Why do so many in here consider SmartScreen Filter as essential?

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
Personally I would keep smart screen enabled. Its like UAC there is not that much it does to really hinder you. As for the privacy issue you could always disable everything "privacy concerned" with the OS and leave the essentials like UAC, Defender, Firewall, and what not. I personally don't care if you're spying on me or not. (You get to see my beautiful face if you take control of my webcam MS) :p

Currently using Edge as one of my default browsers. I like insensitive. :p
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
True, smartscreen filter is not a replacement for an antivirus, but the result to end users is the same one of an antivirus warning you've downloaded a malware file. The problem, if i can name it this way, is that warning as potentially unsafe a software gives the same result you get on the really unsafe ones. About advising antivirus vendors: every time a new version get compiled i play safe and goto to virustotal for a scan check. Recently i discovered that this is not enough because avast scanner gives green flag on file scan but pop up suggesting a malware was downloaded when i tried to download the software from the project site (and i suspect this is something related to smartscreen itself). Avast customer care has been really nice and cooperative in whitelisting my software but they also stated that there's no guarantee it will not be the same for newer versions.

Gentile Marco,

A seguito della precedente mail con le indicazioni su come caricare su ftp, Le confermo che l'attuale versione del programma cessera' di essere segnalata nel giro delle prossime ore.


La ringrazio per la collaborazione.

Resto a Sua disposizione.


N. C.

Avast Team

On Tue, 4 Oct at 10:16 AM , Avast Customer Care <customer.care@avast.com> wrote:
Gentile Marco,


La ringrazio per il riscontro.

Con ogni nuovo aggiornamento e' possibile che il software venga bloccato da Avast.

Le consiglio di caricare i file su ftp.avast.com nella cartella Incoming/ e di prendere nota del nome della cartella. I file sarano visibili solamente per gli impiegati in VirusLab. In caso preferisca, La invito a ad utilizzare un servizio di hosting online. In caso si tratti di piu' fle assieme, La invito a usare pacchetti ZIP, Rar o 7z.

Una volta caricato il file, La prego di inviare una mail a virus@avast.com con l'oggetto "Files to whitelist - #NOME#" dove #NOME# va sostituito con il nome della casa produttrice.



Detto questo, il blocco da parte di Avast e' dato dall'assenza di firma digitale e dal numero esiguo di download (di solito).



Non ha necessita' di aggirare Avast per rendere scaricabile il programma. Puo' semplicemente contattare il supporto e caricare via ftp l'ultima versione rilasciata.

Siamo una compagnia di sicurezza software, pertanto agiamo in virtu' della tutela degli utenti, cosi' come le altre compagnie che al momento risultano bloccare l'eseguibile. Mi spiace che si trovi in una posizione sconveniente e che sia richiesta disponibilita' a collaborare.



Ho provveduto a inviare la segnalazione al Laboratorio dei Virus.

La informero' nel minor tempo possibile.



Resto a Sua disposizione.

Le auguro una buona giornata.



N. C.

Avast Team

On Tue, 4 Oct at 8:20 AM , Marco <deleted> wrote:
Buongiorno e grazie per avermi contattato. Il sito, come lei ha gia' avuto modo di verificare non e' bloccato

e l'eseguibile che vi ho inoltrato nemmeno. Il problema nasce quando si cerca di scaricare l'eseguibile dal

sito, in quanto questo viene contrassegnato come malware.gen... (non posso essere piu' preciso al momento).

Capisco che come produttori di un antivirus dobbiate seguire le regole ed adeguarvi al

filtro smartscreen di windows, pero' se vi comportate cosi' distruggete definitivamente le possibilita' di

software, peraltro gratis come il mio, di poter essere scaricato, utilizzato e giudicato utile o meno dagli

utilizzatori finali. In parole povere e per citare una frase di un noto film, "da grandi poteri derivano grandi responsabilita'..",

ed io, ma credo anche altri nella mia posizione, comincio ad essere stufo del trattamento che ricevo ogni volta

che genero una nuova versione del programma.



Grazie per l'attenzione.



Il 03.10.2016 15:50 Avast Customer Care ha scritto:

Gentile Marco,

Grazie per averci contattati.



Le chiedo una schermata della notifica di blocco o segnalazione che riceve da Avast.

Il sito mi risulta accessibile all'URL indicato: <deleted>



In attesa di un Suo riscontro, Le auguro una buona giornata.



Resto a Sua disposizione.

N. C.

Avast Team



On Mon, 3 Oct at 12:00 PM , Marco <deleted> wrote:

comunicazione falso positivo. url: <deleted>

535962

535962
You have to post in English here brother, it's MT's rule, just a "Heads Up" ;)
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Because Smartscreen is next to UAC defense layer (vice versa) when unusual activity occur, even though most of the time it detects unrecognized publishers then at least 90% will not accept the file to run because of possible risk.
 
  • Like
Reactions: DardiM

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
And here is where a digital certificate from verisign or other brands come into play.
Smart screen and similar rep based modules, seem to have a problem with new software, like AV programs seem to hate UPX based packers.
Fact is 90% of all free non premium UPX packers are either Crimeware, Scareware, Rogueware or outright malware.
Same goes for unsigned and new software 75% is Crimeware, Scareware, Rogueware and in 40% malware or adware stacked.
So give MS or a AV vendor 1 good reason to ignore these facts and stop blocking or warning when a new UPX or Unsigned file is found?

Officially Signed software and even self signed software is in 70% of all cases clean. Those are statistic's one cannot deny.
Software that uses industry accepted packers is in over 80% of all the times legit.
Me as developer actually HATE the whole you must sign your software strategy since in my eyes its just sucking money.
Yet i cannot deny that it does work and does stop LOTS of Nigerian (and other malicious people) fake ware writers since they do not have the cash to buy a proper certificate and neither do they like the fact that if you DO sign your soft using a premium cert it also means that when you release your software and you did put crap into it, that eventually when enough people get hit by your rogue program it all will lead back to you. And thats something rogue ware writers do not like.
When i did not sign my software i did have 80% of all my users bitch that smart screen and similar programs where warning or blocking my soft and i needed to submit my software to AV companies at least 4 times a month.

When i started self signing my software only 40% of my clients seem to have smart screen issues and 20% also did have issues with rep based AV's. And i needed to submit my program only 1 time in say 2 months.

Then i started using a commercial cert with full company background check.... And NO smart screen issues and NO AV issues (Except 1 time when there was a false positive based upon a key function that seem to look like a malware technique)
Truth to be said a whole world opened up. And peace of mind. So yes for a developer smart screen and rep based protection is a nightmare, and for the end user some of these programs have questionable effectiveness mostly because people do not understand or mis use it like some here on MTwho keep stacking software security and mixing ##### to much under the idea i have extra layers lol.

But to those who use smart screen and rep based programs and do have a basic practice... it does work its that simple.
It does warn the user and it does stop malicious programs. It might not be perfect and it adds maybe only 20% extra security.
But 20% across all windows users who use smart and rep based software....
Do the math. That is binging down day to day infections by ALOT.

Cheers
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The SmartScreen Filter in Windows 8+ is good, but allows some vectors of infection listed below:

a) You have got the executable file (BAT, CMD, CPL, COM, EXE, JS, JSE, MSI, VBS, VBE, WSF) using:
* the downloader or torrent application (EagleGet, utorrent etc.);
* container format file (7z, arj, rar, zip, etc.);
* CD/DVD/Blue-ray disc;
* CD/DVD/Blue-ray disc image (iso, bin, etc.);
* non NTFS USB storage device (FAT32 pendrive, FAT32 usb disk);
* Memory Card;
so the file does not have the proper Alternate Data Stream attached.

b) You have run the executable file with runas.exe (Microsoft), AdvancedRun (Nirsoft), RunAsSystem.exe (AprelTech.com), etc.

If You are executing executable files downloaded on NTFS hard drive by most popular Internet Browsers or from One Drive, then the SmartScreen Filter gives You very good protection against malware files (especially 0-day).
If the file is from another source, then simply upload it to One Drive (or mailbox) , and download again.

The SmartScreen gives more false positives than antivirus based on signatures, but this is fully compensated by better 0-day protection. It is worth to mention that Virus Total gives even more false positives. The main downside for inexperienced users is poor information about files blocked by SmartScreen - the best way to do then is accepting SmartScreen choices or asking more experienced people for help. If someone does not like it, then standard good antivirus (Eset, BitDefender, Kaspersky, Emsisoft, etc.) is a better solution.

@hjlbx
Tle last part of above post was not for You (You are obviously not an inexperienced user.):)

I noticed a mistake in my post. The right file extensions checked by SmartScreen App on the run are: BAT, CMD, CPL, COM, DLL, EXE, JSE, MSI, OCX, PIF, SCR, VBE.
It is strange that there is so little information about this thing! If anyone knows other extensions, please let me know.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top