Social-engineering attacks are more common than attacks on security vulnerabilities. Traditional defense against malware is a URL-based filter to screen out known malware websites. Microsoft introduced a new defense called Application Reputation that is available in Internet Explorer 9 (IE9) through the SmartScreen Filter.
Application Reputation allows publishers and their applications to build a reputation over time through these principles:
- Well known “good” applications have a better reputation than new applications
- Well known “good” publishers have a better reputation than unknown publishers
- New applications signed by known “good” publishers can have a relatively high reputation from first release
Reputation can be built for unsigned and signed applications. Signed applications can build reputation at twice the rate of those that are unsigned. Reputation based on signing relies on the identification of the publisher by a trusted certification authority and the issuance of a code-signing certificate. Reputation is built by signing ‘good’ applications, but can be easily lost if the certificate is used to sign malware.
Traditionally browsers have presented a trust dialogue box for each application download. IE9 with SmartScreen® Filter does not present a trust dialogue, if the application has built a good reputation. The benefit is that applications with good reputations will be installed without the user making a trust decision — they simply choose “Save” or “Run.” This means when IE9 does detect an application with an unknown reputation, the user is not de-sensitized to trust dialogues and will most likely make the right decision.
For more information on Application Reputation, see the following MSDN blog posts: