The Internet Explorer security team has uploaded a blog post detailing the new Application Reputation functionality in IE 9, which helps protect users from undetected malware masquerading as legitimate executable downloads, while also removing unnecessary warnings when a download has an established reputation.
IE9 adds another layer of defense against socially engineered attacks that now looks at the application being downloaded - this is in addition to the URL-based protection described above. This new layer of protection is called SmartScreen Application Reputation. When it comes to program downloads, other browsers today either warn on every file or don’t warn at all. Neither of these approaches helps the user make a better decision. Application Reputation also addresses a limitation present in all block-based approaches that happens at the beginning of new attacks, before a Web site or program has been identified as malicious.
Using reputation helps protect users from newly released malware programs - pretending to be legitimate software programs - that are not yet detected by existing defense mechanisms. Reputation also enables IE9 to remove unnecessary warnings for downloads with an established positive reputation. Both publishers and individual applications build reputation. For example, a digitally signed application from a well-known publisher that has been widely downloaded has a better reputation than an unsigned application that has not yet been downloaded widely and has just been posted on a newly created Web site.
We see two main patterns:
- Dramatic reduction in malware infections for IE9 users
SmartScreen Application Reputation is protecting consumers every day.