Windows 8.1's SmartScreen technology makes for happy CAMPers
The biggest threat to any operating system is malicious code gaining access to it. Whilst the User Account Control (UAC) introduced in Vista went some way towards guarding against this, many people found it so annoying that they turned it off.
Since most attacks arrive via the browser, Microsoft's introduction of SmartScreen Application Reputation technology in IE9 was a much more significant step. App Rep is a form of content agnostic malware protection (CAMP) and aims to prevent the execution of malware by barring any applications that aren't explicitly trusted. With the launch of Windows 8 SmartScreen App Rep was extended beyond IE to protect the operating system as a whole.
A new report by NSS Labs looking at the pros and cons of this technology finds that it offers a significant amount of protection against social engineering malware (SEM) attacks that try to trick users into downloading or executing a malicious file.
In terms of browser protection -- testing of App Rep in Windows 8 is still limited -- Internet Explorer and Chrome (which uses similar technology) have a strong track record at preventing SEM attacks. Adding it to 8.1 therefore improves protection for people who choose not to use a CAMP-enabled browser. The downside is that App Rep can block downloads of newer programs until Microsoft has determined that they're 'safe'.
NSS also highlights the danger of App Rep leading to a false sense of security as it doesn't protect against other forms of exploit delivery.
Security researcher Nadim Kobeissi additionally found that Windows 8 App Rep reports to Microsoft the file name of every application that’s downloaded, along with the IP address of the system that downloaded it, which raises some understandable privacy concerns.
Overall whilst CAMP is successful at blocking SEM attacks it doesn't remove the need for layered protection including sandboxing and behavior detection in order to offer effective security.