| By Robert Vamosi |
Microsoft is claiming success with a feature in IE 9 that aims to quash malware hidden in application downloads.
But false positives and false digital certificates keep the feature from being perfect.
So many dangerous downloads await you
A May 17 MSDN blog reported that one of every 14 downloads is malicious. That’s an alarming statistic, but of course there’s much more to the story.
Since Internet Explorer 7, Microsoft has been flagging known phishing sites. With IE 8 came SmartScreen, an enhancement that added the ability to block sites known to contain malicious software. IE 9 added SmartScreen Application Reputation, which goes one step further and attempts to block malicious downloads. Microsoft says, “Since the release of IE 8, SmartScreen has blocked more than 1.5 billion attempted malware attacks.” That’s roughly 2 to 5 million attacks per day.
Internet Explorer 9 SmartScreen and MSE
On the surface, that statistic sounds about right. In the blog, Microsoft cites an unnamed Trojan the company claims was downloaded hundreds of thousands of times — but none of Microsoft’s IE 9 users got infected. Microsoft said its SmartScreen Filter stopped the Trojan within the first hour, whereas the antivirus products took another 10 hours to create the first antivirus signature.
In my May 19 In the Wild column, I stated that Microsoft Security Essentials lacks the necessary heuristics to block new malware before a new signature file can be produced. Perhaps Microsoft is assuming that everyone using MSE is using IE 9 and not some other browser. In the May 17 blog, Microsoft states confidently, “99 percent of IE 9 users who clicked to download this malicious program chose to delete or not run the program from the Application Reputation unknown-program warning.”
Perhaps it’s unfortunate that fewer and fewer people use any of the IE versions (as Woody Leonhard reported in his June 9 story, “Internet Explorer loses market share rapidly”) as their primary browser, but of those people who do, only the IE 9 users can be counted in this impressive-sounding percentage.
Symantec offers Norton Download Insight
Microsoft is not the only security company tracking the reputation of downloads. Symantec first introduced similar technology in its Norton Security products in 2009. Norton Download Insight looks at download applications that have been blocked by Norton subscribers worldwide. If you’re using any of the major browsers (Chrome, Firefox, IE, or Safari), Norton immediately displays a screen that says whether the downloaded file has a good reputation (i.e., is unlikely to be malicious).