Windows SmartScreen - Anti-Malware Protection in Windows 8
Windows SmartScreen is a new feature that Microsoft added to Windows 8 which will help you to protect your computer against malware. The SmartScreen technology has been a part of Internet Explorer for many years, but now it has also become a function in Windows itself. In this article we will explain why and give you some other useful information about SmartScreen in Windows 8.
SmartScreen was introduced with Internet Explorer 8
The SmartScreen technology was introduced with Internet Explorer 8 (IE8), to help users to get protection against phishing websites, virus infected websites and websites that spread malware on purpose. SmartScreen is a reputation-based system, and when enabled the web browser automatically compares the URL (web address) with a list of servers that are known to be a potential security risks. If a user tries to navigate to a web address that is considered as unsafe, Internet Explorer will display a warning message in the browser, like the one in the image below:
Most users will not continue when they see this warning message, which will reduce the risk that users visit websites that contain security risks, for example viruses.
Application Reputation was introduced with Internet Explorer 9
With the release of Internet Explorer 9 (IE9), a new feature was added to SmartScreen; a reputation check will now be made on a downloaded file, even if the file has been downloaded from a safe website. This provides an additional layer of protection, and reduces a lot the risk that the computer get infected by malicious software. This new layer of protection is called SmartScreen Application Reputation, and is also included in Internet Explorer 10 (IE10).
How Application Reputation works
When you try to download an executable file, SmartScreen will make a reputation check on the file before it allows the file to be downloaded. This is done by comparing the file's download URL with a list of reported malicious software websites and with programs that are know to be unsafe. If a match is found, SmartScreen will warn you and block the download. SmartScreen will also compare the file with a list of files that are well known and downloaded by many Internet Explorer users. If the file that you want to download is not on that list, SmartScreen will inform you.
Windows SmartScreen - a new feature in Windows 8
The Application Reputation function in Internet Explorer 9 and Internet Explorer 10 gives protection against malware that are downloaded via Internet Explorer, but it will not protect the user if he/she downloads the file via another web browser. Today many surfers use Google Chrome or Mozilla FireFox (or another web browser) to browse the Internet, and in these cases the Application Reputation function in Internet Explorer will not protect the user.
Microsoft is aware of this; therefore they have included an application reputation check function directly in the Windows operating system. Windows 8 is the first Windows to have this function built-in, and the feature - called Windows SmartScreen - will check an application's reputation before it is launched. SmartScreen will make an application reputation check the first time you launch an application that was downloaded from the Internet, and a warning message is shown if the reputation is not "good enough".
If reputation is not "good enough", a warning message is shown
As mentioned above, Windows SmartScreen will make a reputation check of the application before it is run, and if the program has not yet established a "good" reputation, a warning message / notification message is shown on the screen. The message will have the title Windows protected your PC and the text Windows SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk., and look like this on the screen:
If the user presses the More info link, more information will be shown. If the application is not code signed (digitally signed), the information message will look similar to this:
Application is not code signed
If the application is code signed, the information message will look similar to this:
Application is code signed
Information for developers
Windows SmartScreen is reputation-based technology that operates on desktop level. A file's reputation will get improved with time if it have lots of successful downloads, with no malware warnings etc. You can speed up this process by code signing your application and by code signing the setup package that installs your application. And if you use the new hardware-based Extended Validation EV Code Signing method for code signing, your application and setup package can immediately establish a good initial reputation with SmartScreen even if no prior reputation exists for the application and the setup package. Also downloads from Internet Explorer 9 and 10 will be affected by this.
More articles are available from the article index page.
|Article written by: Mika Larramo|