Now Reading
SmartScreen Filter will now protect you from drive-by attacks in Microsoft Edge and Internet Explorer 11

SmartScreen Filter will now protect you from drive-by attacks in Microsoft Edge and Internet Explorer 11

by AshwinDecember 17, 2015

Microsoft has had a built-in security solution in Windows, since Windows 8 made its debut.
Microsoft SmartScreen protect from drive-by attacks

The feature we are talking about is SmartScreen Filter.

Originally designed and launched in the days of Internet Explorer 7, which debuted nearly ten years ago in 2006, the security feature was meant to protect users from dangerous downloads. When enabled, the option scans a downloaded file (usually executable files, .EXEs) for their online reputation.

Microsoft extended this protection to desktops in Windows 8. If it detects that no reputation is available, it may prevent the file from running on the PC.

The browser version of SmartScreen Filter does more, in that it protects the user from phishing websites by using URL reputation checks, while the application reputation checks warns the user about potential risks when downloading files.

Windows 10 comes with SmartScreen Filtering as well, and this protection system works in both of the Redmond company’s browsers, Microsoft Edge and Internet Explorer 11. users can even use a built-in option to report an unsafe website to Microsoft, which might help other users to stay safe from the dangerous sites.

SmartScreen for the Windows 10 browsers has been cranked up a notch to now protect the user from drive-by attacks.

Drive-by attacks occur without the user’s intervention, i.e., without the need for clicking the mouse on a link. Instead, the malwares infect the computer, when the user visits a website.

This is how Microsoft defines it:

Drive-by attacks are malicious web attacks that tend to start on trusted websites, targeting security vulnerabilities in commonly used software.

Basically these attacks use exploit kits to find if the PC has any vulnerable software. And in case such an insecure application is found, the malware targets it to breach the security. These can be known security issues or even 0-day attacks (zero-day). A chart showing various Exploit Kit attacks is featured in the screenshot above.

The new SmartScreen Filter has been released in recent Windows Updates. In fact, you may have observed that several of the recently released Windows Updates, including the Secutity Updates and Cumulative Patches, mention references about the possibility of remote code execution, in both the browsers, when the user visited some specially crafted webpages, which were designed to execute a malicious code.

Microsoft is advising users to update their software, browser and the operating system, as soon as security updates for the said have been released by the software vendors. This will help in reducing the chances of drive-by attacks considerably.