Why do so many in here consider SmartScreen Filter as essential?

H

hjlbx

Demanding is not enough... that is why you have Black agencies, to do things outside the citizens knowledge.

OK... pitchforks and scythes in the street - open revolt - if that is what it takes, then people must be do it.

Put citizen agents in the Black agency agents' socks... at the barrel-end of a gun if need be...
 
D

Deleted member 178

OK... pitchforks and scythes in the street - open revolt - if that is what it takes, then people must be do it.

Put citizen agents in the Black agency agents' socks... at the barrel-end of a gun if need be...

it is what we did in France in 1789, chop the heads of the abusing royalty who deprived the commoners to have a decent life.

Now it will be harder, they have gunships and tanks :p
 
H

hjlbx

@hjlbx exactly, people think they have freedom , freedom is just an illusion, you are not free, you are only allowed to do things. you will have true freedom if you are alone in a island.

People are sheep because they are afraid or otherwise unwilling.

If you shed your wool and become a wolf, then the rancher shoots you...

A million sheep who become wolves at the same time and work together, then there aren't enough ranchers to kill all the wolves... and the ranchers get eaten alive.

Now that would be a sight to see !
 
  • Like
Reactions: Deleted member 2913
H

hjlbx

We live in a world with very complicated issues.

It is hard enough doing what needs to be done day-to-day - and that is all mostly little stuff.
 
  • Like
Reactions: Deleted member 2913
D

Deleted member 178

By the way , we are way off topic again , privacy issues shouldn't be involved when we discuss about security features.

i will move the posts elsewhere.

damn, i cannot lol
 
  • Like
Reactions: Deleted member 2913

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I recommend using O&O ShutUp10 as I consider it the best Anti-Telemetry Software Click Here to go to site
You could also install Glasswire to monitor network traffic if you wished to Click Here to go to site

I disagree with those that say that measures like this are pointless because "They will find many other ways to spy anyway" ..
I think that this is the very attitude that has seen our Civil Liberties erode as much as they have..
"Why fight it?..Just give in...They will do it anyway"...
It a good job that Martin Luther King and Emily Pankhurst were not as weak as this.
Anything one can do to fight this is a positive,even if you are stopping only 5% ..at least it shows that you care about these important issues rather than be naive or apathetic.
I'm with ya, you can disable so much of this from Process Lasso that you don't need O&O or Spybeacon.
It takes a bit longer because you have to investigate what your disabling, or looking up the core of MS telemetry, but in doing
so you learn about the MS OS. Like hjlbx says its not so much MS as it is our US government that thinks is entitled to all we do
and I happen to disagree with this most strongly, so the less MS has the less my government has by proxy ;)
Umbra makes a good point as well, there are very good ways to go "off radar" but with MS and the tweaks all I am trying to do is
have a smaller footprint, and I will no matter who disagrees because after all it's "my choice". ;)

People are sheep because they are afraid or otherwise unwilling.

If you shed your wool and become a wolf, then the rancher shoots you...

A million sheep who become wolves at the same time and work together, then there aren't enough ranchers to kill all the wolves... and the ranchers get eaten alive.

Now that would be a sight to see !
Some of us don't make very good sheep, because our teeth are too sharp ;)
 
Last edited by a moderator:

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
I completely disagree with some above posts, and agree incompletely with others :D
You, you and you, your are wrong, and you, you and you, you are right, or maybe its is the opposite :rolleyes:

That's all, for the moment :)
 
U

uncle bill

I can post about my personal experience as a software developer. A software marked as insecure by smartscreen filter and as malware by some antivirus software vendors, will get really low chances to be downloaded and installed. But what if this software it's not malware and/or insecure? Don't you think it is like being treated like a killer having killed anyone? In the italian version o Spiderman uncle Ben says to Peter: "Da grandi poteri derivano grandi responsabilita'". I think that Microsoft and the antivirus vendors should be more careful about what they say: instead of "this software is insecure" or "it's malware", they should say "we are not able to say if this software is really secure, it could be or it could be not", but i'm sure they'll never do it.
Sorry for my bad english
;)
 
D

Deleted member 178

I think that Microsoft and the antivirus vendors should be more careful about what they say: instead of "this software is insecure" or "it's malware", they should say "we are not able to say if this software is really secure, it could be or it could be not", but i'm sure they'll never do it.
Sorry for my bad english
;)

it does, where smartscreen is not sure, it tells it
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I can post about my personal experience as a software developer. A software marked as insecure by smartscreen filter and as malware by some antivirus software vendors, will get really low chances to be downloaded and installed.
Take this with a grain of salt, but as I understand Windows Smartscreen won't identify known malware (that's down to WD or Antivirus software), but since it's App Reputation based, New Files may be identified as potentially unsafe when run by the user.

I would advise you to contact the third-party Antivirus vendors, including Microsoft to say your software is non-malicious.
 
H

hjlbx

Take this with a grain of salt, but as I understand Windows Smartscreen won't identify known malware (that's down to WD or Antivirus software), but since it's App Reputation based, New Files may be identified as potentially unsafe when run by the user.

I would advise you to contact the third-party Antivirus vendors, including Microsoft to say your software is non-malicious.

Submitting false positives can be - what seems a never-ending process requiring a lot of time and effort for some vendors.

After all, it requires submission to all the AV engines and file reputation keepers.

The problem is that the submission portals for false positives are different than malware submission - and there is no utility to submit FPs to all AVs and file reputation databases at one time.
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
...
nobody forces you to use a computer and internet, you worry about your online privacy, just stop using internet from your home , you can still live a decent life.
Comparing real life rights with online ones is just plain wrong; like many mixing IRL and online life, people must separate them. unfortunately, some even prioritize online life over IRL, which is sick.
I think you can't always separate IRL and online life, for a lot of purpose, because some online actions are needed for IRL reasons, and some organisations / companies only let us the choice to use internet to interact/manage some accounts/info/exchanges (also for some civil services ). If you want to do the same things without using internet help, it could, in a lot of case, become really "unworkable" (A long list in France).

Then, I don't think "nobody forces you to use a computer and internet, you worry about your online privacy, just stop using internet from your home , you can still live a decent life" is the right "answer" when you live in certain countries, and in many case online privacy is important to protect the data / info concerned.

That is also interesting to see differences between US and Europe concerning privacy.

http://politicsandpolicy.org/article/european-union-and-internet-data-privacy

About smartscreen :
I think if your are a basic or intermediate user, it can be better to keep it enable,
but if your are an advanced user, you can deactivate it. The only problem is to be able to determinate without errors in what group you are :D
 
Last edited:

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Ok, but what you do when you get warned by a full screen message? I bet you turn your browser back where you were coming from.
:)
That is totally right, when some people want/are about to discover new (for them) prog, any alert can make most users go and see another prog /webpage :) (just have to remember that the most part of users are not even intermediate users)
 
Last edited:
U

uncle bill

Take this with a grain of salt, but as I understand Windows Smartscreen won't identify known malware (that's down to WD or Antivirus software), but since it's App Reputation based, New Files may be identified as potentially unsafe when run by the user.

I would advise you to contact the third-party Antivirus vendors, including Microsoft to say your software is non-malicious.
True, smartscreen filter is not a replacement for an antivirus, but the result to end users is the same one of an antivirus warning you've downloaded a malware file. The problem, if i can name it this way, is that warning as potentially unsafe a software gives the same result you get on the really unsafe ones. About advising antivirus vendors: every time a new version get compiled i play safe and goto to virustotal for a scan check. Recently i discovered that this is not enough because avast scanner gives green flag on file scan but pop up suggesting a malware was downloaded when i tried to download the software from the project site (and i suspect this is something related to smartscreen itself). Avast customer care has been really nice and cooperative in whitelisting my software but they also stated that there's no guarantee it will not be the same for newer versions.

Gentile Marco,

A seguito della precedente mail con le indicazioni su come caricare su ftp, Le confermo che l'attuale versione del programma cessera' di essere segnalata nel giro delle prossime ore.


La ringrazio per la collaborazione.

Resto a Sua disposizione.


N. C.

Avast Team

On Tue, 4 Oct at 10:16 AM , Avast Customer Care <customer.care@avast.com> wrote:
Gentile Marco,


La ringrazio per il riscontro.

Con ogni nuovo aggiornamento e' possibile che il software venga bloccato da Avast.

Le consiglio di caricare i file su ftp.avast.com nella cartella Incoming/ e di prendere nota del nome della cartella. I file sarano visibili solamente per gli impiegati in VirusLab. In caso preferisca, La invito a ad utilizzare un servizio di hosting online. In caso si tratti di piu' fle assieme, La invito a usare pacchetti ZIP, Rar o 7z.

Una volta caricato il file, La prego di inviare una mail a virus@avast.com con l'oggetto "Files to whitelist - #NOME#" dove #NOME# va sostituito con il nome della casa produttrice.



Detto questo, il blocco da parte di Avast e' dato dall'assenza di firma digitale e dal numero esiguo di download (di solito).



Non ha necessita' di aggirare Avast per rendere scaricabile il programma. Puo' semplicemente contattare il supporto e caricare via ftp l'ultima versione rilasciata.

Siamo una compagnia di sicurezza software, pertanto agiamo in virtu' della tutela degli utenti, cosi' come le altre compagnie che al momento risultano bloccare l'eseguibile. Mi spiace che si trovi in una posizione sconveniente e che sia richiesta disponibilita' a collaborare.



Ho provveduto a inviare la segnalazione al Laboratorio dei Virus.

La informero' nel minor tempo possibile.



Resto a Sua disposizione.

Le auguro una buona giornata.



N. C.

Avast Team

On Tue, 4 Oct at 8:20 AM , Marco <deleted> wrote:
Buongiorno e grazie per avermi contattato. Il sito, come lei ha gia' avuto modo di verificare non e' bloccato

e l'eseguibile che vi ho inoltrato nemmeno. Il problema nasce quando si cerca di scaricare l'eseguibile dal

sito, in quanto questo viene contrassegnato come malware.gen... (non posso essere piu' preciso al momento).

Capisco che come produttori di un antivirus dobbiate seguire le regole ed adeguarvi al

filtro smartscreen di windows, pero' se vi comportate cosi' distruggete definitivamente le possibilita' di

software, peraltro gratis come il mio, di poter essere scaricato, utilizzato e giudicato utile o meno dagli

utilizzatori finali. In parole povere e per citare una frase di un noto film, "da grandi poteri derivano grandi responsabilita'..",

ed io, ma credo anche altri nella mia posizione, comincio ad essere stufo del trattamento che ricevo ogni volta

che genero una nuova versione del programma.



Grazie per l'attenzione.



Il 03.10.2016 15:50 Avast Customer Care ha scritto:

Gentile Marco,

Grazie per averci contattati.



Le chiedo una schermata della notifica di blocco o segnalazione che riceve da Avast.

Il sito mi risulta accessibile all'URL indicato: <deleted>



In attesa di un Suo riscontro, Le auguro una buona giornata.



Resto a Sua disposizione.

N. C.

Avast Team



On Mon, 3 Oct at 12:00 PM , Marco <deleted> wrote:

comunicazione falso positivo. url: <deleted>

535962

535962
 
L

Lucent Warrior

Microsoft Smartscreen has evolved to help protect against drive by attacks/socially engineered attacks, like phishing. It utilizes URL reputation checks as well as application reputation protection. It also has the ability to protect against malicious frames such as "Unsafe Ad's".

There really is no good reason to not use it. I am one of the few testers that leaves Smartscreen enabled during tests so that users can see the benefit of having it enabled. I do however admit that not enough information is present with the unknown scenarios, and users could benefit from more information being implemented or learning to look things up before clicking that "run anyway" button. It is rare that i see samples bypass both Smartscreen and UAC upon being executed, although it does happen.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040


The SmartScreen Filter in Windows 8+ is good, but allows some vectors of infection listed below:

a) You have got the executable file (BAT, CMD, CPL, COM, EXE, JS, JSE, MSI, VBS, VBE, WSF) using:
* the downloader or torrent application (EagleGet, utorrent etc.);
* container format file (7z, arj, rar, zip, etc.);
* CD/DVD/Blue-ray disc;
* CD/DVD/Blue-ray disc image (iso, bin, etc.);
* non NTFS USB storage device (FAT32 pendrive, FAT32 usb disk);
* Memory Card;
so the file does not have the proper Alternate Data Stream attached.

b) You have run the executable file with runas.exe (Microsoft), AdvancedRun (Nirsoft), RunAsSystem.exe (AprelTech.com), etc.

If You are executing executable files downloaded on NTFS hard drive by most popular Internet Browsers or from One Drive, then the SmartScreen Filter gives You very good protection against malware files (especially 0-day).
If the file is from another source, then simply upload it to One Drive (or mailbox) , and download again.

The SmartScreen gives more false positives than antivirus based on signatures, but this is fully compensated by better 0-day protection. It is worth to mention that Virus Total gives even more false positives. The main downside for inexperienced users is poor information about files blocked by SmartScreen - the best way to do then is accepting SmartScreen choices or asking more experienced people for help. If someone does not like it, then standard good antivirus (Eset, BitDefender, Kaspersky, Emsisoft, etc.) is a better solution.

@hjlbx
Tle last part of above post was not for You (You are obviously not an inexperienced user.):)
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top