As part of the Windows 10 “November update,” both Microsoft Edge and Internet Explorer 11 include a new version of SmartScreen, the website filtering tool that Microsoft first launched with IE7. SmartScreen now protects against drive-by attacks, which attempt to silently install malware by exploiting known PC software vulnerabilities.
Typically, a drive-by attack directs users from a trusted (but compromised) website to another malicious page. This page will then use an “exploit kit” to scan the user’s PC for vulnerabilities in other programs, such as Flash, Java, or Word, and will take advantage of whatever hasn’t been patched yet. The problem, as Microsoft notes, is that these exploit kits are moving faster than ever to take advantage of newly-discovered vulnerabilities. In 2015, there were five cases of exploit kits attacking vulnerabilities on the same day that patches arrived, the hope being that most users hadn’t yet secured their software.
With the update to SmartScreen, Edge and Internet Explorer 11 can prevent these attacks before the page even loads. The service creates a small cache file that’s periodically updated with information on emerging attack sources, drawing on data from Bing, browsing activity, and other anti-malware tools. Users who land on a malicious site will see a red warning screen. An option to continue onward to the suspect page is buried under a “more information” link.
Overall, the system sounds similar to Google’s Safe Browsing tool, which has been part of the Chrome browser for a few years now. But Microsoft does have one neat feature, which is the ability to block individual frames within a webpage. Given the how many times malicious advertising has appeared on major websites, this could be a big help to users who aren’t blocking ads entirely.
Why this matters: Unlike the system-wrecking computer viruses of yesteryear, drive-by attacks are insidiously silent, and may attempt to steal sensitive data without users even knowing they’ve been compromised. Fortunately, it seems Microsoft now has enough data points to take a proactive measures against these attacks, even when users haven’t patched vulnerabilities in their other software.