Microsoft Extends SmartScreen To Foil Malvertising and Exploit Kits

itwbennett writes: With the latest update for Windows 10, Microsoft has extended SmartScreen to block drive-by attacks in Microsoft Edge and Internet Explorer 11, the Microsoft Edge Team said Wednesday in a blog post. The new capability is based on the security intelligence that Microsoft receives from multiple products such as Microsoft Edge, Internet Explorer, Bing, Windows Defender and the Enhanced Mitigation Experience Toolkit (EMET). Thanks to this data, which includes behavioral telemetry, SmartScreen can even detect attacks that exploit zero-day vulnerabilities, according to Microsoft. The company is also revoking trust for a bunch of certificate authorities starting in January.

Re:How about sandboxing the browser?

[The-Ixian]

Well, on the Windows Weekly podcast, Mary Jo Foley has indicated that containerization will likely be a future addition to Windows 10 just like it is in Server 2016.

I would fully expect several Windows components to begin to take advantage of this.

SmartScreen is a joke

[Striek]

I personally have had nothing but problems with SmartScreen. The thing is so complex that nobody at Microsoft seems to know exactly how it works. I've lost count of the number of mailservers I've set up that are refused by SmartScreen, and despite numerous attempts at resolving the problem with Microsoft Deliverability Support, nothing ever gets through. Every response is a generic "We understand you have questions regarding the deliverability of your email, and therefore its content", despite information provided to the contrary, explaining that this is an IP reputation issue. They simply don't care if your company cannot send mail to their users. They really don't.

The thing is so complex that even Microsoft's Deliverability Support team can't tell you why your mailservers mails get rejected. And worse than that, it blatantly violates RFC2821, specifically:

6.1 Reliable Delivery and Replies by Email

      When the receiver-SMTP accepts a piece of mail (by sending a "250 OK"
      message in response to DATA), it is accepting responsibility for
      delivering or relaying the message. It must take this responsibility
      seriously. It MUST NOT lose the message for frivolous reasons, such
      as because the host later crashes or because of a predictable
      resource shortage.

      If there is a delivery failure after acceptance of a message, the
      receiver-SMTP MUST formulate and mail a notification message. This
      notification MUST be sent using a null ("") reverse path in the
      envelope. The recipient of this notification MUST be the address
      from the envelope return path (or the Return-Path: line). However,
      if this address is null (""), the receiver-SMTP MUST NOT send a
      notification.

    -snip-

SmartScreen will silently drop emails, even after accepting them for delivery. Their postmaster website then tells you that you are required to be RFC2821 compliant.

SmartScreen is a joke. Its filtering policies are far too agressive, and if it decides to drop your emails, you're SOL. Believe me, I've tried to get through to them. Too many legitimate emails are silently dropped / marked as spam, and too much spam gets through (IMHO). My advice for Microsoft to improve SmartScreen is this - You do not own the email system. Design your mail system to work well with others. Tell postmasters why their mail is not being delivered, and offer effective remedies. As long as their filtering system silently drops emails with no notification of why, and their deliverability support people can't help, their mail system will remain a joke.

I gave up on SmartScreen ages ago. I now route all mail destined for Microsoft domains through Amazon SES. It's far less hassle than getting Microsoft to actually accept the message.