Heed the Warnings

   Web browsers have significantly improved their ability to protect users from attackers, particularly when it comes to downloading Trojans {Chapter 2 Security+ 3ed} and similar malware.  Recently Microsoft published statistics regarding its Internet Explorer (IE) browser protections.

   IE7 and IE8 use what is called the SmartScreen filter, which looks at the URL to determine if the file comes from a suspicious source.  IE9 adds SmartScreen Application Reputation.  This feature, for example, will mark a file from a well-known publisher that has been digitally signed as a lower risk than one that has not been signed, is not widely downloaded, and was posted on a newly-created Web site (red flags that may indicate malware).  Microsoft claims that it blocks between 2 and 5 million malware downloads for IE8 and IE9 users daily for a total of over 1.5 billion.  

   Yet what's surprising is the number of users who ignore the warnings.  When IE displays the warning message "xxx.exe is not commonly downloaded and could harm your computer" about 5% of users continue with the download anyway.  Those that ignore the risk run a chance from between 25% to 70% that the file will be malware.  And Microsoft says that 1 out of every 14 downloads today is malware.

   With those numbers, it's good to heed those warnings.

   You can read the report at http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-174-application-reputation-in-ie9.aspx.

   Stay secure!

http://community.cengage.com/infosec