Tuesday Microsoft said that IE8 and IE9 actually block between 2 and 5 million attacks each day thanks to the built-in URL-based SmartScreen filter. Even more, 1.5 billion attempted malware attacks have been thwarted since the launch of SmartScreen in the older IE8 browser.
But clearly that's not enough, and in IE9, Microsoft has now added another layer of defense against socially engineered attacks that looks at the application poised to be downloaded by the user. Called Application Reputation, the extra line of defense will be an addition to the current URL-based SmartScreen protection. Essentially the browser will check out the web site's URL first, and then determine if the desired file has been downloaded by other users, and if it has any record of carrying suspicious baggage.
"Using reputation helps protect users from newly released malware programs - pretending to be legitimate software programs - that are not yet detected by existing defense mechanisms," said Jeb Haber, Program Manager Lead, SmartScreen. "Reputation also enables IE9 to remove unnecessary warnings for downloads with an established positive reputation. Both publishers and individual applications build reputation. For example, a digitally signed application from a well-known publisher that has been widely downloaded has a better reputation than an unsigned application that has not yet been downloaded widely and has just been posted on a newly created Web site."
"From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware," Haber added although that figure only applies to Internet Explorer.
The new Application Reputation process seems to be working. Haber said that Application Reputation warned IE9 users of a malicious program central to a very large-scale malware attack the very moment it hit the Internet (at Hour 0). Traditional URL-blocking and anti-virus protection updates didn't kick in until Hour 11, yet thanks to the new Application Reputation warning, 99-percent of IE 9 users chose to delete or not run the program beforehand.
"In this attack, IE9 Application Reputation interrupted the deception of the attack (which was otherwise very convincing) and most users were able to make a great decision on their own," Haber said. "This outcome is exactly why we built SmartScreen Application Reputation into IE9. 99-percent of users were able to avoid the infection."