Microsoft Extends SmartScreen To Foil Malvertising and Exploit Kits

itwbennett writes: With the latest update for Windows 10, Microsoft has extended SmartScreen to block drive-by attacks in Microsoft Edge and Internet Explorer 11, the Microsoft Edge Team said Wednesday in a blog post. The new capability is based on the security intelligence that Microsoft receives from multiple products such as Microsoft Edge, Internet Explorer, Bing, Windows Defender and the Enhanced Mitigation Experience Toolkit (EMET). Thanks to this data, which includes behavioral telemetry, SmartScreen can even detect attacks that exploit zero-day vulnerabilities, according to Microsoft. The company is also revoking trust for a bunch of certificate authorities starting in January.

Re: This extends that & more to any webbound a

He's onto something good that works and does more for less using what you already have natively built into your system in hosts.

Re:This extends that & more to any webbound ap

[Shoten]

Yeah, great. It does all of that, and yet...it gets posted by an AC.

Must miss! Or, as a wise man named Rick James once said..."I wish I had more hands so I could give FOUR THUMBS DOWN!"

Re:Any bets how long before it's been worked aroun

[Shoten]

Each windows has been a kind of sieve, it's been plenty of holes to plug, and before they get even close finishing they get new one to start with. And in case Windows 10 is actually last windows ever, they will certainly reinvent wheel within the platform again and again so much that merry go around will continue forever.

It doesn't matter. It helps, and that is an improvement.

In the beginning, there were firewalls. And they were good. But then other attacks came about which were in no way hindered by firewalls...in fact, we're talking about those kinds of attacks right now. So firewalls aren't a magic bullet...would you run a network that was wide open to the Internet and not have one in place?

Or, taking the alternative view, what would you use as a compensating approach to accomplish the same thing? And if you have one in mind, are you sure that there will never be a way to work around it?

How about sandboxing the browser?

MS has done well with having the web browser run in a low security context, but it might be good to take a step further than that and have the browser run from in its own VM or container, with limited access, such as a subdirectory of the Downloads directory or similar, so the browser is not just with a lower security context, it has a completely different filesystem than the user. Tab/window separation would be important as well, similar to how Google Chrome runs each tab in a separate process.

Re:How about sandboxing the browser?

Makes file uploads a pain. Some MS web based products rely on users being able to easily upload files.

Re:How about sandboxing the browser?

[The-Ixian]

Well, on the Windows Weekly podcast, Mary Jo Foley has indicated that containerization will likely be a future addition to Windows 10 just like it is in Server 2016.

I would fully expect several Windows components to begin to take advantage of this.

Re:How about sandboxing the browser?

For what it's worth, Edge already is sandboxed (via AppContainer).

Re:How about sandboxing the browser?

If only they could get it to start blocking these [Now] or [Later] dark pattern pop-ups I have been getting!

For a second there I read that

[future+assassin]

as Smoke Screen and Tin Foil.

Re:Any bets how long before it's been worked aroun

[The-Ixian]

Exactly this.

Each new security feature is additive.

The thing is, SmartScreen has always been kind of useless. I can count on my right hand how many times I have seen a SmartScreen alert and all of those were false positives or because SmartScreen couldn't phone home or something.

Anyway, any improvement to this technology is welcome.

now if they'd only....

download a blacklist to the browser instead of sending urls to microsoft (essentially giving them a good look at your browsing and downloading history).

Does anyone actually care?

[fahrbot-bot]

Personally, I only use IE at work to access internal sites that require it. When browsing the real Intertubes - either at work or home - I use Firefox with NoScript and several other Add-Ons that help keep me protected and private and in control of my browsing experience - or, at least, I believe relatively much more so than IE can.

Re:Does anyone actually care?

[The-Ixian]

Well, actually you can do a type of NoScript using group policy and kill bits for all corporate IE users. The central management of IE makes it ideal for our corporate environment. Instead of allowing any user to add any exception they want, we have a process by which we will vet the exception case and add it to a global allow list.

We, of course, do not allow Flash or Java to be invoked in the browser and we use the Intranet, Trusted and Internet zone profiles built into IE to restrict other aspects of web browsing.

I think that IE can be just as safe (or more so) than any other browser.

Improvements to SmartScreen will be a welcome addition to the toolbox.

Re:This extends that & more to any webbound ap

Try quoting accurately next time you fuckwit.

Re: This extends that & more to any webbound a

You must be apk then, right? No wait. Apk identifies himself. Slime worms like yourself don't.

Adblock to beat them to it

[penguinoid]

Adblock has been blocking malvertising and all kinds of zero day exploits for ages already. It does this by blocking advertisers that don't thoroughly vet the ads they serve against fraud and malware, and also advertisers that don't accept responsibility for any damages caused by malicious ads.

Re:This extends that & more to any webbound ap

You're the fuckwit posting anonymously and unidentifiably like a pussy bitch.

Re: AdBlock+ = inferior & 'souled-out' vs. hos

I tried using that apk software a couple times.
Every time I tried it out, I lost the ability to access ANY and ALL sites.

Really broken software.
Just edit your hosts file manually and use a combination of ad blockers and accept blockers.

Apk Hosts can suck it.

SmartScreen is a joke

[Striek]

I personally have had nothing but problems with SmartScreen. The thing is so complex that nobody at Microsoft seems to know exactly how it works. I've lost count of the number of mailservers I've set up that are refused by SmartScreen, and despite numerous attempts at resolving the problem with Microsoft Deliverability Support, nothing ever gets through. Every response is a generic "We understand you have questions regarding the deliverability of your email, and therefore its content", despite information provided to the contrary, explaining that this is an IP reputation issue. They simply don't care if your company cannot send mail to their users. They really don't.

The thing is so complex that even Microsoft's Deliverability Support team can't tell you why your mailservers mails get rejected. And worse than that, it blatantly violates RFC2821, specifically:

6.1 Reliable Delivery and Replies by Email

      When the receiver-SMTP accepts a piece of mail (by sending a "250 OK"
      message in response to DATA), it is accepting responsibility for
      delivering or relaying the message. It must take this responsibility
      seriously. It MUST NOT lose the message for frivolous reasons, such
      as because the host later crashes or because of a predictable
      resource shortage.

      If there is a delivery failure after acceptance of a message, the
      receiver-SMTP MUST formulate and mail a notification message. This
      notification MUST be sent using a null ("") reverse path in the
      envelope. The recipient of this notification MUST be the address
      from the envelope return path (or the Return-Path: line). However,
      if this address is null (""), the receiver-SMTP MUST NOT send a
      notification.

    -snip-

SmartScreen will silently drop emails, even after accepting them for delivery. Their postmaster website then tells you that you are required to be RFC2821 compliant.

SmartScreen is a joke. Its filtering policies are far too agressive, and if it decides to drop your emails, you're SOL. Believe me, I've tried to get through to them. Too many legitimate emails are silently dropped / marked as spam, and too much spam gets through (IMHO). My advice for Microsoft to improve SmartScreen is this - You do not own the email system. Design your mail system to work well with others. Tell postmasters why their mail is not being delivered, and offer effective remedies. As long as their filtering system silently drops emails with no notification of why, and their deliverability support people can't help, their mail system will remain a joke.

I gave up on SmartScreen ages ago. I now route all mail destined for Microsoft domains through Amazon SES. It's far less hassle than getting Microsoft to actually accept the message.

Re:SmartScreen is a joke

My advice for Microsoft to improve SmartScreen is this - You do not own the email system. Design your mail system to work well with others. Tell postmasters why their mail is not being delivered, and offer effective remedies.

And Microsoft's response, in effect, is: Yes we do own the email system. We own Windows, we own your computer, we own your keyboard, we own your mouse, we own your files, we own your email, downloads, business, and soon we'll own the internet and then we'll take your soul.

You will be upgraded. You will be updated. You will be tracked. You will be controlled. You will be owned. And you will like it citizen, or else.

Does anyone actually use IE?

I've never met any technically competent individual who uses IE as a browser.
Do such exist?

Re:Does anyone actually use IE?

From time to time I've had to use it, but never by my personal choice.

Re:Does anyone actually use IE?

[Thraxy]

I use it at least 3-4 times a year to go to mozilla.org

Don't you love your little terminals?

Your friendly administrator at Microsoft will keep you safe from the outside world. Just make sure you don't get behind on your payments for the time sharing slots on Microsoft's computers.

Re: This extends that & more to any webbound a

It's obvious to anyone with two brain cells to rub together that you just downmodded someone stating the simple truth with one of the sockpuppets you accuse everyone else of using, AlecStaar. Fuck off.

Re: This extends that & more to any webbound a

You're a trolling unidentifiable coward who projects his modus operandi. You post ac unidentifiably so you can downmod apk. You don't even have 2 brain cells. Don't try think. It's not a strong suit of yours.

Is this a joke?

When Microsoft stops trying to foist Windows 10 on me with giant popups featuring "Upgrade now" and "Upgrade tonight" as options, then they can talk to me about drive-by downloads.

Re:This extends that & more to any webbound ap

I really wish that you would stop using my Initials, you Relentless Wretch; I've been using them for decades longer than you.
Why not use AWP instead, AssWiPe?

BTW, have you considered Professional Help?
With the compulsive asswiping of course. You really shouldn't do it so often, and certainly not here. Your information is dated, and about as interesting as Zits on a Bore.

-The _Real_ APK.

A better idea

[slashmydots]

MAAAAAAAAYBE they should go specifically after the ad networks hosting the "we're microsoft, your computer is broke, call us" scam ad networks instead of drive by download malware, which is barely even a thing anymore. You know, since the scammers are PRETENDING TO BE THEM, you would think they'd care.

Re:Any bets how long before it's been worked aroun

MS is just trying to get a monopoly for malware on their platform. They think they should be the only one who sell ads to be shown on the OS and the only who can sell users data to 3rd parties.

This extends that & more to any webbound app

See subject & APK Hosts File Engine 9.0++ SR-4 32/64-bit http://start64.com/index.php?o...

---

FREE, not 'souled-out' to advertisers + adds speed, security & reliability. Does FAR more w/ FAR less more efficiently vs. redundant browser addons & local DNS servers @ home + fixes DNS' many security issues & it stops a LOT of tracking @ webpage + DNS levels via 1 file you NATIVELY have - firewalls do the rest (on less used IP address trackers vs. host-domain name type).

---

It obtains data vs. threats & for adblocking from 10 reputable security community sites!

---

SPEEDS YOU UP 2 ways (adblocks + local RAM cached favorite sites @ TOP of hosts for fastest resolution speed vs. remote DNS (aids reliability)) vs. other "so-called security 'solutions'" SLOWING YOU!

---

All that via something you natively have vs. "bolting on browser addons 'MOAR'" that's usermode slower & increases messagepassing, cpu + ram overheads!

---

MalwareBytes' hpHosts Admin (MalwareBytes employee who verified it's source as safe http://forum.hosts-file.net/vi... ) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...

&

It's safe proven by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

Its 32-bit model too https://www.virustotal.com/en/...

Its installer too -> http://f.virscan.org/APKHostsF...

---

* "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend".

APK

P.S.=> By "yours truly" - "The Lord of Hosts" so-to-speak:

"The image this title brings to mind is of a mighty military commander, one who can at a mere word summon rank upon rank of protective power" from https://answers.yahoo.com/ques... & THE WORD = hosts!

(Accept NO substitutes!)

...apk

AdBlock+ = inferior & 'souled-out' vs. hosts

Can adblock+ do 16 things hosts do 4 speed, security & reliability:

1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnets + stop C&C talk
3.) Protect vs. dynamic dns botnets + stop C&C talk
4.) Protect vs. DGA botnets + stop C&C talk
5.) Protect vs. downed DNS (4 reliability)
6.) Protect vs. DNS redirect poisoning
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phish
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up surfing (adblock & hardcoded favs)
14.) Works on anything webbound multiplatform.
15.) EZ data control
16.) Block ads better vs. addons more efficiently

* ANSWER ="NO" on ab+ doing it as well or @ ALL + hosts = on devices natively.

APK

P.S.=> Ab+ does less vs. hosts less efficiently - hosts do MORE w/ less + Hosts start w/ IP stack before REDUNDANT inefficient addons BEGIN operation (as 1st resolver).

---

Ab+'s a 128-151mb memory hog http://cdn.ghacks.net/wp-conte... (hosts use 3-11mb w/ my program initially). Even FireFox 41 adblock eats 65++mb http://www.ghacks.net/2015/06/...

---

ClarityRay defeats it seeing addons via native browser methods!

---

Ab+'s bribed not to work by default http://www.businessinsider.com... & ABP bought out adblock http://www.theregister.co.uk/2...

---

Ab+ adds complexity in slower usermode (w/ more messagepassing overhead + context switch vs. hosts in kernelmode).

---

AdBlock's SLOWER: http://superuser.com/questions...

---

What's best?

APK Hosts File Engine 9.0++ SR-4 32/64-bit http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee who verified its source is safe http://forum.hosts-file.net/vi... ) hosts & recommends it http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

&

It's safe per 57 antivirus programs in BOTH its 64-bit model https://www.virustotal.com/en/...

+

a 32-bit model too https://www.virustotal.com/en/...

& Installer -> http://f.virscan.org/APKHostsF...

Your /. peers disagree, quoted... apk

"his hosts program is actually pretty good" - by xenotransplant (4179011) on Monday August 10, 2015 @03:34PM (#50287195)

"I like your host file system." - by Karmashock (2415832) on Wednesday September 09, 2015 @03:57PM (#50489401)

"APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works." - by bmo (77928) on Thursday October 15, 2015 @11:30AM (#50736071)

"Actually, APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience in this context. Of course, your phone has to be rooted, which isn't the case with Firefox + adblock." - by chihowa (366380) on Saturday May 16, 2015 @11:40AM (#49705641)

"his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg (948359) on Friday September 25, 2015 @09:57AM (#50596461)

"In a footnote, I would like to note that I find your hosts file admirable." - by vel-ex-tech (4337079) on Tuesday November 24, 2015 @10:27PM (#50999097)

"No complaints from me, I like APK's spam. Reminds me to use a host file. Also, his stuff is free." - by aaaaaaargh! (1150173) on Tuesday November 17, 2015 @09:31AM (#50947415)

* TRYING TO "DOWNMOD HIDE" THE TRUTH OF THOSE POSTS ABOVE THE LAST 3 TIMES I POSTED IT? YES -> http://tech.slashdot.org/comme... & http://tech.slashdot.org/comme... & http://tech.slashdot.org/comme...

(Face facts - You're outnumbered, outthought, outsmarted, & just plain OUTED ac troll - by documented facts shown above...)

APK

P.S.=> So cut your bs propoganda & downmodding my posts constantly - you're FAILING (it's what you've done your ENTIRE LIFE haven't you? Yes)

... apk