Blog

Malware Protection In IE9

A comparison test of major browsers yielded this nugget: Microsoft’s Internet Explorer 9 proved to be the best at detecting socially-engineered malware. The test was run against Firefox, Chrome, Safari and Opera, and was conducted by NSS Labs, using malware campaigns that targeted European users during the month of April.

Another, similar test was performed during Q3 of 2011, testing against malware targeting users around the globe. Results if this later test were the same – IE9 performed drastically better than Chrome 12, Firefox 4, Safari 5 and Opera 11.

IE9 makes use of what Microsoft calls the SmartScreen Filter, which does a couple of things. First off, it offers Anti-phishing protection. Microsoft’s Phishing FAQ says that the SmartScreen filter analyzes pages as you surf, determining whether they display any suspicious characteristics. If any are found, you are alerted with a yellow warning, an d are advised to proceed with caution. If a site URL matches a list of reported phishing sites, you get a red warning notice that the site has been blocked for your safety. This is referred to as URL Reputation, and was introduced in IE8.

The next feature is called Application Reputation, and is new in IE9. This is to “remove all unnecessary warnings for well-known files, and show severe warnings for high-risk downloads.” It works with Download Manager, automatically blocking any potentially risky downloads and alerting you to this. You get a notice that allows you a choice of Delete, Run or Save the file in question, once you’ve made that decision. Applications known to be malware are blocked, and applications recognized as being non-problematic are passed. Apps with no reputation are treated with suspicion – the user can run it, but has to actively permit the app to run.

These features work with embedded links in emails as well as when browsing directly. The entire SmartScreen feature can be switched off from within IE, but is enabled by default and Microsoft advises keeping it enabled.