Results 1 to 13 of 13
  1. #1
    Lounger
    Join Date
    Aug 2011
    Posts
    33
    Thanks
    0
    Thanked 3 Times in 3 Posts

    The SmartScreen Filter is anything but smart

    The IE8/IE9 SmartScreen Filter is destroying business reputation by falsely flagging software download links as unsafe. Microsoft, do the world a favor and let virus scanners and persons more qualified tell us what is safe ... not random and often times clueless or malicious people reporting links as "unsafe".

    A program I often recommend to friends and family was updated recently. Being a new binary, it now shows up as "unsafe" even though I've tested it and scanned to be just fine.

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    If it's merely a new file, IE would only flag it as "not commonly downloaded". Any user can still choose "Run anyway" if it's been recommended to them by a trusted source.

    Even for a file which has been flagged as unsafe, it's still possible to override the warning and continue with installation for someone who's sure what they're doing.

    IE's Application Reputation (only in IE9, not IE8) has been hugely successful at preventing malware downloads by unwary users. Where's the harm in that?

    Bruce

  3. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Note: This is not a Microsoft site. There may be Microsoft employees who see the site but that is unknown. Pleas to Microsoft should be submitted to their site.

    I agree that the SmarScreen Filter does have its limitations and faults. OTOH, it has helped make people more aware of what they are downloading and that is what it is supposed to do.

    Joe

  4. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by pcunite View Post
    The IE8/IE9 SmartScreen Filter is destroying business reputation by falsely flagging software download links as unsafe. Microsoft, do the world a favor and let virus scanners and persons more qualified tell us what is safe ... not random and often times clueless or malicious people reporting links as "unsafe".

    A program I often recommend to friends and family was updated recently. Being a new binary, it now shows up as "unsafe" even though I've tested it and scanned to be just fine.
    Unsafe just means not downloaded enough times, or unknown. You need to know what it means and it's just that what it means. As Joe stated, it helps users think twice before they go with unknown downloads. I ignore it when i choose too, but I think it is a pretty good system.

  5. #5
    Lounger
    Join Date
    Aug 2011
    Posts
    33
    Thanks
    0
    Thanked 3 Times in 3 Posts
    I understand the thought behind the system ... but it is failing in practice. The reputation of small shops are very fragile. How many times would I have to slander your name before you'd be in trouble? There is money on the line here ... it is slanderous to say a binary is unsafe when it is not. Show a different error message, "never heard of this one Joe". As is, the browser is spreading FUD.

  6. #6
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    The file FileSearchEX-Install.exe can still be downloaded with IE9 even though it is flagged as unsafe; Tools, View Downloads, right-click, Download unsafe program.
    And then it can be installed from IE9 downloads; right-click, Run anyway.

    The same file (Version 1.0.8.2, released yesterday) can also be downloaded from cnet.com, where it is only flagged as "not commonly downloaded" and can be installed by clicking Actions then Run anyway.

    I believe this file is unsigned by a certification authority. Microsoft have issued lots of advice about how to improve reputation and avoid getting flagged as potential malware:

    How Developers and Publishers Establish Reputation
    By following industry best practices, developers can accelerate the process of building a good reputation. For example, signed programs typically build reputation twice as fast as unsigned programs. We recommend digitally signing programs with an Authenticode signature.
    SmartScreenŽ Application Reputation in IE9

    Internet Explorer 9’s SmartScreen Application Reputation feature helps level the playing field. This feature uses a variety of signals to evaluate the reputation of a given download, including the download history and popularity, anti-virus results, reputation of the site it has been delivered from, and more. As a small software publisher, the best way to accumulate your good reputation and allow it to benefit all of your software is to digitally sign your code. Signing your code allows the SmartScreen Application Reputation service to recognize a program’s origins, and allow that origin information to influence the reputation of the program. Small publishers benefit the most from this. For instance, while most users have never heard of me, my freeware programs are digitally signed by my certificate, and the clean reputation for my certificate means that SmartScreen Application Reputation can identify them as non-malicious.
    Everything you need to know about Authenticode Code Signing

    Bruce
    Last edited by BruceR; 2012-02-15 at 21:23.

  7. #7
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Well guys, when ever I get that message I do with the files the same thing I do with files that are not flagged...I download them and then scan them before using them.

    I don't care who they come from they all get treated the same way.
    "If You Are Reading This In English, Thank A VET"

  8. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by pcunite View Post
    I understand the thought behind the system ... but it is failing in practice. The reputation of small shops are very fragile. How many times would I have to slander your name before you'd be in trouble? There is money on the line here ... it is slanderous to say a binary is unsafe when it is not. Show a different error message, "never heard of this one Joe". As is, the browser is spreading FUD.
    They are not slandering anyone. If you use a rating system, you should know what each rating level means. Unsafe means not downloaded by enough people to be classified as safe. It's that simple. I really can't see any slander in that.

  9. #9
    Lounger
    Join Date
    Aug 2011
    Posts
    33
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Quote Originally Posted by ruirib View Post
    They are not slandering anyone ... Unsafe means not downloaded by enough people to be classified as safe. It's that simple. I really can't see any slander in that.
    This is what IE8 shows as of five minutes ago ... I don't see how this not facilitating someone slandering this company ... "website contains links to viruses". No normal person, technical people are not typical, would download and install this program.



  10. #10
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Maybe you should try sending the files as ZIP files instead of .exe files..

    As far as I know, most .exe files are flagged as dangerous by most AV programs.
    "If You Are Reading This In English, Thank A VET"

  11. #11
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Yes, I agree, that seems much clearer. I suppose someone must have reported it, cause I have never seen such a clear warning. If you think they are wrong, they included alink to report the software as safe.

  12. #12
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Rurib, I have always had problems sending exe files.
    Either the ISP blocks them or they get removed by the recipients virus software.

    I usually re-name them with a TXT extension and tell the recipient to re-name it back to the EXE..

    That works fine for personal use but not for the problem PCunite has.
    "If You Are Reading This In English, Thank A VET"

  13. #13
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    The file in question is no longer flagged as unsafe by IE8/IE9 today, and can be downloaded and installed without any warnings, so whatever the problem was got fixed quickly.

    Bruce

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •