IE8 SmartScreen Filter – Protecting Users at Internet Scale

March 5th, 2010

The RSA 2010 Security Conference is just finishing up here in San Francisco, and I’m struck by how many of the conference sessions and keynotes have warned about the threat that socially engineered malware poses to the security of the Internet. Malware has become the scourge of the Internet, and it’s not just the security experts who are worried—the top story in my morning paper yesterday described how a typical malware attack compromised a financial firm’s network. Our data shows that one out of every 250 downloads is the result of a user being tricked into downloading malware to their PC.

We’re proud of the protection SmartScreen® Filter provides to protect IE8 users from such attacks, and I’d like share some of the latest numbers on our level of protection.

Since we launched IE8 in March 2009, SmartScreen has blocked over 560 million attempts to download malware, recently averaging over 3 million blocks per day! Hosted in datacenters around the world, SmartScreen’s URL Reputation Service (URS) has evaluated over 250 billion URLs to help keep IE8 users safe from malware. Even more impressively, since IE7’s Phishing Filter was introduced in 2005, the URS has processed over 5.7 trillion reputation requests in order to block malicious web sites. Every day, Microsoft receives around 300 million telemetry reports from IE8 users and processes 4.1 billion URLs looking for malicious websites and files. On the back end, our systems and analysts evaluate over 1 terabyte of binaries every day to help identify sites delivering malware.

The Q1 2010 NSS Lab’s test shows that Microsoft’s continued investment in SmartScreen is paying off. Since launch, IE8’s SmartScreen Filter has continued to improve its protection against Socially Engineered Malware threats.

IE6 and 7 don’t provide protection against socially-engineered malware. If your family and friends aren’t up-to-date, please encourage them to upgrade to IE 8 for a safer Internet experience.

While IE8 offers the best built-in protection any browser offers against socially engineered malware, you still should follow best-practices to stay safe online. For instance:

  • Enable SmartScreen Filter using IE8’s Safety menu.
  • Install antivirus and antispyware software from trusted sources and keep it up-to-date. Microsoft Security Essentials is available for free.
  • Turn on your firewall.
  • Enable Automatic Updates for Windows and other Microsoft software using Microsoft Update.
  • Keep your computer’s other software, including browser add-ons, up-to-date.
  • Before downloading software, consider the risks and be aware of the fine print. For example, make sure the license agreement does not conceal a warning that you are about to install software with unwanted behavior.

You can read more tips and learn about common Internet attacks over on the Security Tips blog.

Stay safe out there!

Eric Lawrence
Program Manager