Microsoft SmartScreen is a phishing and malware filter implemented in several Microsoft products including Internet Explorer, Microsoft Edge, Hotmail, and the Windows operating system. It is designed to help protect users against attacks that utilize social engineering and drive-by downloads to infect a system by scanning URLs accessed by a user against a blacklist of websites containing known threats.
SmartScreen in Internet Explorer
SmartScreen was first introduced in Internet Explorer 8. When enabled, the system checks web pages against a list of sites known not to be potential security risks. If SmartScreen does not encounter a match, it automatically displays a warning message before allowing access to sites that have been identified in that way to be potential security threats; such as those that could infect the system with malware or be a phishing scam. In July 2010, Microsoft claimed that SmartScreen on Internet Explorer had ample of sites from April 2011 containing malware, Internet Explorer 8 and SmartScreen had an average block rate of 90%, as opposed to the 13% achieved by Firefox, Chrome, and Safari; which all use a malware filter provided by Google. Internet Explorer 9 achieved an average block rate of 100% on the same test. The SmartScreen filter was also noted for quickly adding legitimate sites to its blocklists almost instantaneously, as opposed to the several hours it took for blocklists to be updated on other browsers.
In July 2010, Microsoft claimed that SmartScreen on Internet Explorer had blocked over a billion attempts to access sites containing security risks.
Users cannot report phishing URLs via an online form. Rather, users must click the suspicious URL and visit the website using Internet Explorer's "report this website" feature. This exposes the user to drive by downloads or other malicious content in order to report the phishing website. Users cannot use Google's Chrome, Mozilla's Firefox, Apple's Safari, Opera or other web browsers to report phishing URLs to Microsoft.
SmartScreen filters can be bypassed. Some phishing attacks use a front-end URL that is published in the phishing email sent to users. Once clicked, the front-end URL redirects the user to a second site. The "report this website" option in Internet Explorer only reports the currently viewed page. The front-end URL in the phishing attack cannot be reported to Microsoft and the phisher can continue to redirect to other URLs.
SmartScreen Filters also create a problem for small software vendors when they distribute an updated version of installation or binary files over the internet. Whenever an updated version is released, SmartScreen responds by stating that the file is not commonly downloaded and can therefore install harmful files on your system. A common distribution trick to bypass SmartScreen warnings is to pack the installation package (Setup.exe) into ZIP-archive and distribute it that way. While this method works for power users, it only serves to create additional confusion for less than advanced users.
SmartScreen in Windows 8
Windows 8 introduced SmartScreen filtering at the desktop level, performing reputation checks by default on any file or application downloaded from the Internet. Microsoft faced concerns surrounding the privacy, legality and effectiveness of the new system; suggesting that the automatic analysis of files (which involves sending a cryptographic hash of the file and the user's IP address to a server) could be used to build a database of users' downloads online, and that the use of the outdated SSL 2.0 protocol for communication could allow an attacker to eavesdrop on the data. In response, Microsoft later issued a statement noting that IP addresses were only being collected as part of the normal operation of the service and would be periodically deleted, that SmartScreen on Windows 8 would only use SSL 3.0 for security reasons, and that information gathered via SmartScreen would not be used for advertising purposes or sold to third parties.
- Dunn, John E. (18 July 2011). "Internet Explorer 9 hammers rivals in download blocking test". InfoWorld. IDG Enterprise. Retrieved 12 September 2012.
- James, Martin (26 July 2010). "IE8 SmartScreen filter racks up a billion malware blocks". IT Pro. Dennis Publishing. Retrieved 12 September 2012.
- "SmartScreen Filter: frequently asked questions". Microsoft. Microsoft. Retrieved 21 November 2013.
- Aggarwal, Anupama; Rajadesingan, Ashwin; Kumaraguru, Ponnurangam (29 January 2013). "PhishAri: Automatic Realtime Phishing Detection on Twitter". Social and Information Networks (Cornell University). Retrieved 7 June 2014.
- Tung, Liam (16 August 2012). "Win8 SmartScreen nudges software sellers to buy code signing certs". CSO. IDG Communications. Retrieved 12 September 2012.
- Larramo, Mika. "Windows SmartScreen - Anti-Malware Protection in Windows 8". SamLogic. SamLogic. Retrieved 11 January 2013.
- Bright, Peter (25 August 2012). "Windows 8 privacy complaint misses the forest for the trees". Ars Technica. Condé Nast. Retrieved 12 September 2012.