HOME

TheInfoList



OR:

SmartScreen (officially called Windows SmartScreen, Windows Defender SmartScreen and SmartScreen Filter in different places) is a
cloud-based Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to International Organization for ...
anti-phishing and
anti-malware Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name ...
component included in several Microsoft products: * All versions of the
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
since
Windows 8 Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012, made available for download via Microsoft ...
*
Web browsers A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scree ...
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...
and
Microsoft Edge Microsoft Edge is a Proprietary Software, proprietary cross-platform software, cross-platform web browser created by Microsoft and based on the Chromium (web browser), Chromium open-source project, superseding Edge Legacy. In Windows 11, Edge ...
*
Xbox One The Xbox One is a home video game console developed by Microsoft. Announced in May 2013, it is the successor to Xbox 360 and the third console in the Xbox#Consoles, Xbox series. It was first released in North America, parts of Europe, Austra ...
and
Xbox Series X and Series S The Xbox Series X and Xbox Series S are the fourth generation of consoles in the Xbox series, succeeding the previous generation's Xbox One. Released on November 10, 2020, the higher-end Xbox Series X and lower-end Xbox Series S are part o ...
video game consoles *
Online In computer technology and telecommunications, online indicates a state of connectivity, and offline indicates a disconnected state. In modern terminology, this usually refers to an Internet connection, but (especially when expressed as "on lin ...
services
Microsoft 365 Microsoft 365 (previously called Office 365) is a product family of productivity software, collaboration and Cloud computing, cloud-based Software as a service, services owned by Microsoft. It encompasses online services such as Outlook.com, One ...
(including Microsoft Outlook and Exchange) and
Microsoft Bing Microsoft Bing (also known simply as Bing) is a search engine owned and operated by Microsoft. The service traces its roots back to Microsoft's earlier search engines, including MSN Search, Windows Live Search, and Live Search. Bing offers a ...
. SmartScreen as a business unit includes the intelligence platform, backend, serving frontend, UX, policy, expert graders, and closed-loop intelligence (
machine learning Machine learning (ML) is a field of study in artificial intelligence concerned with the development and study of Computational statistics, statistical algorithms that can learn from data and generalise to unseen data, and thus perform Task ( ...
and statistical techniques) designed to help protect Microsoft customers from safety threats like social engineering and drive-by downloads.


SmartScreen in Internet Explorer


Internet Explorer 7: Phishing Filter

SmartScreen was first introduced in
Internet Explorer 7 Windows Internet Explorer 7 (IE7) (codenamed Rincon) is a version of Internet Explorer, a web browser for Windows. It was released by Microsoft on October 18, 2006. It was the first major update to the browser since 2001. It does not support ve ...
, then known as the Phishing Filter. Phishing Filter does not check every website visited by the user, only those that are known to be suspicious.


Internet Explorer 8: SmartScreen Filter

With the release of Internet Explorer 8, the Phishing Filter was renamed to SmartScreen and extended to include protection from socially engineered malware. Every website and download is checked against a local list of popular legitimate websites; if the site is not listed, the entire address is sent to Microsoft for further checks. If it has been labeled as an
impostor An impostor (also spelled imposter) is a person who pretends to be somebody else, often through means of disguise, deceiving others by knowingly falsifying one or more aspects of their identity. This is in contrast to someone that honestly belie ...
or harmful, Internet Explorer 8 will show a screen prompting that the site is reported harmful and shouldn't be visited. From there the user can either visit their
homepage A home page (or homepage) is the main web page of a website. Usually, the home page is located at the Root directory, root of the website's Domain name, domain or subdomain. For example, if the domain is example.com, the home page is likely l ...
, visit the previous site, or continue to the unsafe page. If a user attempts to download a file from a location reported harmful, then the download is cancelled. The effectiveness of SmartScreen filtering has been reported to be superior to socially engineered malware protection in other browsers. According to Microsoft, the SmartScreen technology used by Internet Explorer 8 was successful against phishing or other malicious sites and in blocking of socially engineered malware. Beginning with Internet Explorer 8, SmartScreen can be enforced using
Group Policy Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 8.1, Windows 10, Windows 11) that controls the working environment of user accounts and computer accounts. Group Policy provides centralized mana ...
.


Internet Explorer 9: Application Reputation

In Internet Explorer 9, SmartScreen added protection against
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
downloads by launching SmartScreen Application Reputation to identify both safe and malicious software. The system blocked known malware while warning the user if an executable was not yet known to be safe. The system took into account the download website’s reputation based on SmartScreen’s
phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
filter launched in prior
web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...
versions
Internet Explorer 7 Windows Internet Explorer 7 (IE7) (codenamed Rincon) is a version of Internet Explorer, a web browser for Windows. It was released by Microsoft on October 18, 2006. It was the first major update to the browser since 2001. It does not support ve ...
and Internet Explorer 8.


Internet Explorer Mobile 10

Internet Explorer Mobile Internet Explorer Mobile (formerly named Pocket Internet Explorer; later called IE Mobile) was a mobile version of Internet Explorer developed by Microsoft, based on versions of the MSHTML (Trident) layout engine. IE Mobile comes loaded by defa ...
10 was the first release of Internet Explorer Mobile to support the SmartScreen Filter.


Microsoft Edge

Microsoft Edge egacywas Microsoft's new browser beginning in
Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was Software release cycle#Release to manufacturing (RTM), released to manufacturing on July 15, 2015, and later to retail on July 2 ...
, built on the same Windows web platform powering Internet Explorer.
Microsoft Edge Microsoft Edge is a Proprietary Software, proprietary cross-platform software, cross-platform web browser created by Microsoft and based on the Chromium (web browser), Chromium open-source project, superseding Edge Legacy. In Windows 11, Edge ...
was later rebuilt on Google's Chromium browser stack to go cross-platform onto
macOS macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
and down-level into Windows 8.1 and below. SmartScreen shipped with each version of Microsoft Edge, mostly with Internet Explorer parity, in progressive versions adding protection improvements targeting new consumer threat classes like tech support scams or adding new enterprise configurability features.


Addressed criticisms

In October 2017, criticisms regarding URL submission methods were addressed with the creation of th
Report unsafe site
URL submission page. Prior to 2017, Microsoft required a user to visit a potentially dangerous website to use the in-browser reporting tool, potentially exposing users to dangerous web content. In 2017, Microsoft reversed that policy by adding the URL submission page, allowing a user to submit an arbitrary URL without having to visit the website. SmartScreen Filter in
Microsoft Outlook Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites. Primarily popular as an email client for businesses, Outlook also includes functions such as Calendari ...
was previously bypassable due to a data gap in Internet Explorer. Some phishing attacks use a phishing email linking to a front-end URL unknown to Microsoft; clicking this URL in the inbox opens the URL in Internet Explorer; the loaded website then, using client-side or server-side redirections, redirects the user to the malicious site. In the original implementation of SmartScreen, the "Report this website" option in Internet Explorer only reported the currently-open page (the final URL in the redirect chain); the original referrer URL in the phishing attack was not reported to Microsoft and remained accessible. This was mitigated beginning with some versions of
Microsoft Edge Legacy Microsoft Edge Legacy (often shortened to Edge Legacy), originally released as simply Microsoft Edge or Edge is a discontinued Proprietary Software, proprietary cross-platform software, cross-platform web browser created by Microsoft. Released ...
by sending the full redirection chain to Microsoft for further analysis.


SmartScreen in Windows


Windows 8 and Windows 8.1

In Microsoft Windows 8, SmartScreen added built-in
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
protections against web-delivered malware performing reputation checks by default on any file or application downloaded from the Internet, including those downloaded from
email clients An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email. A web application which provides message management, composition, and reception functio ...
like
Microsoft Outlook Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites. Primarily popular as an email client for businesses, Outlook also includes functions such as Calendari ...
or non-Microsoft
web browsers A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scree ...
like
Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...
.
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
SmartScreen functioned inline at the
Windows shell The Windows shell is the graphical user interface for the Microsoft Windows operating system. Its readily identifiable elements consist of the desktop, the taskbar, the Start menu, the task switcher and the AutoPlay feature. On some versions of ...
directly prior to execution of any downloaded software. Whereas SmartScreen in Internet Explorer 9 warned against downloading and executing unsafe programs only in Internet Explorer, Windows SmartScreen blocked execution of unsafe programs of any
Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
origin. With SmartScreen left at its default settings,
administrator Administrator or admin may refer to: Job roles Computing and internet * Database administrator, a person who is responsible for the environmental aspects of a database * Forum administrator, one who oversees discussions on an Internet forum * N ...
privilege would be required to launch and run an unsafe program.


Reactions

Microsoft faced concerns surrounding the privacy, legality and effectiveness of the new system, suggesting that the automatic analysis of files (which involves sending a cryptographic hash of the file and the user's IP address to a server) could be used to build a database of users' downloads online, and that the use of the outdated SSL 2.0 protocol for communication could allow an attacker to eavesdrop on the data. In response, Microsoft later issued a statement noting that IP addresses were only being collected as part of the normal operation of the service and would be periodically deleted, that SmartScreen on Windows 8 would only use SSL 3.0 for security reasons, and that information gathered via SmartScreen would not be used for advertising purposes or sold to third parties.


Windows 10 and Windows 11

Beginning in
Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was Software release cycle#Release to manufacturing (RTM), released to manufacturing on July 15, 2015, and later to retail on July 2 ...
, Microsoft placed the SmartScreen settings into the
Windows Defender Security Center Security and Maintenance (formerly known as Action Center, and Security Center in earlier versions) is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring ...
. Further Windows 10 and
Windows 11 Windows 11 is a version of Microsoft's Windows NT operating system, released on October 5, 2021, as the successor to Windows 10 (2015). It is available as a free upgrade for devices running Windows 10 that meet the #System requirements, Windo ...
updates have added more enterprise configurability as part of Microsoft's enterprise endpoint protection product.


SmartScreen in Outlook

Outlook.com uses SmartScreen to protect users from unsolicited e-mail messages (spam/junk), fraudulent emails (phishing) and malware spread via e-mail. After its initial review of the body text, the system focuses on the hyperlinks and attachments.


Junk mail (spam)

To filter spam, SmartScreen Filter uses machine learning from
Microsoft Research Microsoft Research (MSR) is the research subsidiary of Microsoft. It was created in 1991 by Richard Rashid, Bill Gates and Nathan Myhrvold with the intent to advance state-of-the-art computing and solve difficult world problems through technologi ...
which learns from known spam threats and user feedback when emails are marked as "Spam" by the user. Over time, these preferences help SmartScreen Filter to distinguish between the characteristics of unwanted and legitimate e-mail and can also determine the reputation of senders by a number of emails having had this checked. Using these algorithms and the reputation of the sender is an SCL rating (Spam Confidence Level score) assigned to each e-mail message (the lower the score, the more desirable). A score of -1, 0, or 1 is considered not spam, and the message is delivered to the recipient's inbox. A score of 5, 6, 7, 8, or 9 is considered spam and is delivered to the recipient's Junk Folder. Scores of 5 or 6 are considered to be suspected spam, while a score of 9 is considered certainly spam. The SCL score of an email can be found in the various x-headers of the received email.


Phishing

SmartScreen Filter also analyses email messages from fraudulent and suspicious Web links. If such suspicious characteristics are found in an email, the message is either directly sent to the Spam folder with a red information bar at the top of the message which warns of the suspect properties. SmartScreen also protects against spoofed domain names (spoofing) in emails to verify whether an email is sent by the domain which it claims to be sent. For this, it uses the technology Sender ID and DomainKeys Identified Mail (DKIM). SmartScreen Filter also ensures that one email from authenticated senders can distinguish more easily by placing a green-shield icon for the subject line of these emails.


Effectiveness


Browser social engineering protection

In late 2010, the results of browser malware testing undertaken by NSS Labs were published. The study looked at the browser's capability to prevent users following socially engineered links of a malicious nature and downloading malicious software. It did not test the browser's ability to block malicious web pages or code. According to NSS Labs, Internet Explorer 9 blocked 99% of malware downloads compared to 90% for Internet Explorer 8 that does not have the SmartScreen Application Reputation feature as opposed to the 13% achieved by
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...
, Chrome, and
Safari A safari (; originally ) is an overland journey to observe wildlife, wild animals, especially in East Africa. The so-called big five game, "Big Five" game animals of Africa – lion, African leopard, leopard, rhinoceros, African elephant, elep ...
; which all use a Google Safe Browsing malware filter.
Opera Opera is a form of History of theatre#European theatre, Western theatre in which music is a fundamental component and dramatic roles are taken by Singing, singers. Such a "work" (the literal translation of the Italian word "opera") is typically ...
11 was found to block just 5% of malware. SmartScreen Filter was also noted for adding legitimate sites to its blocklists almost instantaneously, as opposed to the several hours it took for blocklists to be updated on other browsers. In early 2010, similar tests had given Internet Explorer 8 an 85% passing grade, the 5% improvement being attributed to "continued investments in improved data intelligence". By comparison, the same research showed that Chrome 6, Firefox 3.6 and Safari 5 scored 6%, 19% and 11%, respectively. Opera 10 scored 0%, failing to "detect any of the socially engineered malware samples". In July 2010, Microsoft claimed that SmartScreen on Internet Explorer had blocked over a billion attempts to access sites containing security risks. According to Microsoft, the SmartScreen Filter included in Outlook.com blocks 4.5 billion unwanted e-mails daily from reaching users. Microsoft also claims that only 3% of incoming email is junk mail but a test by Cascade Insights says that just under half of all junk mail still arrives in the inbox of users. In a September 2011 blog post, Microsoft stated that 1.5 billion attempted malware attacks and over 150 million attempted phishing attacks have been stopped. In 2017, Microsoft addressed criticisms about the URL submission process by creating a dedicated page to report unsafe sites, rather than requiring users to visit the potentially dangerous site. Overtime, SmartScreen has expanded to protect against new threats like tech support scam, potentially unwanted applications (PUAs) and drive by attacks that don't require user interaction.


Criticism


Validity of browser protection tests

Manufacturers of other browsers have criticized the third-party tests which claim Internet Explorer has superior phishing and malware protection compared to that of Chrome, Firefox, or Opera. Criticisms have focused mostly on the lack of transparency of URLs tested and the lack of consideration of layered security additional to the browser, with
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
commenting that "The report itself clearly states that it does not evaluate browser security related to vulnerabilities in plug-ins or the browsers themselves", and Opera commenting that the results appeared "odd that they received no results from our data providers" and that "social malware protection is not an indicator of overall browser security".


Windows malware protection

SmartScreen builds reputation based on code signing certificates that identify the author of the software. This means that once a reputation has been built, new versions of an application can be signed with the same certificate and maintain the same reputation. However, code signing certificates need to be renewed every two years. SmartScreen does not relate a renewed certificate to an expired one. This means that reputations need to be rebuilt every two years, with users getting frightening messages in the meantime. Extended Validation (EV) certificates seem to avoid this issue, but they are expensive and difficult to obtain for small developers. SmartScreen Filter creates a problem for small software vendors when they distribute an updated version of installation or binary files over the internet. Whenever an updated version is released, SmartScreen responds by stating that the file is not commonly downloaded and can therefore install harmful files on your system. This can be fixed by the author digitally signing the distributed software. Reputation is then based not only on a file's hash but on the signing certificate as well. A common distribution method for authors to bypass SmartScreen warnings is to pack their installation program (for example Setup.exe) into a ZIP-archive and distribute it that way, though this can confuse novice users. Another criticism is that SmartScreen increases the cost of non-commercial and small scale software development. Developers either have to purchase standard code signing certificates or more expensive extended validation certificates. Extended validation certificates allow the developer to immediately establish reputation with SmartScreen but are often unaffordable for people developing software either for free or not for immediate profit. The standard code signing certicates however pose a " catch-22" for developers, since SmartScreen warnings make people reluctant to download software, as a consequence to get downloads requires first passing SmartScreen, passing SmartScreen requires getting reputation and getting reputation is dependent on downloads.


See also

* Anti-phishing software * Google Safe Browsing * macOS Gatekeeper


References


External links


A detailed FAQ by Microsoft on SmartScreen Filter
{{Microsoft Security Products SmartScreen Computer network security Microsoft Windows security technology