Trend Micro Joins Sophos in Criticizing Microsoft SmartScreen Stats
Trend Micro researchers are backing up anti- from Sophos in claiming that Microsoft's recently published SmartScreen numbers are of little relevance and might actually lead to a false sense of security.
Starting with Internet Explorer 9 Microsoft has added an application reputation component to the browser's already existent SmartScreen filter.
The SmartScreen technology was originally introduced in Internet Explorer 7 as a malicious URL blocking feature and, according to the browser vendor, it has blocked 160 million phishing pages and 1.5 billion malware distribution sites so far.
Microsoft claims that IE's new app reputation filter kicks in immediately when a new attack is launched, unlike traditional antivirus signatures that start appearing after the eleventh hour.
The company says that SmartScreen warnings only appear for one in ten downloads and that one in fourteen downloaded files ultimately confirmed as malware.
Chester Wisniewski, a senior security advisor at Sophos,
expressed several concerns about the numbers released by Microsoft to outline the success of IE9's app reputation feature.
As the security expert points out, there's a big problem with these statistics. They lack comparison with other, more prevalent, web infection vectors like drive-by downloads.
Drive-by download attacks occur when websites exploit vulnerabilities in plug-ins like Java, Flash or Adobe Reader to install malware on computers. In these cases, the browser has no control over the downloads.
"While we cannot comment on the exact methodology used in Microsoft’s own tests, we have to agree with Sophos’ questioning of the rather surprising results Microsoft published," said Martin Roesler, director for threat research at Trend Micro.
Read more