Microsoft’s SmartScreen Filter, the system that has been offering protection to users from internet based attacks since last 8 years has now evolved into a more powerful tool with capabilities to block web-based attacks that silently abuse software vulnerabilities to infect PCs.
Until now, SmartScreen has been offering phishing attacks and socially engineered malware to also include warnings for deceptive advertisements and support scam sites. However, with attackers finding newer ways to intrude into the PC’s, Microsoft announced that the latest Windows 10 updates, includes a beefed up SmartScreen that provides protection from drive-by attacks in Microsoft Edge and Internet Explorer 11.
Why Drive-by attacks are so lethal
Drive-by-download attacks are more lethal in destruction and a modern mode of attack that most antivirus programs are not able to detect. These malicious web attacks are commonly routed through trusted websites, targeting security vulnerabilities in commonly used software. They usually don’t require any user interaction, foxing user to believe that he or she hasn’t clicked on anything malicious to download and the PC is safe. The infection, however has already happened in an invisible mode not discovered by users.
Talking about the Drive-by attack, Microsoft mentioned on the Windows blog,
“Drive-by attacks make use of services known as exploit kits (EKs) to scale effectively. These are tools that first check your PC for software vulnerabilities (tracked publicly as CVEs) and then try to exploit them. The vulnerabilities can be either newly discovered ones – also known as 0-days – or ones that have already been fixed in popular software”.
To counter these deadly Drive-by attacks, Microsoft analyzed a broad set of data from sources like Microsoft Edge, Internet Explorer, Bing, Windows Defender and the Enhanced Mitigation Experience Toolkit (EMET) to come up with an effective tracking solution that discovers these kind of attacks as they emerge.
SmartScreen in IE11 will stop Drive-By-Downloads
In the latest Windows 10 updates, SmartScreen contains an inbuilt small cache file created by the SmartScreen service. This cache file is periodically updated by the browser to keep users protected.
If a website is detected as malicious, the user sees a red warning while the content is automatically blocked in IE or Microsoft Edge. Another improvement in the latest SmartScreen is that it blocks only those portions of the page where it detects malicious activity. The rest of the page is available for the user to interact.
So check if you have enabled SmartScreen on your Windows 10 PC’s on not? Just remember that it won’t work on older IE version in case you have been using them.