Internet Explorer 9: Protection from Socially Engineered Attacks with SmartScreen URL Reputation

This blog post discusses how Internet Explorer 8 and Internet Explorer 9 can help protect users from the third class of attacks: Social Engineering.Socially-engineered Attacks take advantage of a user's trust by convincing the user to take an action that compromises their computer and/or data. This could involve tricking a user into entering their private […]

This blog post discusses how Internet Explorer 8 and Internet Explorer 9 can help protect users from the third class of attacks: Social Engineering.

Socially-engineered Attacks take advantage of a user's trust by convincing the user to take an action that compromises their computer and/or data. This could involve tricking a user into entering their private information into a convincing phishing page or running a program that infects their computer.

In both IE8 and 9, SmartScreen Filter provides protection against socially engineered malware and phishing attacks.

IE9 also introduces a new approach to socially engineered malware protection and a new layer of safety called SmartScreen Application Reputation. URL Reputation and Application Reputation together provide significantly improved protection against socially engineered attacks.

IE9: SmartScreen Social Engineered Malware

It accomplished this by greatly reducing the number of unnecessary warning prompts while warning users only when they're about to run a downloaded program more likely to be malicious. At this point, the user can either explicitly run the program or they can decide to delete the downloaded immediately. "We found that the warning is working extremely well to help users make better decisions:

  • 90% of IE9 Beta and RC users were never shown a warning because they downloaded only reputable programs.
  • Between 20% and 40% of downloaded files that don't have established reputation are eventually classified as malicious. These're malware downloads that've managed to bypass all existing solutions and would likely be run by users if not warned.
  • 95% of previously undetected malware is deleted by users when presented with the App Rep warning," revealed Ryan Colvin.

[Source]