IE9’s SmartScreen Filter – Not so smart

By | May 13, 2011

Ever since the release of Internet Explorer 9, we (and other smaller sites) have been plagued by visitors who, when they attempt to download our stationery files, see a strong warning in Internet Explorer 9 about downloading and installing our files. This is worrisome. Even visitors who have been downloading our stationery for over a decade are writing and expressing their concern about the safety of our files.

We’ve changed nothing as far as the way our files are created. The problem lies with Microsoft and Internet Explorer 9’s obviously misnamed, SmartScreen filter. The SmartScreen filter is turned on by default. And there’s no doubt that Microsoft has been plagued for years by bad publicity resulting from a myriad of security flaws and vulnerabilities. These flaws and vulnerabilities not only affected (and affect) its Internet Explorer browser, but Windows itself. Microsoft’s carelessness and rush to market, as well as its popularity, has led to the infection and compromising of millions of computers.

Microsoft’s solution to these vulnerabilities and flaws (besides issuing endless patches and fixes) has been to use the approach that everything is dangerous unless it’s proven to be safe. While Apple Mac users are never confronted with UAC warnings on their desktops, Windows Vista, and to a slightly lesser degree, Windows 7 users, are confronted with annoying UAC warnings even when running programs they’ve been using for years.

It seems that Microsoft like the UAC idea so much (again showing its disregard for its users), it decided to use the same approach for its current version of Internet Explorer. And sites, like ours, who don’t have enough money to purchase so-called “security certificates” or digital signatures, are going to be hurt by the ignorance of SmartScreen.

Digital signatures prove nothing except the company that claims to have created the file actually created it. It does not, in any way, guarantee that the file is safe or is not spyware or adware or a rogue security program. Some of you may remember that one of the worst spyware programs ever unleashed on the Web – one that infected tens of millions of computers, “Hotbar” not only had a digital signature – but was a Microsoft Certified Partner.

Microsoft is not out to protect you – it’s out to protect its reputation and to contain negative publicity. If it were really interested in protecting you it would not rush products to market before they are fully tested and vetted. Google’s Chrome browser is generally regarded as the safest browser. Yet it’s also the newest browser. Its warnings are few but reliable. Google pays hackers to try to hack its products before these products are ever released to the public. Microsoft could do the same with its operating systems, its browsers and its other products – but its so secretive of its code that it wouldn’t ever make it available to hackers so they could exploit the vulnerabilities and weaknesses before products were released to the public. Microsoft’s solutions to problems are simplistic and painted with too broad a brush.

Here’s an example of Microsoft’s SmartScreen. In the example below you will see it tells users that a perfectly safe file, is “dangerous”. We know it’s a perfectly safe file because we created it.

Cloudeight InfoAve Premium

Cloudeight InfoAve Premium

Cloudeight InfoAve Premium

The file which Microsoft’s SmartScreen filter identifies as “Dangerous” contains two files – 9 HTML files (Web page) and 9 JPG files (images). The HTML files and the images make the stationery files. There’s nothing in it but those files.

When users who know us and have trusted us for years write us expressing their concern, what do you think users who have just discovered our site are going to do? You’re right: They’re going to leave and never come back. There is nothing we can do about it – Microsoft doesn’t care about the damage this kind of thing causes to small, niche sites like ours. They’re concerned about Microsoft and protecting what’s left of its reputation. If it were really concerned about the security and safety of its users, there wouldn’t be dozens of patches and fixes to close security holes in its operating system and other products. Most of the fixes and patches released are for vulnerabilities and weaknesses that should have been ferreted out before the product or product was released.

We understand that Microsoft Windows is installed on 90% of the world’s computers and they make a big target. But if the only solution they can find to the problems they themselves create by rushing products to market before they’re ready, is UAC and SmartScreen – then Microsoft has bigger problems than they know. You can already see more and more people moving to Apple. Internet Explorer’s share of the browser market has gone from 95% in 2006 to 54% in 2011 – and it continues to decline.

Chrome, Firefox, and Apple Safari all have filters for malicious content – yet none of them issue any warning when downloading our files. If you’re using Internet Explorer maybe you should consider switching to a browser that can actually tell the difference between a malicious file and a safe one. Maybe those of you who still use Internet Explorer are starting to see why Internet Explorer is losing users so quickly.

Tens of thousands of small sites like ours are being hurt by Microsoft’s SmartScreen filter. And when you factor in the number of users who rely on community-based Website-rating programs, which are growing more ubiquitous by the day, you’ll begin to see what there isn’t much chance for new sites or smaller sites like ours to survive.

We’ve called on our readers to use common sense above all – and to use software, such as antivirus and antispyware, as secondary backups to common sense. While Microsoft’s Internet Explorer’s SmartScreen tries to scare you from our safe files, it has no problem with allowing you to download the adware/spyware/hijacker “Facemoods”. Do we need to say anymore?

Cloudeight InfoAve Premium

8 thoughts on “IE9’s SmartScreen Filter – Not so smart

    1. infoave Post author

      Exactly. So what does that tell you. Our files are not safe – or AVAST’s and IE9 “safe-site” filters are not worth a thing. I bet AVAST tells you that Facemoods are safe. It’s spyware/adware/hijacker. If you don’t use common sense when surfing the web – and you continue to rely on flawed software to tell you what is safe and what is not safe – you’re in real trouble.

      AVAST is going to be removed from our recommended list next week. Three of our friends were infected while using it – and now they’ve added the “safe-surfing” “safe-web” feature, we will no longer recommend them. We will be recommending BitDefender’s free version instead – along with Avira’s free version. Avast has gone the way of WOT.

      Reply
  1. Joy

    Is there some way to shut down the “Smart Screen” function? Since downloading IE9, I have had nothing but problems with lots of things, it is pushing me toward another type of program from someone else, maybe Chrome or Fox Fire.

    Reply
    1. infoave Post author

      You can turn it off under “Tools/Options”.

      Reply
  2. Andrew

    Nothing about IE9 is smart. I can’t believe there’s a small percentage of people who use it. I’d seriously pay MS to stop making browsers.

    Reply
  3. saiba

    it is remarkable how few you guys really know of the technologies used and how much FUD you yourself post on Windows and Internet Explorer, based on assumptions and simply missing knowledge.
    You write your EXE files are marked as dangerous… where exactly? IE9 simply tells you, that those files are not well known (which is true! Only you know it yet, cause you just created it!), and that it MIGHT be harmful! And this is true! Where does it actually say your EXE file is dangerous? Nowhere! It says it MIGHT be. And this is simply true.
    And you actually did not understand the concept of UAC at all (which btw. has nothing to do with SmartScreen filter). UAC warns the user that an application requires elevated (admin) rights. What is wrong about that? If I were you, I would ask myself: why does this tool need elevated rights anyway? What does it want to cchange on my system? Do I really want that? The problem is not Microsoft, the problem are the wannabe programmers out there who do not have a clue how to properly write code for Windows, and think it is a good practice to ask for admin rights for all there applications by default. D’Oh!!!

    Reply
    1. infoave Post author

      “This file is not commonly download and might be dangerous” is foolish. The only FUD here is your Microsoft-loving FUD. There’s a reason why Apple is worth more than Microsoft — because they make things people want. This is 2012, saiba, not 1995. Wake up. Microsoft can’t figure out a real way to tell good files from dangerous ones — therefore they choose to issue a warning to users if a file is not commonly downloaded. However this does not apply to Microsoft — they exclude themselves. If they release a new program and you’re the first person who downloads it, you should get warning because it cannot be commonly downloaded if it’s brand new, however you’ll never see it. Personally, I’m sick of Microsoft’s workarounds.

      Grocery stores should put warning labels on everything that is not commonly purchased. “This ketchup isn’t commonly purchased and might be dangerous”. Good think Microsoft isn’t in the supermarket business.

      One of my logic professors once told me that I’d waste my time trying to argue with someone who is illogical. I think I just wasted about 3 minutes of my time.

      Reply
  4. John

    The smartest screen filter you can have is a informed user. Who can recognize a attempt to install malware or rogue program. What ends up happening when you add all these security features like UAC, Smart screen filter, and Active X filters. Is a frustrated user who will most likely defeat at least some of these security features because they are annoying. Many people don’t use Security Suites because they slow their PC down or be just as annoying as a Windows security feature. As much as Microsoft attempts to make these features less annoying. They don’t go far enough for most users. But here is my rub in the whole thing. Even if you attempt to turn off or defeat these Windows and IE security features. You will be nagged that they have been disabled and prompt you to re enable them. This again, leads to used to find ways to defeat these warnings. In my view I know some internet users are idiots and blindly click on almost anything. They typically complain and blame the PC and operating system as the sole reason they got malware. When in fact if they educated themselves on what not to do. They could use almost any operating system with more secure results. Its really about the user, not so much the OS or applications. Most malware today installs with the users blessing. No matter if the realize it or not.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *