Microsoft News Security

Microsoft’s Smart Screen Now Protects You From Drive-Bys

Microsoft
Share on Facebook
Tweet about this on TwitterShare on Google+Share on StumbleUponShare on LinkedInPin on PinterestShare on Reddit

Microsoft’s Windows 10 platform definitely has many things to recommend it, not the least of which are the all too frequent updates. In fact, only last month, the company injected the all too new platform with some goodies that include a significant new security addition.

Today, the company talked about the additions to smart screens — as part of the new update — and how the feature adds another layer of security to web browsing.

Initially released with the Internet Explorer 7, the smart screen is a security feature that began by protecting users from phishing and malware. Its scope was later expanded to include deceptive ads and scam sites as well and according to Microsoft,

SmartScreen has protected users from billions of web-based attacks in the last 8 years.

Well, with the Microsoft’s latest Windows 10 update, the smart screen has gained the additional capability to fend off drive-by attacks in Microsoft Edge and Internet Explorer 11.

First off, lets take a look at what a drive-by actually is. Well in movies and Games a drive-by is when a person drives by someone else and takes a shot at them with a gun. In the terminology of the web however it is something quite different, albeit somewhat equally damaging to the health of your computer.

In terms of the web, a drive by is a type of attack that takes place while you are on a trusted website. What makes these attacks even more dangerous though, is the fact that they require absolutely no effort on your part. So no clicks, no downloads, nothing and bam! Your computer is infected with some nasty virus or such.

As for how something like this can happen, here is what Microsoft says.

Drive-by attacks make use of services known as exploit kits(EKs) to scale effectively. These are tools that first check your PC for software vulnerabilities (tracked publicly asCVEs) and then try to exploit them. The vulnerabilities can be either newly discovered ones – also known as 0-days – or ones that have already been fixed in popular software.

Alright. So how does Microsoft’s smart screen tackle the problem? Well, the company draws upon the vast resources at its disposal, and uses the data collected from Edge, IE, Bing, Windows Defender along with the Enhanced Mitigation Experience Toolkit to block the attacks in the browser itself.

All these efforts have led to something that may just have surprised Microsoft itself. During the test phase, the smart screen was detecting and countering attacks that were 0-day, that is, which were not part of the original database of attacks.

The threat, broadly referred to as the HanJuan EK, was detected by SmartScreen’s exploit intelligence systems. As we dug into the data, we discovered the attack was actually leveraging a new 0-day exploit in Adobe Flash player, meaning that Smart Screen intelligence systems were detecting this attack even before it was identified as a new 0-day exploit.

Talk about intelligent security systems. This is probably a first even for them.

Also, there a couple of other things that warrant a mention in this connection. First off, these attacks need to be avoided before your webpage even loads, hence the “You cant go any further” security page.

So to avoid adversely impacting the performance of your browser, Smart Screen uses a small cache that is updated from time to time by your browser and helps keep you protected by ensuring that calls to the service are made only if the page you are visiting is very likely to contain something unpleasant. In this condition, you are going to see a red warning page and will not be allowed to browse any further.

Secondly, while the presence of malicious frames — unsafe ads on a wbesite for example — would in the past, have kept you from browsing at all, thanks to the new update, you can interact with the rest of the webpage while the potentially unsafe parts will be blocked.

While you can choose to report a content as safe or even bypass the warning entirely to go to the website, Microsoft strongly advices against the latter.

You can expand the More Information link on the Smart Screen warning page to report a site as safe to Microsoft or to bypass the warning– though we highly recommend that you don’t bypass it. For warnings shown in frames, you can click the Unsafe Content badge in the address bar.


 

A bibliophile and a business enthusiast.

[email protected]


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *