Microsoft updates SmartScreen to help keep 'drive-by' attackers at bay

Mark Coppock

Internet security remains a hot topic, and likely always will as technology continues to become ever-more entwined in our personal and professional lives. Microsoft understands this and continues to update its various platforms with new and enhanced security capabilities. The Microsoft Blog announced today that it’s updating the SmartScreen technology that works inside of Windows 10 and Microsoft browsers to protect against drive-by attacks.
First, what exactly is a drive-by attack? Microsoft has a description handy:

Drive-by attacks are malicious web attacks that tend to start on trusted websites, targeting security vulnerabilities in commonly used software. What’s more, they often don’t require any user interaction – so there’s nothing to click, nothing to download – and infection is usually invisible.
Drive-by attacks make use of services known as exploit kits (EKs) to scale effectively. These are tools that first check your PC for software vulnerabilities (tracked publicly as CVEs) and then try to exploit them. The vulnerabilities can be either newly discovered ones – also known as 0-days – or ones that have already been fixed in popular software. Over the past year, we’ve seen EKs moving faster to target vulnerabilities in apps with available patches, while also exploiting 0-day vulnerabilities more frequently as well.

Trends in time-to-exploit
Recent trends in how long it takes for CVEs to be exploited.

The concept behind SmartScreen is to prevent these threats before a machine is infected, with or without an available patch. This means catching drive-by attacks before the parsing and rendering of web content–precisely what SmartScreen has evolved to accomplish. Performance is maintained by the use of caching and limiting SmartScreen calls to only those instances where malicious content is a high probability.
SmartScreen Warning Page
SmartScreen makes it quite obvious when there’s something malicious going on.

Also, SmartScreen can notify when a frame has malicious content, rather than entire pages as in past iterations. This avoids implicating a host web page when only an embedded frame is infected.
SmartScreen malicious frame warning
SmartScreen can let you know when a frame contains malicious content while leaving the rest of a page alone.

Of course, ongoing reporting is vital to security improvements, and Microsoft has a number of ways to provide feedback:

– Microsoft Edge on Windows 10. Tap or click the More menu, choose Send feedback, and then choose Report unsafe website.
– Internet Explorer 11 on Windows 10. Tap or click the Tools button, point to Safety, and then choose Report unsafe website.

Follow @MSEdgeDeve on Twitter to keep up with Edge enhancements and interact directly with the team, and we’ll continue to keep you update on improvements.