IE9 to remove unnecessary warnings for downloads with an established positive reputation. Both publishers and individual applications build reputation. For example, a digitally signed application from a well-known publisher that has been widely downloaded has a better reputation than an unsigned application that has not yet been downloaded widely and has just been posted on a newly created Web site.
Early Results: Reputation Informs Better Consumer Decisions
We see two main patterns:
- Dramatic reduction in malware infections for IE9 users
- Streamlined experience that warns only when the risk is high
Safer Is Beautiful
SmartScreen Application Reputation is protecting consumers every day.
Be sure to check out the original post for the full story.