Microsoft: IE9 security warnings cut malware threat 95%
Since 2008, Microsoft has included a reputation-based anti-phishing and anti-malware tool in Internet Explorer called SmartScreen Filter. In IE9, the latest version of Microsoft's browser, SmartScreen got a bump in functionality and began to check the reputation of applications as well. Today, the IE9 security team released some interesting data culled from all of SmartScreen's app reputation queries.
According to the team, 1 in 14 programs that are downloaded are later determined to be malware, and in most cases, the malicious software was installed as a result of good old fashioned social engineering.
When a piece of malware is new, it is unsigned and has no reputation, so when an IE9 user attempts to download it, SmartScreen Filter will give an "Unknown Program" warning. The team says clicking through this warning carries a 25%-70% risk of malware infection.
It appears, however, that the way the IE9 team has constructed this warning has generally led users to not click through. The team said today that 95% of the time, IE9 users will choose to delete or not install a piece of malware because of this warning.
Moving forward, they project it will contribute to the blockage of 20 million attempted infections per month, while only yielding 2 warnings per year for the average user.
Last April, Google announced it would be adding the same sort of anti-malware warnings to Chrome based upon its Safe Browsing feature. This feature is built into Chrome 12, which was just updated in the beta channel on Monday. In all likelihood, this will be the version of Chrome we'll be using on our Samsung Chromebook in the near future.