Skip to main content

Microsoft: 1 Out of 14 Downloads is Malware

Tuesday Microsoft said that IE8 and IE9 actually block between 2 and 5 million attacks each day thanks to the built-in URL-based SmartScreen filter. Even more, 1.5 billion attempted malware attacks have been thwarted since the launch of SmartScreen in the older IE8 browser.

But clearly that's not enough, and in IE9, Microsoft has now added another layer of defense against socially engineered attacks that looks at the application poised to be downloaded by the user. Called Application Reputation, the extra line of defense will be an addition to the current URL-based SmartScreen protection. Essentially the browser will check out the web site's URL first, and then determine if the desired file has been downloaded by other users, and if it has any record of carrying suspicious baggage.

"Using reputation helps protect users from newly released malware programs - pretending to be legitimate software programs - that are not yet detected by existing defense mechanisms," said Jeb Haber, Program Manager Lead, SmartScreen. "Reputation also enables IE9 to remove unnecessary warnings for downloads with an established positive reputation. Both publishers and individual applications build reputation. For example, a digitally signed application from a well-known publisher that has been widely downloaded has a better reputation than an unsigned application that has not yet been downloaded widely and has just been posted on a newly created Web site."

"From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware," Haber added although that figure only applies to Internet Explorer.

The new Application Reputation process seems to be working. Haber said that Application Reputation warned IE9 users of a malicious program central to a very large-scale malware attack the very moment it hit the Internet (at Hour 0). Traditional URL-blocking and anti-virus protection updates didn't kick in until Hour 11, yet thanks to the new Application Reputation warning, 99-percent of IE 9 users chose to delete or not run the program beforehand.

"In this attack, IE9 Application Reputation interrupted the deception of the attack (which was otherwise very convincing) and most users were able to make a great decision on their own," Haber said. "This outcome is exactly why we built SmartScreen Application Reputation into IE9. 99-percent of users were able to avoid the infection."

  • tychoblu
    Just fixed a computer that took me three weeks to rid of viruses. Then got a complaint that 2000 of the teenager's itune songs were missing. Didn't get a thanks for the 700 I saved.
  • NapoleonDK
    1 percent of IE9 users involved in the study clicked OK to download the suspicious file...just to spite the annoying Application Reputation filter! XD
  • NapoleonDK
    tychobluJust fixed a computer that took me three weeks to rid of viruses.Weeks? D: Explain me that! O.O
  • or as i like to see it 13 out of 14 folks are plain stupid......
  • Gamer-girl
    I use a chrome addon called WOT pretty much does the same thing plus more

    it really useful for the not so technically inclined and the click happy friends and family lol
  • tychobluJust fixed a computer that took me three weeks to rid of viruses. Then got a complaint that 2000 of the teenager's itune songs were missing. Didn't get a thanks for the 700 I saved.
    WOW, simple one there, remove HDD scan from stand alone Virus removal machine ( Fully Updated Windows 7 install within VM with all the bells and whistles for nasty Removals)

    Once files clean Replace HDD or back up User files, and Re-Install Windows, 1 day max!
  • mister g
    Dang, it took Microsoft this long to add such a system? The Norton security software provided by Comcast had this since last year!
  • legacy7955
    Wow it is actually a PLEASURE to read comments here on Tom's. It seems like there still are a remnant of people in the world that have intelligence, a sense of responsibility, and common sense too. It gives me some renewed faith that humanity is not completely doomed.

    I agree that 99% of preventing malware and virus infections is using your COMMON SENSE when browsing and down loading files from the net.

    Sure it isn't kewl to say it today, but LEARNING and EDUCATION is GOOD.
  • zkevwlu
    1 out of 14 people is a moron who thinks videos and music might come in the form of an .exe file and clicks on that flashy button that says "Download Free Paris Hitlon Sex Tape Now!!".

    People like that deserves to have their computers wrecked. I wish companies would stop implementing security features that enables ignorance and stupidity. Without that safety net maybe people will finally start to think twice before wandering onto the Internet like headless chickens.
  • damianrobertjones
    14 out of 14 people STILL RUN AS ADMIN!

    Come on guys and gals, when fixing these machines, give them back the shiny thing with two accounts, one called security (with password) and one account called 'family' (etc, with password). Security account is full admin and Family is a standard user. They will still infect themselves but at LEAST it's another easy to setup, obvious option.

    You run as admin, so does anything else you click on. "Warning, your pc is infected, click yes to trash your pc, even though you've heard about it, read about it, seen it, still click yes"