Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Microsoft Internet Explorer Security Windows

Microsoft Extends SmartScreen To Foil Malvertising and Exploit Kits (windows.com) 48

itwbennett writes: With the latest update for Windows 10, Microsoft has extended SmartScreen to block drive-by attacks in Microsoft Edge and Internet Explorer 11, the Microsoft Edge Team said Wednesday in a blog post. The new capability is based on the security intelligence that Microsoft receives from multiple products such as Microsoft Edge, Internet Explorer, Bing, Windows Defender and the Enhanced Mitigation Experience Toolkit (EMET). Thanks to this data, which includes behavioral telemetry, SmartScreen can even detect attacks that exploit zero-day vulnerabilities, according to Microsoft. The company is also revoking trust for a bunch of certificate authorities starting in January.
This discussion has been archived. No new comments can be posted.

Microsoft Extends SmartScreen To Foil Malvertising and Exploit Kits

Comments Filter:
  • by Anonymous Coward

    MS has done well with having the web browser run in a low security context, but it might be good to take a step further than that and have the browser run from in its own VM or container, with limited access, such as a subdirectory of the Downloads directory or similar, so the browser is not just with a lower security context, it has a completely different filesystem than the user. Tab/window separation would be important as well, similar to how Google Chrome runs each tab in a separate process.

  • as Smoke Screen and Tin Foil.

  • by fahrbot-bot ( 874524 ) on Friday December 18, 2015 @05:06PM (#51146205)

    Personally, I only use IE at work to access internal sites that require it. When browsing the real Intertubes - either at work or home - I use Firefox with NoScript and several other Add-Ons that help keep me protected and private and in control of my browsing experience - or, at least, I believe relatively much more so than IE can.

    • Well, actually you can do a type of NoScript using group policy and kill bits for all corporate IE users. The central management of IE makes it ideal for our corporate environment. Instead of allowing any user to add any exception they want, we have a process by which we will vet the exception case and add it to a global allow list.

      We, of course, do not allow Flash or Java to be invoked in the browser and we use the Intranet, Trusted and Internet zone profiles built into IE to restrict other aspects of web

  • Adblock has been blocking malvertising and all kinds of zero day exploits for ages already. It does this by blocking advertisers that don't thoroughly vet the ads they serve against fraud and malware, and also advertisers that don't accept responsibility for any damages caused by malicious ads.

  • by Striek ( 1811980 ) on Friday December 18, 2015 @05:50PM (#51146465)

    I personally have had nothing but problems with SmartScreen. The thing is so complex that nobody at Microsoft seems to know exactly how it works. I've lost count of the number of mailservers I've set up that are refused by SmartScreen, and despite numerous attempts at resolving the problem with Microsoft Deliverability Support, nothing ever gets through. Every response is a generic "We understand you have questions regarding the deliverability of your email, and therefore its content", despite information provided to the contrary, explaining that this is an IP reputation issue. They simply don't care if your company cannot send mail to their users. They really don't.

    The thing is so complex that even Microsoft's Deliverability Support team can't tell you why your mailservers mails get rejected. And worse than that, it blatantly violates RFC2821, specifically:

    6.1 Reliable Delivery and Replies by Email

          When the receiver-SMTP accepts a piece of mail (by sending a "250 OK"
          message in response to DATA), it is accepting responsibility for
          delivering or relaying the message. It must take this responsibility
          seriously. It MUST NOT lose the message for frivolous reasons, such
          as because the host later crashes or because of a predictable
          resource shortage.

          If there is a delivery failure after acceptance of a message, the
          receiver-SMTP MUST formulate and mail a notification message. This
          notification MUST be sent using a null ("") reverse path in the
          envelope. The recipient of this notification MUST be the address
          from the envelope return path (or the Return-Path: line). However,
          if this address is null (""), the receiver-SMTP MUST NOT send a


    SmartScreen will silently drop emails, even after accepting them for delivery. Their postmaster website then tells you that you are required to be RFC2821 compliant.

    SmartScreen is a joke. Its filtering policies are far too agressive, and if it decides to drop your emails, you're SOL. Believe me, I've tried to get through to them. Too many legitimate emails are silently dropped / marked as spam, and too much spam gets through (IMHO). My advice for Microsoft to improve SmartScreen is this - You do not own the email system. Design your mail system to work well with others. Tell postmasters why their mail is not being delivered, and offer effective remedies. As long as their filtering system silently drops emails with no notification of why, and their deliverability support people can't help, their mail system will remain a joke.

    I gave up on SmartScreen ages ago. I now route all mail destined for Microsoft domains through Amazon SES. It's far less hassle than getting Microsoft to actually accept the message.

  • MAAAAAAAAYBE they should go specifically after the ad networks hosting the "we're microsoft, your computer is broke, call us" scam ad networks instead of drive by download malware, which is barely even a thing anymore. You know, since the scammers are PRETENDING TO BE THEM, you would think they'd care.

Information is the inverse of entropy.